In this blog post the call reference to the function _vnode_pagein in the function _ps_read_file will be modified to show a call reference modification and and a Volatility Framework plugin to detect this type of hooking will be presented.
Showing posts with label call reference. Show all posts
Showing posts with label call reference. Show all posts
Saturday, November 15, 2014
Finding Call Reference Hooks in Mac Memory
In this blog post the call reference to the function _vnode_pagein in the function _ps_read_file will be modified to show a call reference modification and and a Volatility Framework plugin to detect this type of hooking will be presented.
Subscribe to:
Posts (Atom)