This chapter will guide you through the creation of a user-level process hook. By hooking the functions within a process, a rootkit can alter the operations of that process. This provides another convenient mechanism for control, monitoring, filtering, and concealment.
This chapter includes the following:
Basic process injection
More on ZwMapViewOfSection
User-level function declarations
The trampoline hooking technique
A basic example of process injection