I have a driver that the goal is restores all apis hooked by any r,o,o,t,,k,i,t
in ssdt and ssdt shadow table. My driver works fine from Windows Server until
Windows 8 ( all 32 bits ). Already on Windows 8.1 and Windows 10 ( 32 bits respectivally ), i have these two problems relationed to shadow table, that are:
1 - On Windows 8.1 the original entries are diferent (comparing with PC Hunter antirootkit software) like showed on image attached.
2 - On Windows 10 the address of shadow table not can be found using current function present on my project.
I need of a experient professional with system driver and large knowledge
about api hooking mainly with hooking relationed to Windows kernel.
Then, i hope can found here someone able to update this project.