Skip to main content

check_inline_hooks

memf_linux::check_hooks

Function check_inline_hooks 

Source 
pub fn check_inline_hooks<P: PhysicalMemoryProvider>(
    reader: &ObjectReader<P>,
) -> Result<Vec<KernelHookInfo>>
Expand description

Check key kernel functions for inline hooks.

Reads the first [PROLOGUE_SIZE] bytes of each function in [FUNCTIONS_TO_CHECK] and looks for JMP/CALL trampoline patterns.