Future steps - Pointers Functions to Windows Native Api

[vicboma1]

https://social.technet.microsoft.com/wiki/contents/articles/11831.the-windows-native-api.aspx

[vicboma1]

Yeah! I am hooking some functions with the API Native If I hook NTxxx routine, sometimes returns the STATUS_ACCESS_VIOLATION, but with ZWXXX access its works!!

I Recommend this paper about PreviousMode ->https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/previousmode?redirectedfrom=MSDN