During the last few weeks I was busy exploring the internal working of Handles under Windows , by disassembling and decompiling certain kernel (ntoskrnl.exe) functions under my Windows 7 32-bit machine.In the current time I am preparing a paper to describe and explain what I learned about Handles. But today I’m here to discuss an interesting function pointer hook that I found while decompiling and exploring the ObpCloseHandleEntry function.
more here..............http://rce4fun.blogspot.com/2014/07/okaytocloseprocedure-callback-kernel_9.html
more here..............http://rce4fun.blogspot.com/2014/07/okaytocloseprocedure-callback-kernel_9.html