如何区分ssdt hook和inline hook钩子

[{"title":"（ 8 个子文件 4KB ） 如何区分ssdt hook和inline hook钩子","children":[{"title":"inline HOOK和SSDT HOOK各自有啥特性的哦-_百度知道.url <span style='color:#111;'> 74B </span>","children":null,"spread":false},{"title":"HOOK钩子技术5 SSDT Inline Hook_Catch me if you can-CSDN博客.url <span style='color:#111;'> 81B </span>","children":null,"spread":false},{"title":"2 inline hook","children":[{"title":"内联钩子的原理在R3和R0下是相同的，就是不改变SSDT表项，而是改变函数内部前几条指令.txt <span style='color:#111;'> 0B </span>","children":null,"spread":false},{"title":"Inline Hook可以说是给内核API先生动了手术，让他成为我们阵营的一分子.txt <span style='color:#111;'> 0B </span>","children":null,"spread":false},{"title":"inline hook 是直接bai在以前的函数替里面du修改指令，用zhi一个跳转或者其他指令来dao达到挂zhuan钩的目的.txt <span style='color:#111;'> 0B </span>","children":null,"spread":false}],"spread":true},{"title":"1 ssdt hook","children":[{"title":"SSDT Hook只是把某位内核API先生绑架，然后用我们的“自己人”来接管其工作.txt <span style='color:#111;'> 0B </span>","children":null,"spread":false},{"title":"ssdt是利bai用api来挂钩的，相当于替换API，用ICESword可以很简单的判断出来.txt <span style='color:#111;'> 0B </span>","children":null,"spread":false}],"spread":true},{"title":"HOOK SSDT(inline hook)_游戏逆向的博客-CSDN博客.url <span style='color:#111;'> 85B </span>","children":null,"spread":false}],"spread":true}]