Hooking

2026.06.05 Writing an x64 Inline Hook by Hand (Without Reaching for MinHook)
How x64 inline hooks actually work, when to use a 5-byte relative jump versus a 14-byte absolute trampoline, why displaced instructions break when you copy them naively, …
windows reversing hooking internals malware
2026.03.22 [Hypervisor Part 3] Making Your Kernel Hook Invisible with EPT Shadow Pages
EPT shadow page hooks split a physical page into two views — one seen by reads (original bytes), one executed (hooked bytes). Integrity scanners see clean code. The CPU …
windows kernel hypervisor evasion hooking