Kernel mode hooking doesnt recognise processes...

Dec 3, 2009 at 12:51 PM

Hi all ,

This is to with kernel mode hooking- I have setup ACL so it hooks all processes ( global exclusive empty and local exclusive empty). With this setup it doesnt recognise certain processes like the mysql deamon on my PC ( my-sqld-nt.exe). I have hooked ntcreatefile and ntopenfile, the hooked version gets called when say internet explorer is started , but not when mysql calls these function ( i have verified that mysql is calling these functions when a table is created , by hooking the SSDT directly).

 

Why is this occuring ?

 

BR

Niladri