添加 Win11 24H2 测试效果图

zhutingxf · zhutingxf · commit 9b3872971c35 · 2024-10-07T19:14:01.000+08:00
添加 Win11 24H2 测试效果图
diff --git a/InfinityHookPro/hook.cpp b/InfinityHookPro/hook.cpp
@@ -106,7 +106,7 @@ namespace KHook
                 // ��ʼ���ҵ�ǰջ�е�ssdt����
                 for (void** pStackCurrent = pStackMax; pStackCurrent > pStackFrame; --pStackCurrent)
                 {
-                        /*
+                        /*     ���� PerfInfoLogSysCallEntry����
                                 Win11 23606 ��ǰ ջ��ssdt��������, �ֱ���
                                 mov r9d, 0F33h
                                 mov [rsp+48h+var_20], 501802h
@@ -630,14 +630,14 @@ namespace KHook
                         }
                         else
                         {
-                                
+
                                 UNICODE_STRING usObDereferenceObject = RTL_CONSTANT_STRING(L"ObDereferenceObject");
                                 ObDereferenceObjectPtr fnObDereferenceObject = (ObDereferenceObjectPtr)MmGetSystemRoutineAddress(&usObDereferenceObject);
                                 if (fnObDereferenceObject)
                                 {
                                         fnObDereferenceObject(m_DetectThreadObject);
                                 }
-                                else 
+                                else
                                 {
                                         DbgPrintEx(0, 0, "[%s] Can't Find ObDereferenceObject or ObfDereferenceObject \n", __FUNCTION__);
                                 }
diff --git a/README.md b/README.md
@@ -11,6 +11,7 @@ InfinityHook 支持Win7 到 Win11 最新版本，虚拟机环境及物理机环
 * Windows 11 22621 物理机上测试了 24 小时未触发
 * Windows 11 22631 物理机上测试了 48 小时未触发
 * Windows 11 26016 预览版 物理机上测试了 48 小时未触发
+* Windows 11 24H2  物理机上测试了 48 小时未触发
 
 **PS** 
 
@@ -91,4 +92,9 @@ InfinityHook 支持Win7 到 Win11 最新版本，虚拟机环境及物理机环
 	</p>
 	Win11 26016
 	<img src="ScreenShot\Win11_26016.jpg" alt="Win11 26016"/>
+	<p>
+		&nbsp;
+	</p>
+	Win11 24H2
+	<img src="ScreenShot\Win11_24H2.png" alt="Win11 24H2"/>
 </h4>
diff --git a/ScreenShot/Win11_24H2.png b/ScreenShot/Win11_24H2.png

Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ namespace KHook`
`106`	`106`	`// 开始查找当前栈中的ssdt调用`
`107`	`107`	`for (void** pStackCurrent = pStackMax; pStackCurrent > pStackFrame; --pStackCurrent)`
`108`	`108`	`{`
`109`		`- /*`
	`109`	`+ /* 函数 PerfInfoLogSysCallEntry逆向`
`110`	`110`	`Win11 23606 以前栈中ssdt调用特征, 分别是`
`111`	`111`	`mov r9d, 0F33h`
`112`	`112`	`mov [rsp+48h+var_20], 501802h`
`@@ -630,14 +630,14 @@ namespace KHook`
`630`	`630`	`}`
`631`	`631`	`else`
`632`	`632`	`{`
`633`		`-`
	`633`	`+`
`634`	`634`	`UNICODE_STRING usObDereferenceObject = RTL_CONSTANT_STRING(L"ObDereferenceObject");`
`635`	`635`	`ObDereferenceObjectPtr fnObDereferenceObject = (ObDereferenceObjectPtr)MmGetSystemRoutineAddress(&usObDereferenceObject);`
`636`	`636`	`if (fnObDereferenceObject)`
`637`	`637`	`{`
`638`	`638`	`fnObDereferenceObject(m_DetectThreadObject);`
`639`	`639`	`}`
`640`		`- else`
	`640`	`+ else`
`641`	`641`	`{`
`642`	`642`	`DbgPrintEx(0, 0, "[%s] Can't Find ObDereferenceObject or ObfDereferenceObject \n", __FUNCTION__);`
`643`	`643`	`}`