How could I dump EHSVC on a 64 bit system? I can't find any working programs. Help would be really appreciated.
Printable View
How could I dump EHSVC on a 64 bit system? I can't find any working programs. Help would be really appreciated.
u will need an ring0 debugger because the HShield driver(on x64 systems, and the newest version of HShield driver is meant) hooks the kernel directly(as i know) and so u need to use ring0 debugger, to jump or whatever else u want, to avoid hooking the kernel.
after this u could use ollydbg and dump ehsvc and so on..