G'day all,
Unfortunatelly I couldn't run the whole ssdt hook probing test as it takes for ages. I needed my computer. Anyway, I'll post the result of the first 17 hooks's test. There is still another 11..Maybe I should had concentrate only on hooks made by cfp. So far all hooks passed the test, although when I woke up this morning (ok noon:P) My computer wasn't normal. Cfp was not running due to some cfpres.dll error, I couldn't open task manager or whatever program that needed a dll to run. Rundll process reported some error. Btw I left my computer at night with cfp's firewall set to block all, and this protection was still alive today, just the gui was not running.
the result (part1) is attached:
Due to the nature of that test your results should be fine. Minor software malfunction are more likely to occur if you installed more than one security software (or other complex utility) on the machine.
But no BSOD occurred so the test was passed succesfully.
I'm not skilled enough to tell if any minor glitches could be considered troublesome. But I guess that no sideeffects at all would still be a desirable result.
I tested five relases of CFP against Bsodhooks running a this test on a pc without any other hooking software installed passed all tests without any sideeffect.
Hooking is an undocumented way to handle crucial system functions with higer privileges. When more than one software is asking for such privileged access some troubles could arise.
That's why microsoft released a new set of functions in Vista SP1 to address the needs of many security developers.
We can expect that once such technology will be more mature those compatibility issues will occurr less frequently.
Author