syscall-hook is a simple driver that hooks system calls using microsofts tracing implementation. the following project is hvci & patchguard compliant.
the magic relies all on KiTrackSystemCallEntry.
if ((KiDynamicTraceMask & 1)) {
v55 = v26;
v56 = v27;
v57 = a3;
v58 = a4;
v59 = (__int64 (__fastcall *)(void *, __int64__int64, __int64))v34;
v67 = KiTrackSystemCallEntry((__int64)v34,(__int64)v55, 4, (__int64)&v65);
v53 = v59(v55, v56, v57, v58);
v22 = KiTrackSystemCallExit(v67, v53);
}it works, it works and it works. patchguard won't mess with you nor hvci. if you say it does u have already lost the post. son im crine
@KeServiceDescriptorTable