• Copy Function via using assembly

• Just directly syscalling ZwProtectVirtualMemory instead of calling the export to syscall in ntdll.dll.

• it can't not be hooked by anything except the Hooking man in kernelland

• This example is for x86.

1. Check masm Compile option.
2. make a .asm file on project
3. code on .asm file
4. Profit

me (Ekdms95) and I will give some credit for sexyyume