看雪学院Rootkit学习，1.内核Hook:对于hook，从ring3有很多，ring3到ring0也有很多，根据api调用环节递进的顺序，在每一个环节都有hook的机会，可以有int 2e或者sysenter hook，ssdt hook，inline hook ，irp hook，object hook，idt hook-See snow Institute Rootkit learning, kernel Hook: hook from ring3 many, ring3 to ring0 also the api call progressive order, every link has the opportunity to hook int 2e or sysenter. hook, ssdt hook, inline hook, irp hook, object hook, idt hook, etc.