flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Windows > Finding ntdll in kernel land

Author
Thread Post new topic Reply to topic
Apolo



Joined: 18 Mar 2017
Posts: 23
Finding ntdll in kernel land
How to find ntdll base address in kernel mode?
Post 24 Mar 2017, 07:13
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15233
Location: 1I/╩╗Oumuamua
You can link to it in your code and use the linked addresses. This is the same for any DLL in user or kernel space.

Another way is the standard GetProcAddress/LoadLibrary APIs.
Post 24 Mar 2017, 08:47
View user's profile Send private message Visit poster's website Reply with quote
Apolo



Joined: 18 Mar 2017
Posts: 23
No! I want to get the ntdll base with the PEB structure in kernel land. How to access PEB structure in kernel land with the GS register?
Post 24 Mar 2017, 09:22
View user's profile Send private message Reply with quote
Apolo



Joined: 18 Mar 2017
Posts: 23
I wait with impatience for your answer.
Post 24 Mar 2017, 19:13
View user's profile Send private message Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 479
Location: Belarus
Why don't you use search on the Internet? There's plenty of information there. Here, could be a starting point for you https://sites.google.com/site/x64lab/home/notes-on-x64-windows-gui-programming/exploring-peb-process-environment-block
Post 24 Mar 2017, 20:56
View user's profile Send private message Reply with quote
Apolo



Joined: 18 Mar 2017
Posts: 23
I already search on google but I can't found how access PEB from kernel mode. The article above is to access PEB from user mode not ftom kernel mode. How to access EPROCESS to access PEB in EPROCESS with the GS register?
Post 25 Mar 2017, 04:23
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1110
Location: Russian Federation
Ask on osronline.com
Post 26 Mar 2017, 05:33
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 861
Apolo, no reason to get so mad at people. Most of us haven't done kernel or that kind of low level programming, so we don't know. I think this section is for userspace to begin with Confused
Post 26 Mar 2017, 12:36
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2016, Tomasz Grysztar.