flat assembler
Message board for the users of flat assembler.
Index
> Windows > Finding ntdll in kernel land |
Author |
|
Apolo 24 Mar 2017, 07:13
How to find ntdll base address in kernel mode?
|
|||
24 Mar 2017, 07:13 |
|
Apolo 24 Mar 2017, 09:22
No! I want to get the ntdll base with the PEB structure in kernel land. How to access PEB structure in kernel land with the GS register?
|
|||
24 Mar 2017, 09:22 |
|
Apolo 24 Mar 2017, 19:13
I wait with impatience for your answer.
|
|||
24 Mar 2017, 19:13 |
|
zhak 24 Mar 2017, 20:56
Why don't you use search on the Internet? There's plenty of information there. Here, could be a starting point for you https://sites.google.com/site/x64lab/home/notes-on-x64-windows-gui-programming/exploring-peb-process-environment-block
|
|||
24 Mar 2017, 20:56 |
|
Apolo 25 Mar 2017, 04:23
I already search on google but I can't found how access PEB from kernel mode. The article above is to access PEB from user mode not ftom kernel mode. How to access EPROCESS to access PEB in EPROCESS with the GS register?
|
|||
25 Mar 2017, 04:23 |
|
comrade 26 Mar 2017, 05:33
Ask on osronline.com
|
|||
26 Mar 2017, 05:33 |
|
Furs 26 Mar 2017, 12:36
Apolo, no reason to get so mad at people. Most of us haven't done kernel or that kind of low level programming, so we don't know. I think this section is for userspace to begin with
|
|||
26 Mar 2017, 12:36 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.