flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Windows > Getting Kernel Base and GetProcAddress

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
Nameless



Joined: 30 Apr 2010
Posts: 95
Nameless 25 Sep 2010, 19:33
nope, all good, ty Very Happy
Post 25 Sep 2010, 19:33
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 25 Sep 2010, 21:17
baldr wrote:
Does WinNT.H from MS VS 2008 qualify as "officially documented"? Windows Research Kernel probably don't. Wink
No, not 100% - it needs to be in the MSDN/PlatformSDK documentation. Stuff in a public .h file ought to serve as a code contract, but it doesn't - especially not with some of the older C stuff Smile

_________________
Image - carpe noctem
Post 25 Sep 2010, 21:17
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20513
Location: In your JS exploiting you and your system
revolution 25 Sep 2010, 23:51
Nameless wrote:
ok, and how did u find that out? what document do i need to know this things?
Well that is the point actually. Undocumented stuff is not in any document that we can rely upon. That is why we call it undocumented. You take your life in your hands when you use undocumented things. Sure, they work, usually. But, as you have discovered in the first post, they can also easily break later.

The existence of the segment registers is documented in the Intel/AMD manuals. But the runtime contents of the segment registers is not documented by MS, so you have to guess and pray your code will still work after the next service pack installation.
Post 25 Sep 2010, 23:51
View user's profile Send private message Visit poster's website Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 26 Sep 2010, 07:16
f0dder wrote:
No, not 100% - it needs to be in the MSDN/PlatformSDK documentation. Stuff in a public .h file ought to serve as a code contract, but it doesn't - especially not with some of the older C stuff Smile
I can't completely agree: there is function-like macro GetCurrentFiber(), published in MSDN/PSDK, that uses undocumented NtCurrentTeb() and NT_TIB, particularly .FiberData field. Moreover, NtCurrentTeb() uses fixed offset in fs segment, 0x18, to retrieve .Self field contents, quite a surprise. Therefore any program that uses GetCurrentFiber() expects Windows to retain at least two fields at their offsets in NT_TIB. Wink
Post 26 Sep 2010, 07:16
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.