flat assembler
Message board for the users of flat assembler.

Index > Windows > function address of SendInput?

Author
Thread Post new topic Reply to topic
randomdude



Joined: 01 Jun 2012
Posts: 83
randomdude
i can see in user32.dll:

Code:
SendInput proc near

cInputs= dword ptr  4
pInputs= dword ptr  8
cbSize= dword ptr  0Ch

mov     eax, 1218h
mov     edx, 7FFE0300h
call    dword ptr [edx]
retn    0Ch
SendInput endp    


where 7FFE0300h is KiFastSystemCall and eax the index to call, but how can i get the real address of SendInput?
Post 22 Dec 2013, 11:27
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17450
Location: In your JS exploiting you and your system
revolution
You will probably have to use a kernel debugger if you want to follow the call.

Although I can't see what use there would be to finding the address.
Post 22 Dec 2013, 11:46
View user's profile Send private message Visit poster's website Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
randomdude,

Do you mean kernel-mode address? Look up SSDT entry 0x218 (_NtUserSendInput@12 in Win7 Win32K.Sys).


Last edited by baldr on 22 Dec 2013, 11:56; edited 1 time in total
Post 22 Dec 2013, 11:54
View user's profile Send private message Reply with quote
randomdude



Joined: 01 Jun 2012
Posts: 83
randomdude
thanks for the fast answer

SendInput is hooked by some game anticheat, so i need to copy the whole function into my code. i tried with just the code above but didnt work

edit:

thx baldr, but i cant find any reference to sendinput in win32k.sys :S

http://s000.tinyupload.com/index.php?file_id=35041413611172343700
Post 22 Dec 2013, 11:55
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.