flat assembler
Message board for the users of flat assembler.
Index
> Windows > NtQuerySystemInformation fails |
Author |
|
zhak 04 Apr 2017, 10:00
You use 32-bit calling convention in 64-bit mode. See https://msdn.microsoft.com/en-us/library/ms235286.aspx
|
|||
04 Apr 2017, 10:00 |
|
Apolo 04 Apr 2017, 17:00
NO! NtQuerySystemInformation continue with the 0FFFFFFFF80000002h error even if I Set:
mov r9,0 mov r8, 290820 lea rdx, [NTKRNL] mov rcx, 11 call [NtQuerySystemInformationClass] What should I do?? |
|||
04 Apr 2017, 17:00 |
|
zhak 04 Apr 2017, 19:34
Another issue, you forgot shadow stack.
But that won't change anything 0x80000002 is STATUS_DATATYPE_MISALIGNMENT exception. -- most probably your buffer size is wrong (is it win version specific& IDK) NtQuerySystemInformation does a syscall Code: mov r10, rcx mov eax, 0x33 syscall ret Who knows what it does there, I don't have kernel-level debugger at hand. Try SLGetWindowsInformation function instead as MSDN suggests. -- https://msdn.microsoft.com/en-us/library/windows/desktop/aa965834(v=vs.85).aspx |
|||
04 Apr 2017, 19:34 |
|
Apolo 06 Apr 2017, 12:51
What is teh size of buffer of windows 8 64-bit and windows 7 32-bit and windows XP?
|
|||
06 Apr 2017, 12:51 |
|
jochenvnltn 08 Apr 2017, 10:49
Can you post more of your code ? In the example you posted you can't even see if its x64.
Need to see more of the code to spot the error. |
|||
08 Apr 2017, 10:49 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.