Hi,
I tried the objdir_v14 by osr
but I am trying to explore how it is implemented.
also wondering how to implement in kernel.
I see the NT api NtOpenDirectoryObject & NtQueryDirectoryObject
but in kernel ( window 7 ) MmGetSystemRoutineAddress returns NULL ,
is there any other way to list the object names
Thanks,
Maneesh
Try the Zw variants of these functions.
Peter
Thanks Peter ,
Zw would work in kernel, I missed it.
but objdir_v14 usermode exe , is it also calling Zw function ? is that safe ?
or is there any common centralized function that would be called by both NT and Zw version internally ?
but objdir_v14 usermode exe
I don’t know what that is or what you mean by that. But…
I do know that in user-mode you can call ZwXxxx or NtXxxx and it resolves to the exact same entry point in NTDLL. There’s a 20 year old article (that is somewhat mangled in terms of fonts) that you might find helpful/useful in understand the architecture involved.
is there any common centralized function that would be called by both NT and Zw version internally
“Internally” there is no lower-level routine than the Ntxxx functions (these are the actual names of the functions in the Windows Executive that implement these system services).
Thanks Peter,
the article is great !
this helps a lot . 