Hi all
I want to add support for dynamic function
searching for my driver. Since Win2000, there is a function
MmGetSystemRoutineAddress. In WinNT, I have to
find the address using parsing the image.
Here comes the fun - how to get the base address of
NTOSKRNL.exe under Windows NT ?
L.
Nebbett shows a way for that in his
book:
http://search.barnesandnoble.com/booksearch/isbnInquiry.asp?isbn=1578701996&itm=5
I was sure there was a link to the downloadable resources from the book, but
I couldn’t find it anymore.
Oliver
Hi all
I want to add support for dynamic function
searching for my driver. Since Win2000, there is a function
MmGetSystemRoutineAddress. In WinNT, I have to
find the address using parsing the image.Here comes the fun - how to get the base address of
NTOSKRNL.exe under Windows NT ?L.
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17You are currently subscribed to ntfsd as: xxxxx@gmxpro.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
> Here comes the fun - how to get the base address of
NTOSKRNL.exe under Windows NT ?
ZwQuerySystemInformation.
Note that the name can be also NTKRNLPA.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
Actually, with /KERNEL on boot.ini the name can be any 8.3 name.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
“Maxim S. Shatskih” wrote in message
news:xxxxx@ntfsd…
> > Here comes the fun - how to get the base address of
> > NTOSKRNL.exe under Windows NT ?
>
> ZwQuerySystemInformation.
>
> Note that the name can be also NTKRNLPA.
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
Thank you all,
L.
> Actually, with /KERNEL on boot.ini the name can be any 8.3 name.
Yes, it will be the best to take address of some NT kernel
API function and search a module with the range [base, base+size]
will contain the address. Anyway, it is faster that to search
a module with certain name.
L.