Thread: Get real address of api not nt version
View Single Post
  #1  
Old 05-20-2018, 15:12
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is offline
Family
  
Join Date: Nov 2012
Posts: 239
Rept. Given: 64
Rept. Rcvd 145 Times in 50 Posts
Thanks Given: 210
Thanks Rcvd at 329 Times in 106 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
Get real address of api not nt version
Hello guys

As far as I searched, Microsoft decided to redirect api's to nt version from windows 8. Please correct me if it's wrong.

For example if I use GetProcAddress(user32.dll, ShowWindow) the returned address is NtUserShowWindow even using GetProcAddress or LoadLibrary replacement custom code or GetModuleHandle.

https://imgur.com/a/Dkw6O43

So, How can I get the real address of ShowWindow bytes in memory not nt version of this api.

Thank you.
Reply With Quote
The Following User Says Thank You to Mahmoudnia For This Useful Post:
sh3dow (06-17-2018)