|
taos, effectively deepeer look revealed those strange things..any glue why?
I were also thinking a way to overcome the problem raised by the first post of this thread: how can I access that structure in a given process so as to proper values?
I mean, it's easily possible to patch the ZwQueryObject to return a null buffer and a null lenght, but it's not elegant. For example to avoid IsDebuggerPresent and similar checks, the most elegant way was to access the PEB block and change some values instead of patching the API.
Is such approach still doable with the OBJECT_ALL_TYPES_INFORMATION structure, where it is stored in a process?
I did some tests but were not able to find it or to find some specifications around.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
|