View Single Post
  #3  
Old 03-25-2020, 13:40
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is offline
Family
 
Join Date: Nov 2012
Location: Iran
Posts: 204
Rept. Given: 62
Rept. Rcvd 137 Times in 45 Posts
Thanks Given: 126
Thanks Rcvd at 174 Times in 82 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
Quote:
Originally Posted by h4sh3m View Post
Hi

it's good idea but as you know function indexes is changing in every revisions so you need to have an table and select valid index(0x55 in this case) based on os revision id or get correct value at runtime !



BR,
h4sh3m
Hello

Yes, Exactly.

These links includes all tables based on windows version and their revisions .

Code:
https://github.com/tinysec/windows-syscall-table
https://github.com/j00ru/windows-syscalls
__________________
All about software security references
https://t.me/securebyte
Reply With Quote
The Following User Says Thank You to Mahmoudnia For This Useful Post:
niculaita (03-27-2020)