Quote:
Originally Posted by h4sh3m
Hi
it's good idea but as you know function indexes is changing in every revisions so you need to have an table and select valid index(0x55 in this case) based on os revision id or get correct value at runtime !
BR,
h4sh3m
|
Hello
Yes, Exactly.
These links includes all tables based on windows version and their revisions .
Code:
https://github.com/tinysec/windows-syscall-table
https://github.com/j00ru/windows-syscalls