View Single Post
  #3  
Old 03-25-2020, 13:40
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is offline
Family
 
Join Date: Nov 2012
Posts: 228
Rept. Given: 64
Rept. Rcvd 142 Times in 49 Posts
Thanks Given: 198
Thanks Rcvd at 282 Times in 97 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
Quote:
Originally Posted by h4sh3m View Post
Hi

it's good idea but as you know function indexes is changing in every revisions so you need to have an table and select valid index(0x55 in this case) based on os revision id or get correct value at runtime !



BR,
h4sh3m
Hello

Yes, Exactly.

These links includes all tables based on windows version and their revisions .

Code:
https://github.com/tinysec/windows-syscall-table
https://github.com/j00ru/windows-syscalls
Reply With Quote
The Following User Says Thank You to Mahmoudnia For This Useful Post:
niculaita (03-27-2020)