View Single Post
  #3  
Old 03-25-2020, 13:40
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is offline
Family
 
Join Date: Nov 2012
Location: Iran
Posts: 208
Rept. Given: 62
Rept. Rcvd 138 Times in 46 Posts
Thanks Given: 132
Thanks Rcvd at 181 Times in 85 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
Quote:
Originally Posted by h4sh3m View Post
Hi

it's good idea but as you know function indexes is changing in every revisions so you need to have an table and select valid index(0x55 in this case) based on os revision id or get correct value at runtime !



BR,
h4sh3m
Hello

Yes, Exactly.

These links includes all tables based on windows version and their revisions .

Code:
https://github.com/tinysec/windows-syscall-table
https://github.com/j00ru/windows-syscalls
__________________
All about software security references
https://t.me/securebyte
Reply With Quote
The Following User Says Thank You to Mahmoudnia For This Useful Post:
niculaita (03-27-2020)