Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Invoking Win32k syscalls from kernel space
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-05-2022, 17:42
DavidXanatos DavidXanatos is offline
Family
  
Join Date: Jun 2018
Posts: 183
Rept. Given: 3
Rept. Rcvd 47 Times in 33 Posts
Thanks Given: 59
Thanks Rcvd at 363 Times in 120 Posts
DavidXanatos Reputation: 47
I have created a other test, where with a global variable i can toggle between the c and the asm version thats how it looks in code
Code:
.text:000000014001C66A                 mov     eax, cs:g_test
.text:000000014001C670                 mov     rcx, [rcx+18h]
.text:000000014001C674                 test    eax, eax
.text:000000014001C676                 jnz     Sbie_InvokeSyscall5_asm
.text:000000014001C67C                 jmp     Sbie_InvokeSyscall5
The dispatch function is compiled with optimization and as it does not need local variables the compiler optimized the calls away.
I checked again that Sbie_InvokeSyscall5_asm and Sbie_InvokeSyscall5 are binary same, and they are.
Still toggling the variable breaks 32 bit apps.

At this point its just wired, I mean the "calling" convention is the same and the functions are the same yet the result is not, WTF :/
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
C++ helper Class to make Syscalls Aesculapius Source Code 0 05-26-2019 23:37
Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code sh3dow Source Code 0 05-12-2016 03:15


All times are GMT +8. The time now is 08:00.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )