#1
|
||||
|
||||
[C++] Windows SysCall - NtCreateFile
Windows SysCall - NtCreateFile
main.cpp Code:
#include Code:
#pragma once #include |
#2
|
|||
|
|||
Hi
it's good idea but as you know function indexes is changing in every revisions so you need to have an table and select valid index(0x55 in this case) based on os revision id or get correct value at runtime ! BR, h4sh3m |
The Following User Says Thank You to h4sh3m For This Useful Post: | ||
niculaita (03-27-2020) |
#3
|
||||
|
||||
Quote:
Yes, Exactly. These links includes all tables based on windows version and their revisions . Code:
https://github.com/tinysec/windows-syscall-table https://github.com/j00ru/windows-syscalls |
The Following User Says Thank You to Mahmoudnia For This Useful Post: | ||
niculaita (03-27-2020) |
#4
|
|||
|
|||
Thanks Bro
Can you help me for do this in Delphi? |
#5
|
|||
|
|||
Sample for NtClose in delphi(x86 api), before testing check function index in your system and replace it in array(in my system index value is $0C).
Code:
program Project1; {$APPTYPE CONSOLE} uses Windows; var Nt_xyz{NtClose} : function(a1 : THandle) : DWORD; Stdcall; Nt_xyz_Bytes : array[0..23] of Byte = ($B8, $0C, $00, $00, $00, $33, $C9, $8D, $54, $24, $04, $64, $FF, $15, $C0, $00, $00, $00, $83, $C4, $04, $C2, $04, $00); w : DWORD; hndl : THandle; begin if not(VirtualProtect(@Nt_xyz_Bytes[0], High(Nt_xyz_Bytes), PAGE_EXECUTE, w)) then exit; FlushInstructionCache(GetCurrentProcess(), @Nt_xyz_Bytes[0], High(Nt_xyz_Bytes)); @Nt_xyz := @Nt_xyz_Bytes[0]; hndl := OpenProcess(PROCESS_VM_READ{PROCESS_ALL_ACCESS}, False, GetCurrentProcessId); if hndl <> 0 then Nt_xyz(hndl); //CloseHandle(hndl); end. |
#6
|
||||
|
||||
hFiref0x and I solve sysindex problem many many years ago, example:
https://github.com/Fyyre/directntapi...ster/usage.txt
__________________
Best Wishes, Fyyre -- https://github.com/Fyyre |
The Following 4 Users Say Thank You to Fyyre For This Useful Post: | ||
Mahmoudnia (04-14-2020), morgot (04-08-2020), nimaarek (04-08-2020), SinaDiR (04-11-2020) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
C# (Classic .exe, Windows 10, Windows Phone etc.) Protection | delidolunet | General Discussion | 7 | 10-11-2016 01:10 |
(Q) .NET App Source Code Protection (Silverlight, Windows Phone, Windows 8) | delidolunet | General Discussion | 7 | 08-02-2013 10:33 |
Windows 2000 and Windows nt 4 sources, question | shady | General Discussion | 2 | 04-15-2004 04:17 |