Search found 209 matches

by Brock
Tue Jan 15, 2019 1:42 pm
Forum: Newbie Questions
Topic: [C] HTTP-Downloader
Replies: 4
Views: 302

Re: [C] HTTP-Downloader

by Brock
Sun Jan 13, 2019 12:14 am
Forum: Newbie Questions
Topic: [C] HTTP-Downloader
Replies: 4
Views: 302

Re: [C] HTTP-Downloader

Took a quick peek at the code, don't forget to close thread and process handles upon successful call returns. Only mentioning this because you mentioned the word "clean" twice and these are resource leaks. Download.cpp download_thread() ---> CloseHandle(pInfo->hThread); CloseHandle(pInfo->hProcess);...
by Brock
Wed Jan 02, 2019 12:45 am
Forum: Kernel-Mode Development
Topic: Read Unknown Kernel Address In A Safe Way
Replies: 2
Views: 498

Re: Read Unknown Kernel Address In A Safe Way

These methods as well as many others have been shared on this forum for some time now but for those less informed your examples may be informative, so thanks for this. As of 8.1 MmCopyMemory() is imho the best choice because it was designed to do exactly this and performs the underlying PTE validati...
by Brock
Sat Dec 29, 2018 9:53 pm
Forum: Tools/Software
Topic: Making ReactOS Great Again*, Part 1
Replies: 8
Views: 6498

Re: Making ReactOS Great Again*, Part 1

Nice write-up, EP_X0FF.

#16 (NtUserCreateAcceleratorTable) was my favorite faux pas
2pzz26.jpg
by Brock
Sun Aug 12, 2018 4:30 pm
Forum: Kernel-Mode Development
Topic: Hooking the offical way?
Replies: 8
Views: 5040

Re: Hooking the offical way?

Originally you posted this regardless of the Kernel Mode Development section of the forum I've got a question on how to be able to hook various WinAPI functions like VirtualQuery and be able to see the parameters being passed to a certain process Your question, I assumed after your mentioning of a u...
by Brock
Thu Aug 09, 2018 11:25 pm
Forum: Kernel-Mode Development
Topic: Hooking the offical way?
Replies: 8
Views: 5040

Re: Hooking the offical way?

Should have mentioned previously that v4.0.1 is now open source and supports both x86 and x64 and will work with all NT-based operating systems. Years ago this wasn't the case, the source for licensing v4.0 was (iirc) $10,000 USD

https://github.com/Microsoft/Detours
by Brock
Thu Aug 09, 2018 5:01 pm
Forum: Kernel-Mode Development
Topic: Hooking the offical way?
Replies: 8
Views: 5040

Re: Hooking the offical way?

You can inject a DLL into your target process(es) and use Microsoft Detours hooking engine if you don't want to use 3rd party hooking engines. However, there really isn't any "official" method, Detours just happens to be Microsoft's own hooking solution for various tasks over the years.
by Brock
Sun Jul 15, 2018 6:31 pm
Forum: Kernel-Mode Development
Topic: Design Question
Replies: 1
Views: 1768

Re: Design Question

Take a look at the Inverted Call Model. Instead of your usermode application using DeviceIoControl with a supplied IOCTL to the driver the driver queues event info to the usermode application, hence the name Inverted.
by Brock
Tue Jul 03, 2018 10:47 pm
Forum: User-Mode Development
Topic: Process Doppelganging
Replies: 7
Views: 15306

Re: Process Doppelganging

Interesting. Thanks for sharing Vrtule