Search found 4213 matches

by EP_X0FF
Wed Apr 18, 2018 7:29 am
Forum: Kernel-Mode Development
Topic: c - How implement a realloc function in kernel mode?
Replies: 6
Views: 263

Re: c - How implement a realloc function in kernel mode?

This code with small modifications copy-pasted from stackoverflow. What is the point in this? Vrtule already gave you code for "realloc". Ex*** memory pool manager does not have this function. You either implement it yourself (which you are unable to do no matter what you copy-paste), or you clarify...
by EP_X0FF
Mon Apr 16, 2018 3:20 am
Forum: Kernel-Mode Development
Topic: ArrayList: trouble with a custom IndexOf() routine
Replies: 6
Views: 280

Re: ArrayList: trouble with a custom IndexOf() routine

You can't manage basic level programming tasks with pointer list and want to write a driver. Please stop here.
by EP_X0FF
Fri Apr 13, 2018 3:38 am
Forum: Kernel-Mode Development
Topic: ArrayList: trouble with a custom IndexOf() routine
Replies: 6
Views: 280

Re: ArrayList: trouble with a custom IndexOf() routine

Have you really read and understand my previous reply?

All your code is broken and unworkable by design.
by EP_X0FF
Wed Apr 04, 2018 5:23 pm
Forum: Kernel-Mode Development
Topic: ZwQueryInformationFile: 0xC0000024 STATUS_OBJECT_TYPE_MISMATCH
Replies: 9
Views: 567

Re: ZwQueryInformationFile: 0xC0000024 STATUS_OBJECT_TYPE_MISMATCH

And why you even ask this question? The answer is obvious from your own code and title. In this again copy-pasted from somewhere code clearly visible that: 1) It maintains list of handles by calling ZwQuerySystemInformation(...ExtendedHandles...) 2) It loops through this list and calls your routine ...
by EP_X0FF
Mon Apr 02, 2018 11:55 am
Forum: Kernel-Mode Development
Topic: NtOpenFile with error STATUS_ACCESS_VIOLATION
Replies: 7
Views: 460

Re: NtOpenFile with error STATUS_ACCESS_VIOLATION

I don't know from where you copy-pasted this piece of code but it clearly not something you should use if you are unable to set a few breakpoints in it and look what is passed to the API. If you ask me, then I tried it ported to usermode (replaced ExAlloc/Free with VirtualAlloc/Free), and with small...
by EP_X0FF
Mon Apr 02, 2018 4:25 am
Forum: Kernel-Mode Development
Topic: NtOpenFile with error STATUS_ACCESS_VIOLATION
Replies: 7
Views: 460

Re: NtOpenFile with error STATUS_ACCESS_VIOLATION

Try ZwOpenFile instead.
by EP_X0FF
Fri Mar 23, 2018 8:55 am
Forum: Malware
Topic: Sample of kernel-mode malware, which modifies allocated memory in kernel
Replies: 1
Views: 522

Re: Sample of kernel-mode malware, which modifies allocated memory in kernel

CPU-Z driver version 1.41 and below can do all what you listed because it allows R/W to physical memory.