Hello!
I develop kernel-mode packer and interested if someone face a problem with dynamic allocated code in x64 binaries (x32 works)
The thing is if we wan't to make exceptions work in unpacked code, we need to make kernel to know about PRUNTIME_FUNCTION array that covers all unpacked code (these array usually stores in .pdata section)
ntoskrnl.exe has internal list of such arrays (similar to InvertedFunctionTable in user mode) Also there are two functions in user mode to dynamically add PRUNTIME_FUNCTION arrays in internal list (RtlAddFunctionTable and RtlInstallFunctionTableCallback).
Who knows, are there similar functions in kernel-mode? Or are there another ways to make exceptions work?
Thanks)
I develop kernel-mode packer and interested if someone face a problem with dynamic allocated code in x64 binaries (x32 works)
The thing is if we wan't to make exceptions work in unpacked code, we need to make kernel to know about PRUNTIME_FUNCTION array that covers all unpacked code (these array usually stores in .pdata section)
ntoskrnl.exe has internal list of such arrays (similar to InvertedFunctionTable in user mode) Also there are two functions in user mode to dynamically add PRUNTIME_FUNCTION arrays in internal list (RtlAddFunctionTable and RtlInstallFunctionTableCallback).
Who knows, are there similar functions in kernel-mode? Or are there another ways to make exceptions work?
Thanks)
