A forum for reverse engineering, OS internals and malware analysis 

Ask your beginner questions here.
 #31596  by xtacy
 Fri May 25, 2018 7:04 am
Hi, i have just registered on this forum.

Debugging i came across this function, i suppose in order to use this internal OS function, hardcoded offsets from ETHREAD are needed.
my question is, can the use of this function be stable or just a BSOD generator.
 #31600  by Vrtule
 Fri May 25, 2018 7:51 pm
stable or BSOD generator
The latter one. Unless it is present in the kernel for a very long time and its interface is stable. If this holds you may think of using this routine in the real world since it is not probable that it changes much in the future. However, it is always a risk, you need to decide whether the advantage you get by using the routine is worth of it.