Closed CRC32EX closed 4 years ago
1703944
and 393268
are 0x60034
and 0x1A0008
respectively.
The value of TrapFrame->Rax is interpreted like the following in KiSystemCall64:
union SyscallIndex
{
uint64_t Rax;
struct
{
uint64_t RoutineId : 12;
uint64_t IsWin32 : 1;
uint64_t Reserved : 51;
};
};
So to me it looks like they are in fact valid indices into the SSDT at +0x34 and +0x8. Give it another try after masking it bits and let me know if it works all good.
Feel free to re-open if it really is invalid.
ExHook
project is successfully working when target is 64 bit application.But, 32 bit (WOW64) application is weird.
syscall number
looks like invalid.So,
ByePg
andExHook
does not supports WOW64 application?Do you have same bug? Do you have any solutions?
My environment