ghost
commented
5 years ago You could do something like this: https://gist.github.com/alxbrn/90abf9ad3a44d1d357644a520b0719a5
Closed r1cky33 closed 5 years ago
ghost
commented
5 years ago You could do something like this: https://gist.github.com/alxbrn/90abf9ad3a44d1d357644a520b0719a5
r1cky33
commented
5 years ago i tried that, but no result: https://gyazo.com/ccd7c7d59fa190f27accc959d2e191ce
r1cky33
commented
5 years ago in IDA the export is there.
r1cky33
commented
5 years ago Sry, for spamming this issue, but I just fixed my problem. I adapted the GetKernelModuleExport func from kdmapper (1803-1903) by @alxbrn to use in my driver. https://github.com/alxbrn/kdmapper-1803-1903/blob/master/kdmapper/intel_driver.cpp#L208
Works like a charm: https://gyazo.com/dfd0e7cda71cd14b1beb0273ff5fde21
ironxu
commented
5 years ago 抱歉,为该问题发送了垃圾邮件,但我只是解决了问题。我将@alxbrn的kdmapper(1803-1903)中的GetKernelModuleExport函数修改为可在驱动程序中使用。https://github.com/alxbrn/kdmapper-1803-1903/blob/master/kdmapper/intel_driver.cpp#L208
像魅力一样工作:https : //gyazo.com/dfd0e7cda71cd14b1beb0273ff5fde21
Can you provide a project file?
Yo,
i just was wondering, on how i should obtain the address of win32kbase!NtGdiDdDDISubmitCommand. I tried with RtlFindExportedRoutineByName(), but that didnt work^^ So do i have to reverse it myself? (find the entry from some exported table in win32kbase). sry if im stupid, but im really no specialist at this.
greeds!