Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Effect of KeStackAttachProcess

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
lylcheat
Cheater
Reputation: 0

Joined: 14 Feb 2009
Posts: 27
Location: Planet 3 Solar System Orion Arm Spiral Galaxy Milky Way
PostPosted: Fri Oct 30, 2015 6:09 am    Post subject: Effect of KeStackAttachProcess Reply with quote
The documented effect of KeStackAttachProcess is to attach the current thread to the address space of the target process. But how does Windows achieve this behind the scene? Does it mean the CR3 of the current process (stored in the KPROCESS->DirectoryTableBase member) is changed to that of the target process.

If that is true, and if I'm issuing the API call in a system thread, does it cause any issue since that would modify the system process's CR3 ?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25817
Location: The netherlands
PostPosted: Tue Nov 03, 2015 3:14 pm    Post subject: Reply with quote
CR3 is changed yes, and probably some other internal structures are changed as well to deal with exceptions (like a timer interrupt signailing a task switch event)

If you're manually going to change CR3 then I recommend disabling interrupts for the current cpu, and don't trigger exceptions. (or capture them yourself by changing the local cpu's IDT to your own while external interrupts are disabled)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites