Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


ntoskrnl exports.

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Culinary
Newbie cheater
Reputation: 0

Joined: 24 Mar 2011
Posts: 15
PostPosted: Mon Sep 12, 2011 9:54 am    Post subject: ntoskrnl exports. Reply with quote
Hi, 2 questions here. I am newbie in kernel mode so ill just get that out of the way first ;p

I know I can get exports from ntoskrnl with either MmGetSystemRoutineAddress or for learning I used ZwQuerySystemInformation, got the ntoskrnl module base, and read it like a PE from the documented material off msdn.

How can I get the address of something like ZwReadVirtualMemory, which I do not see when I dump the EAT. I was assuming I could read it from the SSDT but I am using windows 7 x64 and it seems like the KeServiceDescriptor table is missing as well.

How can I find the address to this and other functions that don't seem to be exported?

Thanks!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites