Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


KeStackAttachProcess

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 529
Location: Canada
PostPosted: Wed Aug 29, 2012 6:57 pm    Post subject: KeStackAttachProcess Reply with quote
Code:

VOID KeStackAttachProcess(
  _Inout_  PRKPROCESS Process,
  _Out_    PRKAPC_STATE ApcState
);


How do I obtain the RKPROCESS of my target process?

The structure or variable is not well documented. In order to change my current thread to the address space of my target, I need the RKPROCESS variable.

There are two functions that MSDN documents on how to retrieve the RKPROCESS of the current process and they're IoGetCurrentProcess and PsGetCurrentProcess. But which function(s) can I use to obtain the RKPROCESS of my target?

Also, I know that this function can only be used for drivers, but why? Why can't you do the same method for modules or usermode applications instead?

Thank you.
Back to top
View user's profile Send private message MSN Messenger
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25811
Location: The netherlands
PostPosted: Thu Aug 30, 2012 2:11 am    Post subject: Reply with quote
Use PsLookupProcessByProcessId

Quote:

Also, I know that this function can only be used for drivers, but why? Why can't you do the same method for modules or usermode applications instead?

Because when you use it in usermode, when the function returns, the caller code will no longer be there since the lower part of memory has been swapped out with that of the target process
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites