Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Getting a list of ObRegisterCallbacks addresses

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25858
Location: The netherlands
PostPosted: Tue Feb 11, 2020 2:05 am    Post subject: Getting a list of ObRegisterCallbacks addresses Reply with quote
This code will give you a list of the registered routines by ObRegisterCallbacks
Code:

function getCallbacks(a)
  local infloopprotection=0
  local CallbackListHead=a+0xc8
  local entry=readPointer(CallbackListHead)
  while (entry) and (entry~=0) and (entry~=CallbackListHead) and (infloopprotection<100) do
    local preop=readPointer(entry+0x28)
    local postop=readPointer(entry+0x30)

    if preop~=0 then
      print('  Pre operation: '..getNameFromAddress(preop))
    end

    if postop~=0 then
      print('  Post operation:'..getNameFromAddress(postop))
    end


    infloopprotection=infloopprotection+1
    entry=readPointer(entry)
  end

end

dbk_initialize()
dbk_useKernelmodeOpenProcess()
dbk_useKernelmodeProcessMemoryAccess()
enableKernelSymbols()


if getOpenedProcessID()==0 then
  openProcess(getCheatEngineProcessID())
else
  openProcess(getOpenedProcessID())
end
waitForExports()

local PsProcessTypeA=getAddressSafe("kernel_PsProcessType")
local PsThreadTypeA=getAddressSafe("kernel_PsThreadType")

if PsProcessTypeA then
  print("Process handle callbacks:")
  getCallbacks(readPointer(PsProcessTypeA))
else
  print("Failure getting PsProcessTypeA");
end

print("")

if PsThreadTypeA then
  print("Thread handle callbacks:");
  getCallbacks(readPointer(PsThreadTypeA))
else
  print("Failure getting PsProcessTypeA");
end


example output:
Code:

Process handle callbacks:
  Pre operation: WdFilter.sys+3AC20
  Pre operation: dbk64.sys+9920
  Post operation:dbk64.sys+9910
 
Thread handle callbacks:
  Pre operation: dbk64.sys+9C70
  Post operation:dbk64.sys+9910

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites