Win32 Kernel
in [Programming]
|
Find interactive user name / token (again) problems This question looks like it has been asked many times before - I think I have a new version.... I've been writing a service that needs to enumerate and ultimately impersonate the interactive user(s). I'm using LsaEnumerateLogonSessions to do this because I need to support systems where the TermService (... 24 Apr 2008 22:13
How to Hook ZwReadVirtualMemory and ZwWriteVirtualMemory I have tried do it by "simple" ways, but when I need link my driver with ntdll.lib it doesn't load anymore. I need find a simple or complex way to do it. Thanks in advance! Nicol�s ... 24 Apr 2008 00:29
How to dump system service dispatch table? Greeting, I know how to dump IDT with !idt -a command in kernel debugger. But how can I dump SSDT, e.g. KeServiceDescriptorTable which is located in ntoskrnl? I think I can do it programmatically with an undocumented method KeServiceDescriptorTable exported by NTOSKRNL. So my first question is, would you writ... 25 Apr 2008 02:58
NtCreateProcess and fork Is it possible to implement something that resembles UNIX fork() with NtCreateProcess/NtCreateThread and which is usable for non-GUI applications running under the Win32 subsystem? The CreateProcess API provides handle inheritance, so that part seems compatible with Win32. However, whether a parent's address spac... 22 Apr 2008 15:37
CreateFile for USB device returns ERROR_FILE_NOT_FOUND Hi. I am trying to communicate directly with a USB webcam. (I know there are easier ways to run a webcam, but I have my reasons :) I am enumerating the USB devices, and getting the path with SetupDiGetDeviceInterfaceDetail I am able to get a valid handle to a thumb drive and USB keyboard with my code, a... 11 Apr 2008 15:54
Common Scenario Stress With IO Is there a standalone tool in the WDK that I can run to do the same thing that this DTM job does? I'd like to run this on my driver well before I set everything up for DTM. I ran pnpdtest.exe, but it looks like this DTM job does much more. Thanks! ... 4 Apr 2008 07:32
How detect Server 2008 Core? On Mar 4, 11:07 am, Stefan Kuhr <kustt...(a)gmx.li> wrote: Hello everyone, is there a way to detect theserver2008core versus full installation without using theGetProductInfoAPI and a-priori-knowledge about the different SKUs? I am asking because we want only to be able to distinguish between a fu... 1 Apr 2008 11:13
How to Get Name of the Process callng a hooked kernel API (Zw...) HI all, I am currently writing a kernel level hooking engine for my dissertation. I have been using the source code and book titled Professional.Rootkits by Rick Vieler, (great book) , and hooking source code from rohitab.com so far my engine runs in kernel mode and hooks zwopenfile, zwcreatefile, zwreadfile a... 1 Feb 2008 19:14
Working on a NE disassembler Hi, A bit old-fashioned but is the windows software development kit 3.1 still available somewhere? If not, is it possible to order a copy from Microsoft? Will they accept because they no longer support it. I am working on a NE disassembler. Especially needing for a NE format specifications (with details) in ord... 1 Feb 2008 00:52
Reset power to USB device ????? Hi All, Is there any way to reset power to USB device through code? Thanks in advance ... 25 Jan 2008 08:19 |