It makes much more sense as to WHY ;)
It just doesn't really offer any real protection. That's good for our case, but suxxor for the OS itself.
Fez
Type: Posts; User: fez_ajer
It makes much more sense as to WHY ;)
It just doesn't really offer any real protection. That's good for our case, but suxxor for the OS itself.
Fez
Hrm... I've never actually checked but I would think that MmMapIoSpace would fail on virtual protect rather than MmGetPhysicalAddress... The reasons being:
1) MmGetPhysicalAddress supposedly...
I've implemented an IOCTL function which uses nothing but win32 kernel calls to read the memory. This means no hardcoding of list pointers and such. It also means it should work without...
Lost,
I think that KeGetCurrentProcess *MAY* be an undocumented export. I also know that this function:
PsLookupProcessByProcessId(IN ULONG ulProcId,OUT struct _EPROCESS ** pEProcess);
Is...
I believe there is a kernel function:
KeGetCurrentProcess()
which returns PEPROCESS for the process which calls the IOCTL. That should indeed do the trick to avoid hardcoding the list head. ...
Hey, Lost...
Nice job with what you're doing. I think this is heading in the right direction.
I thought I'd drop this lil tidbit to you, as I think it could be useful. Basically, it's an...