Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How do I hook win32k.sys Functions?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
hevnfkxu
How do I cheat?
Reputation: 0

Joined: 08 Aug 2007
Posts: 4
PostPosted: Sun Aug 12, 2007 1:24 am    Post subject: How do I hook win32k.sys Functions? Reply with quote
SYSTEMSERVICEIDX(0x1XXX)

Doesn't seem to work...

I tried to google about win32k service table.. but

I got so confused...

Please help!
Back to top
View user's profile Send private message
Noz3001
I'm a spammer
Reputation: 26

Joined: 29 May 2006
Posts: 6220
Location: /dev/null
PostPosted: Sun Aug 12, 2007 4:03 am    Post subject: Reply with quote
http://www.metasploit.com/users/opcode/syscalls.html

You can get the system call numbers for your OS there.

You can just use
Code:
KeServiceDescriptorTable->ServiceTable[callnumber] = NewFunction;
Back to top
View user's profile Send private message MSN Messenger
UnLmtD
Grandmaster Cheater
Reputation: 0

Joined: 13 Mar 2007
Posts: 894
Location: Canada
PostPosted: Sun Aug 12, 2007 8:05 am    Post subject: Reply with quote
win32k, thats KeServiceDescriptorTableShadow. You get the Call numbers from disassembling "user32.dll" It's not exported btw.

Code:
KeServiceDescriptorTableShadow->win32k.ServiceTable[_callnumber] = NewXxxxxxxxxxx;

_________________
Back to top
View user's profile Send private message
hevnfkxu
How do I cheat?
Reputation: 0

Joined: 08 Aug 2007
Posts: 4
PostPosted: Sun Aug 12, 2007 12:54 pm    Post subject: yeah.. but.. Reply with quote
UnLmtD

Could you tell me how to get the KeServiceDescriptorTableShadow properly?

I know the Service Number but I don't know how to hook it.

PSERVICE_DESCRIPTORTABLE KeServiceDescriptorTableShadow

pCurrentThread = KeGetCurrentThread();
KeServiceDescriptorTableShadow = pCurrentThread->ServiceTable

I did this.. but.. I get BSOD When I try to even read off that address

DbgPrint("NewNtUserXXX: %X\n",KeServiceDescriptorTableShadow->win32k.ServiceTable[0x1B3]);// BSOD!!!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites