| View previous topic :: View next topic |
| Author |
Message |
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
 Posted: Sat Nov 03, 2012 3:26 pm Post subject: NtProtectVirtualMemory |
 |
|
How come MSDN has no documentation on this function?
Its also not defined in the ntdll so I how do I access it with my driver?
Any ideas? If its not defined, and I need to obtain its address what function can I use?
Thanks a bunch
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sat Nov 03, 2012 8:38 pm Post subject: |
|
|
| Code: |
// Obtain address to NtProtectVirtualMemory
RtlInitUnicodeString ( &pText, L"NtProtectVirtualMemory" );
NtProtect = MmGetSystemRoutineAddress ( &pText );
DbgPrint ( "%x", NtProtect );
|
It keeps returning zero.
not much documentation or topcis on MmGetSystemRoutineAddress.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Sun Nov 04, 2012 3:22 am Post subject: |
|
|
Try the Zw version
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun Nov 04, 2012 11:21 am Post subject: |
|
|
| Code: | if ( KeGetCurrentIrql () == PASSIVE_LEVEL )
DbgPrint ( "Its not the IRQL." );
// Obtain address to ZwProtectVirtualMemory
RtlInitUnicodeString ( &pText, L"ZwProtectVirtualMemory" );
NtProtect = MmGetSystemRoutineAddress ( &pText );
DbgPrint ( "%x", NtProtect ); |
It returns zero. ZwReadVirtualMemory and other functions also returns zero. I think the problem is bigger then that?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Sun Nov 04, 2012 1:12 pm Post subject: |
|
|
ZwReadVirtualMemory is defined in the exports of the kernel and in it's .lib, so if you just define it as a export to be loaded it should just work
Not sure why The MmGetSystemRoutineAddress fails though
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun Nov 04, 2012 4:01 pm Post subject: |
|
|
| MmGetSystemRoutineAddress works for any other address like itself and other addresses supported by the DDK I think. How can i grab the kernal address of NtProtectVirtualMemory without using MmGetSystemRoutineAddress?
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
