Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Get real address of api not nt version
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 05-20-2018, 15:12
Mahmoudnia's Avatar
Mahmoudnia Mahmoudnia is offline
Family
  
Join Date: Nov 2012
Posts: 239
Rept. Given: 64
Rept. Rcvd 145 Times in 50 Posts
Thanks Given: 210
Thanks Rcvd at 329 Times in 106 Posts
Mahmoudnia Reputation: 100-199 Mahmoudnia Reputation: 100-199
Get real address of api not nt version
Hello guys

As far as I searched, Microsoft decided to redirect api's to nt version from windows 8. Please correct me if it's wrong.

For example if I use GetProcAddress(user32.dll, ShowWindow) the returned address is NtUserShowWindow even using GetProcAddress or LoadLibrary replacement custom code or GetModuleHandle.

https://imgur.com/a/Dkw6O43

So, How can I get the real address of ShowWindow bytes in memory not nt version of this api.

Thank you.
Reply With Quote
The Following User Says Thank You to Mahmoudnia For This Useful Post:
sh3dow (06-17-2018)
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
fake mac address theGate General Discussion 16 08-13-2022 10:12
How to identify the address where the test is done? byvs General Discussion 13 10-25-2016 08:40
Get APi from the address ahmadmansoor General Discussion 21 03-03-2011 07:49
Finding API Address britedream General Discussion 5 10-05-2006 21:28


All times are GMT +8. The time now is 23:07.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )