Invoking Win32k syscalls from kernel space

		Exetools > General > General Discussion
Invoking Win32k syscalls from kernel space

01-01-2022, 00:50

DavidXanatos DavidXanatos is offline

Family

Join Date: Jun 2018

Posts: 183

Rept. Given: 3

Rept. Rcvd 47 Times in 33 Posts

Thanks Given: 59

Thanks Rcvd at 363 Times in 120 Posts

After some debuggung and reading
https://www.crowdstrike.com/blog/state-of-exploit-development-part-1/
and
https://www.crowdstrike.com/blog/state-of-exploit-development-part-2/
I found the solution, it was quite trivial, I just had to disable "Control Flow Guard" for the one file doing this calls, LOL.

Ofcause a better solution would be to create a hand crafted trampoline instead, but well... some times its efficient to be lazy.

The Following User Says Thank You to DavidXanatos For This Useful Post:
tonyweb (01-01-2022)

« Previous Thread | Next Thread »

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is Off HTML code is Off Forum Rules

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
C++ helper Class to make Syscalls	Aesculapius	Source Code	0	05-26-2019 23:37
Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code	sh3dow	Source Code	0	05-12-2016 03:15

All times are GMT +8. The time now is 03:20.