Find address of win32kbase!NtGdiDdDDISubmitCommand #2
Comments
|
You could do something like this: https://gist.github.com/alxbrn/90abf9ad3a44d1d357644a520b0719a5 |
|
i tried that, but no result: https://gyazo.com/ccd7c7d59fa190f27accc959d2e191ce |
|
in IDA the export is there. |
|
Sry, for spamming this issue, but I just fixed my problem. I adapted the GetKernelModuleExport func from kdmapper (1803-1903) by @AlxBrn to use in my driver. https://github.com/alxbrn/kdmapper-1803-1903/blob/master/kdmapper/intel_driver.cpp#L208 Works like a charm: https://gyazo.com/dfd0e7cda71cd14b1beb0273ff5fde21 |
Can you provide a project file? |
Yo,
i just was wondering, on how i should obtain the address of win32kbase!NtGdiDdDDISubmitCommand. I tried with RtlFindExportedRoutineByName(), but that didnt work^^ So do i have to reverse it myself? (find the entry from some exported table in win32kbase). sry if im stupid, but im really no specialist at this.
greeds!
The text was updated successfully, but these errors were encountered: