|
vwin32 and win32 service table
Does anybody know if win32 service table in this vxd differ in different (95/9x/me) windows version? I woud like to hook some service by "ordinal" but I saw in icedump sources this code:
FindVWIN32Win32APIs: push ecx mov eax,[VWIN32.W32ServiceTable] mov ecx,[eax] ; W32 API count sub ecx,byte 4 add eax,byte 4 ; walk the parameter count list .next: add eax,byte 8 cmp [eax],byte 2 loopnz .next jnz @F cmp [eax+8],byte 2 jnz .next cmp [eax+8+8],byte 5 jnz .next cmp [eax+8+8+8],byte 5 jnz .next sub eax,[VWIN32.W32ServiceTable] shr eax,3 mov [VWIN32.W32_SetThreadContext],eax dec eax mov [VWIN32.W32_GetThreadContext],eax ... This code search services by specific parameters numbers sequence instead of simple get by ordinal. So? |
There is some information here on the compuware site hxxp://frontline.compuware.com/nashua/kb/doc/1322.asp
Just a little bit of advice, calling a function by an ordinal can get very messy. A simple udate can move ordinal 1 to ordinal 2 and cause you a big headache. Also some compilers (borland compiler last time i used it) will not let you import a function using an ordinal. |
I know that calling by ordinal isn't the good idea, but win32_service_table in vwin32.vxd isn't exported by name (it isn't generally exported). But it's not a problem in a vxd world, where all calls are done by ordinal ;). I'm not afraid of updates, because win 95/9x/me is no longer supported, but I must know if my vxd will be specific only to my computer. Maybe must I use a trick like icedump to avoid problem on others windows?
|
| All times are GMT +8. The time now is 13:32. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX