Thread: vwin32 and win32 service table
View Single Post
  #1  
Old 04-27-2004, 07:19
ajron ajron is offline
Family
  
Join Date: Jan 2002
Location: Poland
Posts: 40
Rept. Given: 0
Rept. Rcvd 33 Times in 7 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
ajron Reputation: 33
vwin32 and win32 service table
Does anybody know if win32 service table in this vxd differ in different (95/9x/me) windows version? I woud like to hook some service by "ordinal" but I saw in icedump sources this code:

FindVWIN32Win32APIs:
push ecx
mov eax,[VWIN32.W32ServiceTable]
mov ecx,[eax] ; W32 API count
sub ecx,byte 4
add eax,byte 4 ; walk the parameter count list
.next:
add eax,byte 8
cmp [eax],byte 2
loopnz .next
jnz @F
cmp [eax+8],byte 2
jnz .next
cmp [eax+8+8],byte 5
jnz .next
cmp [eax+8+8+8],byte 5
jnz .next
sub eax,[VWIN32.W32ServiceTable]
shr eax,3
mov [VWIN32.W32_SetThreadContext],eax
dec eax
mov [VWIN32.W32_GetThreadContext],eax
...

This code search services by specific parameters numbers sequence instead of simple get by ordinal. So?
Reply With Quote