J
jguo5258
Guest
Hello,
I want to get the nt header for ntoskrnl. To do that, I must use rtlImageNtHeader, an undocumented function. I found out that a access violation is being caused at rtlImageNtHeader + 0x2d. What could this be caused by? I verified the correct base address of Ntoskrnl.
here is the code:
PVOID base = getKernelBase(NULL);
if (!base)
{
DbgPrint("base address not found!\n");
return STATUS_NOT_FOUND;
} //pretty much always succeeds
PIMAGE_NT_HEADERS64 pHdr = RtlImageNtHeader(base); // this is the BSOD
thanks,
Continue reading...
I want to get the nt header for ntoskrnl. To do that, I must use rtlImageNtHeader, an undocumented function. I found out that a access violation is being caused at rtlImageNtHeader + 0x2d. What could this be caused by? I verified the correct base address of Ntoskrnl.
here is the code:
PVOID base = getKernelBase(NULL);
if (!base)
{
DbgPrint("base address not found!\n");
return STATUS_NOT_FOUND;
} //pretty much always succeeds
PIMAGE_NT_HEADERS64 pHdr = RtlImageNtHeader(base); // this is the BSOD
thanks,
Continue reading...