20 Jan
2005
20 Jan
'05
6:11 a.m.
Hartmut Birr wrote:
Hi,
currently our Zw functions for kernel mode are implemented by an
parameter wrapper and an int 0x2e instruction. The only reason for
using the Zw functions in kernel mode is to bypass the buffer check.
Can we implement the Zw functions by saving/changing/restoring the
previous mode and calling the equal Nt function?
- Hartmut
Hi,
Actually they don't do INT 2E anymore since my optimizations.
Best regards,
Alex Ionescu