Hi,
currently our Zw functions for kernel mode are implemented by an parameter wrapper and an int 0x2e instruction. The only reason for using the Zw functions in kernel mode is to bypass the buffer check. Can we implement the Zw functions by saving/changing/restoring the previous mode and calling the equal Nt function?
- Hartmut
Hartmut Birr wrote:
Hi,
currently our Zw functions for kernel mode are implemented by an parameter wrapper and an int 0x2e instruction. The only reason for using the Zw functions in kernel mode is to bypass the buffer check. Can we implement the Zw functions by saving/changing/restoring the previous mode and calling the equal Nt function?
- Hartmut
Hi,
Actually they don't do INT 2E anymore since my optimizations.
Best regards, Alex Ionescu
-
Alex Ionescu -
Hartmut Birr