Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
Hi all, is there a way of reading user application ( IE) messages that go to ntoskrnl or ntdll i. I know each application calls its own instance of dll, but can i map a particular application an read all its systen calls to ntddl or ntoskrnl. If this is possible were can i get info on it.
I think VC++ mfc messaging mapping can do it???? thanks in advance.
Page 1 of 1
reading from upperlayer ntoskrnl
Rate Topic:
Back to top
#2
- World famous sausage eater...
-
- Group: Members
- Posts: 566
- Joined: 20-April 04
Posted 18 February 2005 - 07:50 AM
Dunno.. this is a wild shot but should u not be able to do that with a kernel debugger utility? havent tried it thoguh...
#3
- Gurgelmeyer
-
- Group: Members
- Posts: 395
- Joined: 27-January 05
Posted 20 February 2005 - 09:06 PM
Are we talking messages or API entry points here? If you are a hardcore programmer try looking up the SetWindowsHookEx() function on MSDN. Or write a service that hooks into the NT image loader. Complicated stuff really 
#4
- Gurgelmeyer
-
- Group: Members
- Posts: 395
- Joined: 27-January 05
Posted 20 February 2005 - 09:20 PM
PS - If you just need the static dependencies, you'll need the Dependendy Walker. That's not complicated to use, and requires no expert skills 
#5
- Gurgelmeyer
-
- Group: Members
- Posts: 395
- Joined: 27-January 05
Posted 21 February 2005 - 03:29 AM
Yet another hint: check sysinternals.com and/or winternals.com - they provide some very handy tools for free. 
Share this topic:
Page 1 of 1