I am making a Kernel Mode Driver but I cannot use the normal windows API's. Why is this? It keeps saying "Indicates the specified procedure address cannot be found in the DLL" in a messagebox. And what API's can I use then and where can I find them? Also, does anyone know how to map physical memory so I can read and write to it? Thx! :)
All functions that you can use in a KMD can be found in the DDK ;)
roaknog, remember: http://www.asmcommunity.net/board/index.php?topic=5638&highlight=ring0 ? Do you have any ideas of how to access the physical memory from your KMD? So this ZwQuerySystemInformation() gets the "base address + image or symbol offset"? Or is there more to it? And how do I get the value in the CR3 register for a certain app?
The first listing in my bibliography has source code for macros for working on a control register's bits and restoring them. You have to read up on how many control and test registers and their bits have to be checked and the order you alter them. I don't have any thoughts on conrol registers yet. I am still working with some api's.
I don't want to alter anything. All I want is to be able to get the cr3 values for each running process so I can then look through their page tables etc. Then I can read and write to that memory as I please. When a task switch occurs the cpu writes these register state values to memory right? So where is it?