I'm just playing around for fun only(on Windows 8.1) with kernel mode address space trying to see if I can access the address space belonging to ntoskrnl.exe fr
Hi how to read into a processus and how to use IMAGE_FILE_HEADER to read the pe header in this processus, thanks for replies:) sorry for my english i'm french
For example Characteristics of section .text is 60000020, seems that is IMAGE_SCN_CNT_CODE 0x00000020 IMAGE_SCN_MEM_EXECUTE 0x20000000 IMAGE_SCN_MEM_READ 0
So I'm trying to calculate, using C code the 64 bit virtual address of a function located in ntoskrnl.exe. I have, using C code, determined the base address of