Re: Using Visual Basic to Write System-Wide Hooks
- From: "Jim Carlock" <anonymous@localhost>
- Date: Sun, 5 Jun 2005 10:35:02 -0400
Wondering how to hook into Interrupt 0x2E and if that might help?
>From the following page:
http://www.internals.com/articles/apispy/apispy.htm
by Yariv Kaplan.
"If you have ever examined ntdll.dll with QuickView, you might
have noticed that it exports a set of functions that begin
with the Nt prefix. These functions are actually small stubs
of code that pass control to the Windows NT kernel (NTOSKRNL)
using interrupt 2E."
"Many of the functions exported from kernel32.dll are nothing
more than control transfer routines to the stubs located in
ntdll. For example, when a Windows application issues a call
to CreateFile located in kernel32.dll, the call is redirected
to NtCreateFile, which passes it on to NT's kernel for further
processing."
--
Jim Carlock
Please post replies to newsgroup.
.
- References:
- Using Visual Basic to Write System-Wide Hooks
- From: Jonathan Wood
- Re: Using Visual Basic to Write System-Wide Hooks
- From: Sam Hobbs
- Re: Using Visual Basic to Write System-Wide Hooks
- From: Jonathan Wood
- Re: Using Visual Basic to Write System-Wide Hooks
- From: Mark Yudkin
- Re: Using Visual Basic to Write System-Wide Hooks
- From: Jonathan Wood
- Re: Using Visual Basic to Write System-Wide Hooks
- From: Mark Yudkin
- Re: Using Visual Basic to Write System-Wide Hooks
- From: J French
- Using Visual Basic to Write System-Wide Hooks
- Prev by Date: Re: Passing string from VB to C++ dll routine
- Next by Date: Re: Passing string from VB to C++ dll routine
- Previous by thread: Re: Using Visual Basic to Write System-Wide Hooks
- Next by thread: Re: Using Visual Basic to Write System-Wide Hooks
- Index(es):
Relevant Pages
|
