-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nice work,but poor doc #6
Comments
Hi! Thanks for the interest in the project. What kind of documentation are you looking for? Most of the library's functionality assumes certain understanding of system mechanisms and familiarity with the underlying low-level API. The goal of this project is to simplify calling functions from When it comes to documenting the added functionality of this library, you can find comments inside the interface section of each I can work on better discoverability of the available functionality, though. I was planning to add a table to the readme that summarizes which system mechanisms each library module covers. However, you would still need to check the comments in the interface section of the corresponding module for the complete overview of the exposed functionality. |
Hi,diversenok.
Thank you for your reply.
What I mean is, some explanatory documents for this source code. For example, whether the header files for Ntdll and Undoc Ntdll have been defined, or is it just a wrapper for the Ntdll function. Has PEB, SYSTEM PROCESS, etc. been defined? Does it provide access to SSDT arrays, and does it provide access to APINAME through SSDT.
…------------------ 原始邮件 ------------------
发件人: "diversenok/NtUtilsLibrary" ***@***.***>;
发送时间: 2024年3月20日(星期三) 上午6:15
***@***.***>;
***@***.******@***.***>;
主题: Re: [diversenok/NtUtilsLibrary] Nice work,but poor doc (Issue #6)
Hi! Thanks for the interest in the project. What kind of documentation are you looking for?
Most of the library's functionality assumes certain understanding of system mechanisms and familiarity with the underlying low-level API. The goal of this project is to simplify calling functions from ntdll.dll and other system libraries by providing wrappers that integrate them into Delphi. Documenting what these (underlying) system functions do is out of the scope of this project. I know, some of the things might be undocumented and meaningful only to security researchers that reverse engineer Windows. If your goal is understanding the system mechanisms, I can recommend the Windows Internals book; if you want to learn the details about the underlying APIs, NtDoc (which I'm slowly expanding) might have some useful information. Otherwise, just googling the functions that my wrappers call might help.
When it comes to documenting the added functionality of this library, you can find comments inside the interface section of each NtUtils.*.pas file. These files group wrappers for a subset of APIs based on a common topic and each exposed function has a short description. For instance, if you know what registry syscalls exist/do on Windows, you should find functions from NtUtils.Registry.pas pretty self-explanetory.
I can work on better discoverability of the available functionality, though. I was planning to add a table to the readme that summarizes which system mechanisms each library module covers. However, you would still need to check the comments in the interface section of the corresponding module for the complete overview of the exposed functionality.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
for example://GetSSDT
mov eax,0x11E1
lea edx,dword ptr ss:[esp+4]
int 0x2E
ret 0x0C
.............
Would you provide such usage examples and tutorial,etc
…------------------ 原始邮件 ------------------
发件人: "diversenok/NtUtilsLibrary" ***@***.***>;
发送时间: 2024年3月20日(星期三) 上午6:15
***@***.***>;
***@***.******@***.***>;
主题: Re: [diversenok/NtUtilsLibrary] Nice work,but poor doc (Issue #6)
Hi! Thanks for the interest in the project. What kind of documentation are you looking for?
Most of the library's functionality assumes certain understanding of system mechanisms and familiarity with the underlying low-level API. The goal of this project is to simplify calling functions from ntdll.dll and other system libraries by providing wrappers that integrate them into Delphi. Documenting what these (underlying) system functions do is out of the scope of this project. I know, some of the things might be undocumented and meaningful only to security researchers that reverse engineer Windows. If your goal is understanding the system mechanisms, I can recommend the Windows Internals book; if you want to learn the details about the underlying APIs, NtDoc (which I'm slowly expanding) might have some useful information. Otherwise, just googling the functions that my wrappers call might help.
When it comes to documenting the added functionality of this library, you can find comments inside the interface section of each NtUtils.*.pas file. These files group wrappers for a subset of APIs based on a common topic and each exposed function has a short description. For instance, if you know what registry syscalls exist/do on Windows, you should find functions from NtUtils.Registry.pas pretty self-explanetory.
I can work on better discoverability of the available functionality, though. I was planning to add a table to the readme that summarizes which system mechanisms each library module covers. However, you would still need to check the comments in the interface section of the corresponding module for the complete overview of the exposed functionality.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
You can find definitions in the Headers directory. Most filenames resemble the names of related Windows SDK/WDK and PHNT headers. It's possible to include and use them directly, without relying on any wrappers.
uses
Ntapi.WinNt, Ntapi.ntpsapi, NtUtils, NtUtils.AntiHooking, NtUtils.Threads;
function UnhookAndInjectAPC(
[in] TID: TThreadId;
[in] Payload: Pointer;
[in, opt] PayloadParameter: Pointer = nil
): TNtxStatus;
var
hxThread: IHandle;
begin
// Dynamically replace our imports of ntdll.NtOpenThread and
// ntdll.NtQueueApcThreadEx with clean syscall stubs
Result := RtlxEnforceExternalImportAntiHooking([
@NtOpenThread,
@NtQueueApcThreadEx
]);
if not Result.IsSuccess then
Exit;
// Open the target thread (now issues a syscall instad of
// calling ntdll.NtOpenThread)
Result := NtxOpenThread(hxThread, TID, THREAD_SET_CONTEXT);
if not Result.IsSuccess then
Exit;
// Inject an APC that executes the payload on the thread
// (now issues a syscall instead of calling ntdll.NtQueueApcThreadEx)
Result := NtxQueueApcThreadEx(hxThread.Handle, Payload, PayloadParameter);
// Here the compiler automatically inserts code for closing the thread handle
end; |
Thank for your reply. I'll find something from your code and test it. About SYSTEM_PROCESS ,defined as follow:
My EnumKernelSSDT code as follow(Uncompleted && Untest):
|
Nice work,I'd like contribute for it,but poor document
The text was updated successfully, but these errors were encountered: