TechQA.

How do you get the name of a service in kernel mode? (Windows)

1k views Asked by At

I am hooking the SSDT of Windows 7 x64 (I already hooked it correctly and such - that's not the problem.) to bypass a certain Anti-Cheat for a game.

The problem: Trying to get the exe name is of no use since it always outputs svchost.exe for Windows services, and since the anticheat is doing it's work in a service I can't correctly "guess" which svchost.exe is the Anti-Cheat.

The (pseudo-)code:

NTSTATUS newOpenProcess(ProcessHandle, DesiredAccess, ObjectAttributes, ClientId) { if(ClientId points to our game) // checks name of process to be opened DbgPrint("%s", PsGetProcessImageFileName(PsGetCurrentProcess())); // svchost.exe - NEED THE SERVICE NAME return oldOpenProcess(ProcessHandle, DesiredAccess, ObjectAttributes, ClientId); }

Please note: THIS IS NOT FOR ANYTHING BUT LEARNING PURPOSES. This is not for malware or anything of the such; it is not illegal!

windows service windows-7 drivers kernel-mode
Original Q&A
0

There are 0 answers

Related Questions in WINDOWS

Related Questions in SERVICE

Related Questions in WINDOWS-7

Related Questions in DRIVERS

Related Questions in KERNEL-MODE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions