Using IDA Free, Part 3

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Codemasters

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

Using IDA Free, Part 3, Investigate Windows syscall

views

MatQuasar	Sep 15 2023, 08:04 PM Return to original view \| IPv6 \| Post #1
Casual Validating 329 posts Joined: Jun 2023	Since there is no syscall in 32-bit mode.... ....I make direct call to ntdll.dll instead, x86 code as below: CODE format PE console entry start include "win32a.inc" section ".code" code executable readable start: push 7 push 0xFFFFFFFF call [NtTerminateProcess] section ".idata" import readable library ntdll, "ntdll.dll" import ntdll, NtTerminateProcess, "NtTerminateProcess"
Card PM	Report Top Like Quote Reply

MatQuasar	Sep 15 2023, 11:34 PM Return to original view \| IPv6 \| Post #2
Casual Validating 329 posts Joined: Jun 2023	Readers might ask, what is "ntdll.dll"? It is a library part of "kernel32.dll" dependency: Many Win32 API are provided through "kernel32.dll" (along with "user32.dll" and others), but underlying it there is "ntdll.dll" which is even deeper. So , kernel32.dll ExitProcess API will call ntdll.dll NtTerminateProcess.....
Card PM	Report Top Like Quote Reply

« Next Oldest · Codemasters · Next Newest »

Add Reply Options

Change to:

0.0162sec

0.50

6 queries

GZIP Disabled
Time is now: 25th November 2025 - 04:46 AM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.