Author: felix1432
Subject: Get address of NtGetContextThread in kernel mode
Posted: 14 February 2014 at 11:28am
I am trying to get the address of the function ZwGetContextThread() for my kernel driver, without going via the SSDT table.
Unfortunately, it looks like this function is not exported by ntdll? Even though it shows up in the export table.
extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ZwGetContextThread(
IN HANDLE ThreadHandle, OUT PCONTEXT pContext );
ZwGetContextThread(0,0);
Error 1 error LNK2001: unresolved external symbol __imp__ZwGetContextThread@8
The above works for other Zw* functions, though.
Where am i going wrong? What's the official way to get the context of a thread in kernel mode?
Subject: Get address of NtGetContextThread in kernel mode
Posted: 14 February 2014 at 11:28am
I am trying to get the address of the function ZwGetContextThread() for my kernel driver, without going via the SSDT table.
Unfortunately, it looks like this function is not exported by ntdll? Even though it shows up in the export table.
extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ZwGetContextThread(
IN HANDLE ThreadHandle, OUT PCONTEXT pContext );
ZwGetContextThread(0,0);
Error 1 error LNK2001: unresolved external symbol __imp__ZwGetContextThread@8
The above works for other Zw* functions, though.
Where am i going wrong? What's the official way to get the context of a thread in kernel mode?