Skip to content

rhaym-tech/Win11PtrSwap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
Kernel Mode
Kernel Mode
 
 
User Mode C++
User Mode C++
 
 
UserMode C
UserMode C
 
 
.gitignore
.gitignore
 
 
NtUserHook.slnx
NtUserHook.slnx
 
 
README.md
README.md
 
 

Repository files navigation

NtUserHook

Minimal kernel-usermode communication framework using a Win32k syscall hook (NtUserXxx).

Syscall

In our case we're hooking (NtUserGetPointerProprietaryId), and the reason is that I liked the signature that takes only 2 params and this syscall is not a hotpath (not being called often by original Windows components which means no performance impact on the system).

You can change the syscall to any NtUserXxx you like by simply changing the pointers chain offsets and call type in both of usermode and kernel mode.

Contribution

Feel free to open a PR if you wish to add/modify something

About

Windows 11 compatible NtUserXxx syscall hook inside Win32k with PoC implementation and Usermode framework in both of C and C++

Topics

windows hook kernel syscalls windows-nt win32k syscall-hooking ntuser

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages