[win32] add XP and Vista syscall data #98

derekbruening · 2014-11-28T02:21:32Z

From [email protected] on December 10, 2010 17:57:35

PR 406351

My windows syscall data comes from Nebbett and Metasploit and does not have all the
argument data for the new Vista syscalls. I'm also not sure I even have all the XP data.

Original issue: http://code.google.com/p/drmemory/issues/detail?id=98

derekbruening · 2014-11-28T02:21:32Z

From [email protected] on October 05, 2012 14:12:36

Some info about NtCreateWorkerFactory
It takes 10 args: 3 args pointing to memory address are more interesting, the rest are more like flags or something.

arg[0]: TpWorkerFactory Handle OUT
arg[5]: Starting Thread Routine something like ntdll!TppWorkerThread
arg[6]: Some data structure for Thread Pool, allocate with size of 00000c88, partialy initialized,
and it does not change before/after the syscall.
Also
arg[4]: 0xffffffff, might be the self process handle.

derekbruening · 2014-11-28T02:21:38Z

From [email protected] on February 17, 2013 10:20:00

Labels: GoodContrib

derekbruening added Migrated OpSys-Windows Type-Bug Priority-Low help wanted labels Nov 28, 2014

derekbruening removed the Type-Bug label Apr 2, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[win32] add XP and Vista syscall data #98

[win32] add XP and Vista syscall data #98

derekbruening commented Nov 28, 2014

derekbruening commented Nov 28, 2014

derekbruening commented Nov 28, 2014

[win32] add XP and Vista syscall data #98

[win32] add XP and Vista syscall data #98

Comments

derekbruening commented Nov 28, 2014

derekbruening commented Nov 28, 2014

derekbruening commented Nov 28, 2014