Add SeCiCallbacks to the callbacks viewer #10

hfiref0x · 2019-01-19T07:18:54Z

See for reference
https://github.com/swwwolf/wdbgark/blob/master/src/secicallbacks.cpp.

Assume support from 7 up to 10 19H1.

Callbacks array structure:

Windows 7 (7600, 7601)
- fixed size pointer array with 3 elements
Windows 8, Windows 8.1 (9200, 9600)
- first element (QWORD) is the size in bytes of pointers array following next
Windows 10 (10240, 10586, 14393, 15063, 16299, 17134, 17763, 18317)
- first element (QWORD) is the size in bytes of pointers array following next, starting from RS1 (14393) contain revision marker (QWORD) at the end of this array which looks like 0xX00000Y where X is A (10) and Y is changing between Windows 10 version, for example in RS1(14393) this value is two in 19H1(18317) this value is six.

Callbacks names can be recovered from symbols. Since size of this array depends on Windows version as well as position of elements in this array it is better to hardcode these names.

Implement #10, "Notification callbacks" dialog renamed to "System callbacks".

hfiref0x · 2019-01-20T05:52:58Z

Implemented in 4478ad6

hfiref0x added the enhancement label Jan 19, 2019

hfiref0x self-assigned this Jan 19, 2019

hfiref0x added a commit that referenced this issue Jan 20, 2019

1.7.1

4478ad6

Implement #10, "Notification callbacks" dialog renamed to "System callbacks".

hfiref0x closed this as completed Jan 20, 2019

hfiref0x added the implemented label Jan 20, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add SeCiCallbacks to the callbacks viewer #10

Add SeCiCallbacks to the callbacks viewer #10

hfiref0x commented Jan 19, 2019 •

edited

Loading

hfiref0x commented Jan 20, 2019

Add SeCiCallbacks to the callbacks viewer #10

Add SeCiCallbacks to the callbacks viewer #10

Comments

hfiref0x commented Jan 19, 2019 • edited Loading

hfiref0x commented Jan 20, 2019

hfiref0x commented Jan 19, 2019 •

edited

Loading