.Hello!
This might be a silly question..
But i wonder, is it possible to Convert Kernel objects to Usermode handles?
Lets say, i hook an usermode app that calls KeSetEvent and i want to use NtSetEvent instead, like this:
LONG
NTAPI
MyKeSetEvent (
PKEVENT Event,
LONG Increment,
BOOLEAN Wait
)
{
NTSTATUS Status = NtSetEvent((HANDLE)Event, NULL); // Umm..
if(!NT_SUCCESS(Status)) {
print("NtSetEvent Failed! Status = 0x%.08X\n", Status);
}
return Something; // ?
}
Would that be possible in some way?
NOTE: This is just "Psuedo-talk", it ain't true in "real life"!!
I Know it's impossible for an user mode app to call KeSetEvent,
But here, let's say it's possible.
So, if it's possible in some way, How to do it?
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}