Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Development
  New Posts New Posts RSS Feed - Incorrect image base address of win32k.sys on Win
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Incorrect image base address of win32k.sys on Win

 Post Reply Post Reply
Author
Message
flashcoder View Drop Down
Newbie
Newbie
Avatar

Joined: 06 March 2017
Status: Offline
Points: 20
Post Options Post Options   Thanks (0) Thanks(0)   Quote flashcoder Quote  Post ReplyReply Direct Link To This Post Topic: Incorrect image base address of win32k.sys on Win
    Posted: 31 October 2017 at 2:44pm
 
Title: Incorrect image base address of win32k.sys on Win 8.1/Win 10

Hello,

like you already know, the image base address of module win32k.sys (at least here in my test enviroment on Win 8.1 and Win 10 both x32) is:

0x00010000 (output on console, user mode app)
0x10000 (format to set directly on source code of you driver)

I have a example (user mode code in C++) that show exactly this value, but why on my kernel mode code below i'm find a diferent value of 0x00010000?



even i mapping win32k.sys (kernel mode code) comes same result.

someone can help me please?



Edited by flashcoder - 31 October 2017 at 2:51pm
Back to Top
sredna View Drop Down
Groupie
Groupie


Joined: 24 November 2016
Status: Offline
Points: 57
Post Options Post Options   Thanks (1) Thanks(1)   Quote sredna Quote  Post ReplyReply Direct Link To This Post Posted: 03 November 2017 at 9:12pm
You need to look at the mapped base address, not the preferred image base address.
Back to Top
flashcoder View Drop Down
Newbie
Newbie
Avatar

Joined: 06 March 2017
Status: Offline
Points: 20
Post Options Post Options   Thanks (0) Thanks(0)   Quote flashcoder Quote  Post ReplyReply Direct Link To This Post Posted: 06 November 2017 at 1:17pm
@sredna, 

thank you! solved.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.