From: Vodicka, Michal [mvodicka@rkk.cz] Sent: Friday, April 27, 2001 5:17 PM To: NT Developers Interest List Subject: [ntdev] Re: Very early module load Similar idea without patching: rename ntoskrnl.exe and create a thin wrapper named ntoskrnl.exe with the same export table. All exports would call original functions in renamed ntoskrnl. Such a wrapper can be generated during your software install (we used this way when needed to hook some OS code). Wrapper would call your code when necessary. You can even avoid renaming and use /kernel= boot.ini option to load the wrapper. Best regards, Michal Vodicka Veridicom (RKK - Skytale) [WWW: http://www.veridicom.com , http://www.skytale.com] > ---------- > From: Dan Partelly[SMTP:danp@jb.rdsor.ro] > Reply To: NT Developers Interest List > Sent: Friday, April 27, 2001 7:41 PM > To: NT Developers Interest List > Subject: [ntdev] Re: Very early module load > > Thank you very much for you ideea , I apreciate it , but as I said --- > patching is not an option. > > ----- Original Message ----- > From: Satish > To: NT Developers Interest List > Sent: Friday, April 27, 2001 3:04 PM > Subject: [ntdev] Re: Very early module load > > Ur code no need to change for every build. Just Get the entry point > by reading the header of PE and patch ur code. The only condition is u > have to patch System File. > > Regards, > Satish K.S > > > -----Original Message----- > From: bounce-ntdev-5072@lists.osr.com [ > mailto:bounce-ntdev-5072@lists.osr.com]On Behalf Of danp > Sent: Friday, April 27, 2001 5:20 AM > To: NT Developers Interest List > Subject: [ntdev] Re: Very early module load > > > It is not an option. First , permanently patching a > OS system file is unprofesional. Second , I need my code fully relocatable > and to export an API trough standard PE export mechanism. > Third , II dont really wana adapt my code to every > new build of ntoskrnl. > > ----- Original Message ----- > From: Satish > To: NT Developers Interest List > Sent: Friday, April 27, 2001 11:51 AM > Subject: [ntdev] Re: Very early module load > > Patch ur code into PE file. Then Update PE-File > Entry point in Header to point to ur Code. U will get control first then > return to original code. > > Regards, > Satish K.S > > ----- Original Message ----- > From: danp > To: NT Developers Interest List > Sent: Friday, April 27, 2001 1:56 PM > Subject: [ntdev] Very early module load > > > Hi ppl > > Im looking to insert a PE module into system address > space before any other OS modules , and execute it's entry point. The main > requirment is that the entry point of my module is executed before > NtMain() from ntoskrnl. Any ideeas are apreciated. > > > Best regards , Dan > > > --- > You are currently subscribed to ntdev as: > kssatish@aalayance.com > To unsubscribe send a blank email to > leave-ntdev-247T@lists.osr.com > > --- > You are currently subscribed to ntdev as: > danp@jb.rdsor.ro > To unsubscribe send a blank email to > leave-ntdev-247T@lists.osr.com > > --- > You are currently subscribed to ntdev as: > mroddy@tellink.net > To unsubscribe send a blank email to > leave-ntdev-247T@lists.osr.com > > --- > You are currently subscribed to ntdev as: > kssatish@aalayance.com > To unsubscribe send a blank email to > leave-ntdev-247T@lists.osr.com > > --- > You are currently subscribed to ntdev as: danp@jb.rdsor.ro > To unsubscribe send a blank email to leave-ntdev-247T@lists.osr.com > > --- > You are currently subscribed to ntdev as: MVodicka@rkk.cz > To unsubscribe send a blank email to leave-ntdev-247T@lists.osr.com > --- You are currently subscribed to ntdev as: GlennEverhart@FirstUSA.com To unsubscribe send a blank email to leave-ntdev-247T@lists.osr.com