laonglaing Posted May 20, 2016 Share Posted May 20, 2016 Hi I was wondering if it is possible to emulate keyboard press and mouse click using kernel32.dll ? instead of using user32.dll import. Link to comment
A200K Posted May 20, 2016 Share Posted May 20, 2016 This is User32.SendInput of win10 x64 in IDA: Quote .text:0000000180033120 ; UINT __stdcall NtUserSendInput(UINT cInputs, LPINPUT pInputs, int cbSize) .text:0000000180033120 public NtUserSendInput .text:0000000180033120 NtUserSendInput proc near ; CODE XREF: mouse_event+39p .text:0000000180033120 ; keybd_event+39p .text:0000000180033120 ; DATA XREF: ... .text:0000000180033120 mov r10, rcx .text:0000000180033123 mov eax, 1084h .text:0000000180033128 test byte ptr ds:7FFE0308h, 1 .text:0000000180033130 jnz short loc_180033135 .text:0000000180033132 syscall .text:0000000180033134 retn .text:0000000180033135 ; --------------------------------------------------------------------------- .text:0000000180033135 .text:0000000180033135 loc_180033135: ; CODE XREF: NtUserSendInput+10j .text:0000000180033135 int 2Eh ; DOS 2+ internal - EXECUTE COMMAND .text:0000000180033135 ; DS:SI -> counted CR-terminated command string .text:0000000180033137 retn .text:0000000180033137 NtUserSendInput endp It does a direct syscall, if you want, you can do this syscall yourself and don't depend on dlls, however, I didn't see any method in kernel32 to do this. Link to comment
cob_258 Posted May 20, 2016 Share Posted May 20, 2016 (edited) @A200K in this case he has to update the "mov eax,cost" for each machine because it's not always the same in different OS/Build Edited May 20, 2016 by cob_258 Link to comment
laonglaing Posted May 21, 2016 Author Share Posted May 21, 2016 so in other words? no way to do keyboard emulation using kernel32? actually i am working on my c# application to work in kernel mode. and was thinking to use kernel32.dll you guys got other choice or option? Link to comment
h4sh3m Posted May 21, 2016 Share Posted May 21, 2016 Hi Easiest way is using LoadLibraryA/W, GetProcAddress ... but I have no idea .Net can run in kernel mode or not !!! Best Regards, h4sh3m Link to comment
laonglaing Posted May 21, 2016 Author Share Posted May 21, 2016 yep if not in .net c++ maybe? or.. hmmm... got no idea here where to start. Link to comment
A200K Posted May 21, 2016 Share Posted May 21, 2016 6 hours ago, laonglaing said: so in other words? no way to do keyboard emulation using kernel32? actually i am working on my c# application to work in kernel mode. and was thinking to use kernel32.dll you guys got other choice or option? Wtf. Using user32 or kernel32 won't decide whether you are in kernel mode or not. lol. C# won't make sense in kernel mode anyways, as you won't be able to access all your user mode apis used by the .net framework. That's why you use C and the windows driver sdk for low-level programming like kernel mode drivers. I guess, if you really want to be in kernel mode, you should learn more about windows kernel driver programming. Link to comment
evlncrn8 Posted May 22, 2016 Share Posted May 22, 2016 i hope he didnt run around school going 'yay im a kernel mode hax0r using c#'... kernel mode != kernel32 ... sigh.. Link to comment
laonglaing Posted May 23, 2016 Author Share Posted May 23, 2016 On 5/21/2016 at 4:46 PM, A200K said: Wtf. Using user32 or kernel32 won't decide whether you are in kernel mode or not. lol. C# won't make sense in kernel mode anyways, as you won't be able to access all your user mode apis used by the .net framework. That's why you use C and the windows driver sdk for low-level programming like kernel mode drivers. I guess, if you really want to be in kernel mode, you should learn more about windows kernel driver programming. gotcha. thanks for confirming this. someone told that they are the same. so i should re write my program into C. any idea or guide regarding kernel driver programming? or atleast a sample project that i can study. Link to comment
A200K Posted May 23, 2016 Share Posted May 23, 2016 2 hours ago, laonglaing said: gotcha. thanks for confirming this. someone told that they are the same. so i should re write my program into C. any idea or guide regarding kernel driver programming? or atleast a sample project that i can study. Microsoft released a few driver samples here: https://github.com/Microsoft/Windows-driver-samples MSDN is your friend as well Link to comment
laonglaing Posted May 26, 2016 Author Share Posted May 26, 2016 On 5/23/2016 at 11:50 PM, A200K said: Microsoft released a few driver samples here: https://github.com/Microsoft/Windows-driver-samples MSDN is your friend as well thanks mate! Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now