Jump to content
Tuts 4 You
Sign in to follow this  
laonglaing

kernel32

Recommended Posts

laonglaing

Hi I was wondering if it is possible to emulate keyboard press and mouse click using kernel32.dll ? instead of using user32.dll import.

Share this post


Link to post
A200K

This is User32.SendInput of win10 x64 in IDA:

Quote

.text:0000000180033120 ; UINT __stdcall NtUserSendInput(UINT cInputs, LPINPUT pInputs, int cbSize)
.text:0000000180033120                 public NtUserSendInput
.text:0000000180033120 NtUserSendInput proc near               ; CODE XREF: mouse_event+39p
.text:0000000180033120                                         ; keybd_event+39p
.text:0000000180033120                                         ; DATA XREF: ...
.text:0000000180033120                 mov     r10, rcx
.text:0000000180033123                 mov     eax, 1084h
.text:0000000180033128                 test    byte ptr ds:7FFE0308h, 1
.text:0000000180033130                 jnz     short loc_180033135
.text:0000000180033132                 syscall
.text:0000000180033134                 retn
.text:0000000180033135 ; ---------------------------------------------------------------------------
.text:0000000180033135
.text:0000000180033135 loc_180033135:                          ; CODE XREF: NtUserSendInput+10j
.text:0000000180033135                 int     2Eh             ; DOS 2+ internal - EXECUTE COMMAND
.text:0000000180033135                                         ; DS:SI -> counted CR-terminated command string
.text:0000000180033137                 retn
.text:0000000180033137 NtUserSendInput endp

It does a direct syscall, if you want, you can do this syscall yourself and don't depend on dlls, however, I didn't see any method in kernel32 to do this.

Share this post


Link to post
cob_258

@A200K in this case he has to update the "mov eax,cost" for each machine because it's not always the same in different OS/Build

Edited by cob_258 (see edit history)

Share this post


Link to post
laonglaing

so in other words? no way to do keyboard emulation using kernel32?
actually i am working on my c# application to work in kernel mode. and was thinking to use kernel32.dll

you guys got other choice or option? 

Share this post


Link to post
h4sh3m

Hi

Easiest way is using LoadLibraryA/W, GetProcAddress ...

but I have no idea .Net can run in kernel mode or not !!!

 

Best Regards,

h4sh3m

Share this post


Link to post
laonglaing

yep if not in .net c++ maybe? or.. hmmm... got no idea here where to start.

 

Share this post


Link to post
A200K
6 hours ago, laonglaing said:

so in other words? no way to do keyboard emulation using kernel32?
actually i am working on my c# application to work in kernel mode. and was thinking to use kernel32.dll

you guys got other choice or option? 

Wtf.

Using user32 or kernel32 won't decide whether you are in kernel mode or not. lol.

C# won't make sense in kernel mode anyways, as you won't be able to access all your user mode apis used by the .net framework. That's why you use C and the windows driver sdk for low-level programming like kernel mode drivers.

 

I guess, if you really want to be in kernel mode, you should learn more about windows kernel driver programming.

Share this post


Link to post
evlncrn8

i hope he didnt run around school going 'yay im a kernel mode hax0r using c#'...

kernel mode != kernel32 ... sigh..

Share this post


Link to post
laonglaing
On 5/21/2016 at 4:46 PM, A200K said:

Wtf.

Using user32 or kernel32 won't decide whether you are in kernel mode or not. lol.

C# won't make sense in kernel mode anyways, as you won't be able to access all your user mode apis used by the .net framework. That's why you use C and the windows driver sdk for low-level programming like kernel mode drivers.

 

I guess, if you really want to be in kernel mode, you should learn more about windows kernel driver programming.

gotcha. thanks for confirming this. someone told that they are the same. so i should re write my program into C.
any idea or guide regarding kernel driver programming? or atleast a sample project that i can study.

Share this post


Link to post
A200K
2 hours ago, laonglaing said:

gotcha. thanks for confirming this. someone told that they are the same. so i should re write my program into C.
any idea or guide regarding kernel driver programming? or atleast a sample project that i can study.

 

Microsoft released a few driver samples here:

https://github.com/Microsoft/Windows-driver-samples

MSDN is your friend as well :)

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...