hi guys i have small issue here, sorry to bother. but documentation seems is wrong.
it seem in windows internals 5th edition from what i read that in windows 7 x64 it says:
in x64 a system service RVA is 32 bits (not including the lower 4 bits, so bitwise AND 0xFFFFFFF0)
so with symbols we go
kd > db KiServiceTable
fffff800`026e0900 040ff800 2f5a700 etc etc
Now I take for example NtMapUserPhysicalPagesScatter which has a syscall index of 0h on my windows build.
then according to documentation, fffff800`026e0900+(040ff800 & 0xFFFFFFF0) but this takes me to unusable memory.
I have tried with other indices as well but all seems same.
Is documenation wrong or am I just foolish?
it seem in windows internals 5th edition from what i read that in windows 7 x64 it says:
in x64 a system service RVA is 32 bits (not including the lower 4 bits, so bitwise AND 0xFFFFFFF0)
so with symbols we go
kd > db KiServiceTable
fffff800`026e0900 040ff800 2f5a700 etc etc
Now I take for example NtMapUserPhysicalPagesScatter which has a syscall index of 0h on my windows build.
then according to documentation, fffff800`026e0900+(040ff800 & 0xFFFFFFF0) but this takes me to unusable memory.
I have tried with other indices as well but all seems same.
Is documenation wrong or am I just foolish?
