[myid]

I want to get SHADOW SSDT functions information(ID and NAME) in WIN8 X64.
How can i do this?

[kmd]

Code: Select all

ln win32k!W32pServiceTable + ((poi(win32k!W32pServiceTable + 4 * (syscalln-1000)) & 0x00000000`ffffffff) >> 4) - 10000000