@ -8,6 +8,79 @@ This project inherits VDM and uses GDRV by default but you can use whatever meth
The kernel module part of this project is used to generate the assembly to call kernel functions with over four parameters. VDM hook NtShutdownSystem and since NtShutdownSystem
The kernel module part of this project is used to generate the assembly to call kernel functions with over four parameters. VDM hook NtShutdownSystem and since NtShutdownSystem
only takes four parameters, some of the required functions cannot be called since the arguments are not copied from the usermode stack to the kernel stack in KiSystemCall...
only takes four parameters, some of the required functions cannot be called since the arguments are not copied from the usermode stack to the kernel stack in KiSystemCall...
```cpp
VOID KiSystemService(IN PKTHREAD Thread, IN PKTRAP_FRAME TrapFrame, IN ULONG Instruction)
The functions which need to be called that have more then four parameters are passed up inside of a structure in rcx and a pointer to the wide string path is passed up in rdx.
The functions which need to be called that have more then four parameters are passed up inside of a structure in rcx and a pointer to the wide string path is passed up in rdx.
For all intense and purposes you can ignore the kernel part of this...
For all intense and purposes you can ignore the kernel part of this...