Page 232 of 299
Re: lekt player
Posted: Mon Mar 30, 2015 8:13 am
by jesuscheung
lekt wrote:v3.23.1 256 mincore not better, need learn more about api library, now back to kernel32.
uploaded:
lekt.exe v3.24 256 noreg
lekt.exe v3.24.1 256
lekt.exe v3.24.2 256 nop
noreg have good balance, but nop more soft and thin. try compare.
cannot tell which is better hehe
seems to prefer 3.24.1 256. notes go up and down more. e.g. aerosmith dream on
Re: lekt player
Posted: Tue Mar 31, 2015 5:53 am
by lekt
yes, SQ not improved. need use new method for coding and render loop.
im learning API .dll files, something have found out, very interesting, JC. now few functions can bypass kernel32.dll, KernelBase.dll, ntdll.dll,... think better in next versions.
Re: lekt player
Posted: Tue Mar 31, 2015 12:02 pm
by sbgk
lekt wrote:yes, SQ not improved. need use new method for coding and render loop.
im learning API .dll files, something have found out, very interesting, JC. now few functions can bypass kernel32.dll, KernelBase.dll, ntdll.dll,... think better in next versions.
How do you go about bypassing ntdll.dll functions ?
Re: lekt player
Posted: Tue Mar 31, 2015 1:37 pm
by lekt
sbgk wrote:lekt wrote:yes, SQ not improved. need use new method for coding and render loop.
im learning API .dll files, something have found out, very interesting, JC. now few functions can bypass kernel32.dll, KernelBase.dll, ntdll.dll,... think better in next versions.
How do you go about bypassing ntdll.dll functions ?
has done 4 functions (1 important function in render loop), use system call, very good. try disassemler these api .dll, many things in KernelBase.dll.
in ntdll.dll have only code number of syscall, need learn syntax for parameters from KernelBase.dll. google also can not help, must be accurate learn instructions.
im very happy coz that's first time i can bypass this ntdll.dll.
Re: lekt player
Posted: Tue Mar 31, 2015 6:16 pm
by sbgk
lekt wrote:sbgk wrote:lekt wrote:yes, SQ not improved. need use new method for coding and render loop.
im learning API .dll files, something have found out, very interesting, JC. now few functions can bypass kernel32.dll, KernelBase.dll, ntdll.dll,... think better in next versions.
How do you go about bypassing ntdll.dll functions ?
has done 4 functions (1 important function in render loop), use system call, very good. try disassemler these api .dll, many things in KernelBase.dll.
in ntdll.dll have only code number of syscall, need learn syntax for parameters from KernelBase.dll. google also can not help, must be accurate learn instructions.
im very happy coz that's first time i ... ernel.html
so it's basically populating registers with the parameters and then calling syscall with the correct code for the instruction.
Re: lekt player
Posted: Wed Apr 01, 2015 1:06 pm
by lekt
i use IDA, but think ollydbg better, will try. search by google but not found correct code for syscall. get calling interface from kernelbase.dll and MSDN, tried many functions with correct code but don't know why they don't work, still now has done only 5 functions. if you need NtWaitForSingleObject then i can share to you:
;NtWaitForSingleObject(pHandle, dwAlertable, pTimeout);
mov r10, rcx ; pHandle
xor edx, edx ; FALSE: The alert cannot be delivered
xor r8d, r8d ; Time-out interval, in microseconds. NULL means infinite
mov eax, 2h ; code number
syscall
2h is code number of this function for win8, WS2012. maybe win8.1 use different number, you can get it from ntdll.dll of win8.1.
if it works for you then SQ will be much better coz it run in render loop. it's very important function.
can not find audio core functions in MMDevAPI.dll, AudioSes.dll, very complex code. need learn GetBuffer and ReleaseBuffer, interesting what things in these dll.
Re: lekt player
Posted: Wed Apr 01, 2015 1:28 pm
by sbgk
Thanks, shall give it a go.
the code I currently use is
move rcx, pHandle
xor edx, edx ; FALSE: The alert cannot be delivered
xor r8d, r8d ; Time-out interval, in microseconds. NULL means infinite
call NtWaitForSingleObject
ntdeviceiocontrolfile has a lot more parameters, so will be interesting if I can get that working.
Re: lekt player
Posted: Thu Apr 02, 2015 9:20 pm
by sbgk
wow, finally got it working for waitforsingleobject, what a difference.
I'm using win 10 and the syscall is 851972, would you believe.
Now if I can get deviceiocontrolfile working.
thanks for your help.
Re: lekt player
Posted: Thu Apr 02, 2015 10:37 pm
by lekt
uploaded:
lekt.exe v3.25 256 sys
lekt.exe v3.25 256 sys2
replaced 5 api functions with syscall (system calling, level 0, bypass windows API), works in my win8.
not sure they work for win8.1 and ws2012 or not. try them.
Re: lekt player
Posted: Thu Apr 02, 2015 11:00 pm
by lekt
sbgk wrote:wow, finally got it working for waitforsingleobject, what a difference.
I'm using win 10 and the syscall is 851972, would you believe.
Now if I can get deviceiocontrolfile working.
thanks for your help.
enjoy it!
i use onboard laptop sound card, so can't test deviceiocontrolfile with KS, can you upload dll file set of win10, will learn something from it. many api functions on my win8 don't work when i use syscall, hmm...
Try NtCreateFile, NtReadFile,... maybe work for you on win10.