16 Mar
2020
16 Mar
'20
1:21 p.m.
On 3/16/20 4:05 PM, Gabriel Ivăncescu wrote:
I'm introducing an exported internal ntdll function, since I didn't want to duplicate the table for kernelbase. I don't know if this is the best way, so let me know if I should proceed differently.
I think custom export is unnecessary in this case. You only need a public ntdll call that returns unaltered version, that you can later clamp to Windows 8.1, unless manifest version is specified. Is RtlGetVersion() itself affected by manifest?
Same for patch 4/4.
P.S. another question is if PEB fields are left intact.