CHAPTER 74. TASK MANAGER PRACTICAL JOKE (WINDOWS VISTA) CHAPTER 74. TASK MANAGER PRACTICAL JOKE (WINDOWS VISTA)
Figure 74.3:Hiew: patch itAnd it works! Of course, the data in the graphs is not correct. At times, Task Manager even shows an overall CPU load of
more than 100%.
Figure 74.4:Fooled Windows Task ManagerThe biggest number Task Manager is not crashes with is 64. Apparently, Task Manager in Windows Vista was not tested on
computers with a large number of cores. So there are probably some static data structures inside it limited to 64 cores.
74.1 Using LEA to load values.
Sometimes,LEAis used intaskmgr.exeinstead ofMOVto set the first argument ofNtQuerySystemInformation():
Listing 74.2: taskmgr.exe (Windows Vista)
xor r9d, r9d
div dword ptr [rsp+4C8h+WndClass.lpfnWndProc]
lea rdx, [rsp+4C8h+VersionInformation]
lea ecx, [r9+2] ; put 2 to ECX
mov r8d, 138h
mov ebx, eax
; ECX=SystemPerformanceInformation
call cs:__imp_NtQuerySystemInformation ; 2