RtlGetReturnAddressHijackTarget - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTRTL_H
#if (PHNT_VERSION >= PHNT_WINDOWS_10_20H1)

NTSYSAPI
ULONG_PTR
NTAPI
RtlGetReturnAddressHijackTarget(
    VOID
    );

#endif
#endif

View code on GitHub
ULONG_PTR
RtlGetReturnAddressHijackTarget (
    VOID
)
View the official Win32 development documentation

NtDoc

No description available.

Edit description on GitHub

Win32 development documentation (rtlgetreturnaddresshijacktarget)

RtlGetReturnAddressHijackTarget function

Gets the address of the function that's used for the OS-supported return address hijacking. When user-mode wants to perform such a hijack, it overwrites a return address on the stack with said address.

Parameters

None.

Return value

The address that's used to perform an OS-supported return address hijack.

Remarks

This function has no associated import library or header file; you must call it using the LoadLibrary and GetProcAddress functions.

Requirements

Requirement Value
Minimum supported client Windows 10 Build 19041
DLL Ntdll.dll

See also

View the official Win32 development documentation

Edit description on GitHub