Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Gets the address of the function that's used for the OS-supported return address hijacking. When user-mode wants to perform such a hijack, it overwrites a return address on the stack with said address.
Syntax
ULONG_PTR
RtlGetReturnAddressHijackTarget (
VOID
)
Parameters
None.
Return value
The address that's used to perform an OS-supported return address hijack.
Remarks
This function has no associated import library or header file; you must call it using the LoadLibrary and GetProcAddress functions.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 10 Build 19041 |
| DLL | Ntdll.dll |
See also