Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
  1. Home
  2. General Programming
  3. C / C++ / MFC
  4. problem calling NtQuerySystemInformation

problem calling NtQuerySystemInformation

Scheduled Pinned Locked Moved C / C++ / MFC
helpquestionc++json
1 Posts 1 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G Offline
    G Offline
    gamitech
    wrote on last edited by
    #1

    So I want to enumerate the processes using NtQuerySystemInformation() native api. I load it from ntdll.dll i use the process structure below unlike the one documented by microsoft. but i've seen that others use it too. typedef struct _SYSTEM_PROCESS_INFORMATION { DWORD dNext; DWORD dThreadCount; DWORD dReserved01; DWORD dReserved02; DWORD dReserved03; DWORD dReserved04; DWORD dReserved05; DWORD dReserved06; QWORD qCreateTime; QWORD qUserTime; QWORD qKernelTime; UNICODE_STRING usName; DWORD BasePriority; DWORD dUniqueProcessId; DWORD dInheritedFromUniqueProcessId; DWORD dHandleCount; DWORD dReserved07; DWORD dReserved08; VM_COUNTERS VmCounters; DWORD dCommitCharge; SYSTEM_THREAD Threads[1]; } SYSTEM_PROCESS_INFORMATION; the thing is that when I call it I don't get any error code or null pointers but the structure's members are zeros. the dNext member is not zero but I can't obtain the next pointer for another system_process_information because i get the invalid pointer error when I try this: if (ProcessInfo->dNext!=0) ProcessInfo=(SYSTEM_PROCESS_INFORMATION_DEF *)((ULONG *)ProcessInfo+ProcessInfo->dNext); And I have another question. How much space should I allocate for the ProcessInfo structure i only allocate for one structure SYSTEM_PROCESS_INFORMATION *ProcessInfo=(SYSTEM_PROCESS_INFORMATION *)malloc(sizeof(SYSTEM_PROCESS_INFORMATION)); or I shouldn't allocate at all. I will obtain a pointer to the structure anyway ? here is the code I use: HMODULE ntHinst; ntHinst=LoadLibraryA(NTDLL); if (ntHinst==NULL) { MessageBoxA(GetDesktopWindow(),"Error loading ntdll\nThe program will now end","ERROR",MB_ICONSTOP); return 0; } _NtQuerySystemInformation=(NTQUERYSYSTEMINFORMATION)GetProcAddress(ntHinst,"NtQuerySystemInformation"); if(!_NtQuerySystemInformation) { MessageBoxA(GetDesktopWindow(),"Error obtaining function pointer\nThe program will now terminate","ERROR",MB_ICONSTOP); return 0; } SYSTEM_PROCESS_INFORMATION *ProcessInfo=(SYSTEM_PROCESS_INFORMATION *)malloc(sizeof(SYSTEM_PROCESS_INFORMATION); if (IsBadReadPtr(ProcessInfo,sizeof(SYSTEM_PROCESS_INFORMATION))||IsBadWritePtr(ProcessInfo,sizeof(SYSTEM_PROCESS_INFORMATION))) return 0; _NtQuerySystemInformation(SystemProcessInformation ,(PVOID)ProcessInfo,sizeof(SYSTEM_P

    1 Reply Last reply
    0
    Reply
    • Reply as topic
    Log in to reply
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes

    • Login
    • Don't have an account? Register
    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • World
    • Users
    • Groups