how do I DeviceIoControl in C#

without importing from win32 dll-s or how do I communicate with a device with C# build in classes. Does C# has something like this ? classes for registering/unregistering a service, and communicating via IOCTL's thank you

B.Gabriel

how can I get the full process name in kernel, then one returned by the GetModuleFileName ? any ideas ? The EPROCESS structure has a member called ImageFileName but it is just the base name gabby

how can you determine if a certain process is a system process in kernel mode? the _ETHREAD structure has a field called SystemThread. I guest that if that field is TRUE then the certain thread is a system thread and if a process has all thread with than SystemThread set to true are system processes. I gues I was wrong. i tested that on the process called "sytem" and it had'n all threads system threads even though it is system process. there must be a way. how does the taskmanager do it ? and another thing how can you enumerate all threads of a process in kernel mode. Is there a way to get them from the _EPROCESS structure ? gabby

the hard way would be hooking ZwQueryDirectoryFile and restricting your diretories. :P I'm sure there is an easier way gabby

well you should do it with terminate process but when opening the process and obtaining the handle you should open it without inheritting from parrent. OpenProcess( DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId ); DediredAccess should be PROCESS_TERMINATE and bInheritHandle should be FALSE Then terminateprocess should do the job easily; gabby

dude shut the f*** up; i don't need you and people like you. you know the answer to my questio ? wanna tell me ? tell me! otherwise I don't need you gabby

returns !ERROR_SUCCESS . Man I am not working with the ddk. this is an user mode aplication so I can't get extended help. gabby

if you meant the values of and array in a txt file you can use the binary files to write the whole array in it but binary mode. f=fopen(fname,"bw"); fwrite(array,1,sizeof(int)*nr_of_items,f); fclose(f); but if you want the values to be readable you must convert them first to chars and then write them. char nr[10]; /*if array declared like this int array[100] or int *array*/ f=fopen(fname,"w+"); for (int i=0;i nr_of_items line the entries or something like this. have fun gabby

no that is the pb. HardDiskVolume1 -> c:\ HardDiskVolume2 -> d:\ etc . . . I saw somewhere something with _root_ but don t know exactly where and don t know exactly how :( gabby

hy can someone pls tell me what is the correct kernel path for a root directory like c:\ for a folder inside c:\ I use NtOpenFile with this parameter in the oject atritues structure \\Device\\HardDiskVolume1\\name.exe but if I want a handle to c:\ and if I use \\Device\\HardDiskVolume1 or \\Device\\HardDiskVolume1\\ does not work. can some one help me telling what is the correct path ? gabby

I get thiese 3 errors : error C2065: '_lpw' : undeclared identifier '_convert' : undeclared dentifier error C2065: '_acp' : undeclared dentifier the headers i included (from what I ve read about w2a) are AtlBase.h, AtlConv.h; I am doing a win 32 aplication not mfc by the way :( how should I not get the 3 errors ? gabby -- modified at 4:43 Wednesday 8th March, 2006

I am using NtQueryDirectoryFile function to enumerate all files in a certain folder instead of FindFirstFile and FindNextFile. I just want to see their names so I use this structure typedef struct _FILE_NAMES_INFORMATION { ULONG NextEntryOffset; ULONG Unknown; ULONG FileNameLength; WCHAR FileName[1]; } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; how do I translate the "FileName" parameter to an multibyte char or a readble char. I use WideCharToMultiByte(CP_ACP,0,n->FileName,n->FileNameLength,name,sizeof(name),NULL,NULL); but the name is not totally translated but only the first 4 or 5 characters. variable "name" being defined like this char *nume=(char *)malloc(n->FileNameLength); Can someone please help me with this. it is verry urgent thanks gabby -- modified at 21:20 Tuesday 7th March, 2006

Now that I've got youir atttention I would like to ask you a question So I want to enumerate the processes using NtQuerySystemInformation() native api. I load it from ntdll.dll i use the process structure below unlike the one documented by microsoft. but i've seen that others use it too. typedef struct _SYSTEM_PROCESS_INFORMATION { DWORD dNext; DWORD dThreadCount; DWORD dReserved01; DWORD dReserved02; DWORD dReserved03; DWORD dReserved04; DWORD dReserved05; DWORD dReserved06; QWORD qCreateTime; QWORD qUserTime; QWORD qKernelTime; UNICODE_STRING usName; DWORD BasePriority; DWORD dUniqueProcessId; DWORD dInheritedFromUniqueProcessId; DWORD dHandleCount; DWORD dReserved07; DWORD dReserved08; VM_COUNTERS VmCounters; DWORD dCommitCharge; SYSTEM_THREAD Threads[1]; } SYSTEM_PROCESS_INFORMATION; the thing is that when I call it I don't get any error code or null pointers but the structure's members are zeros. the dNext member is not zero but I can't obtain the next pointer for another system_process_information because i get the invalid pointer error when I try this: if (ProcessInfo->dNext!=0) ProcessInfo=(SYSTEM_PROCESS_INFORMATION_DEF *)((ULONG *)ProcessInfo+ProcessInfo->dNext); And I have another question. How much space should I allocate for the ProcessInfo structure i only allocate for one structure SYSTEM_PROCESS_INFORMATION *ProcessInfo=(SYSTEM_PROCESS_INFORMATION *)malloc(sizeof(SYSTEM_PROCESS_INFORMATION)); or I shouldn't allocate at all. I will obtain a pointer to the structure anyway ? here is the code I use: HMODULE ntHinst; ntHinst=LoadLibraryA(NTDLL); if (ntHinst==NULL) { MessageBoxA(GetDesktopWindow(),"Error loading ntdll\nThe program will now end","ERROR",MB_ICONSTOP); return 0; } _NtQuerySystemInformation=(NTQUERYSYSTEMINFORMATION)GetProcAddress(ntHinst,"NtQuerySystemInformation"); if(!_NtQuerySystemInformation) { MessageBoxA(GetDesktopWindow(),"Error obtaining function pointer\nThe program will now terminate","ERROR",MB_ICONSTOP); return 0; } SYSTEM_PROCESS_INFORMATION *ProcessInfo=(SYSTEM_PROCESS_INFORMATION *)malloc(sizeof(SYSTEM_PROCESS_INFORMATION); if (IsBadReadPtr(ProcessInfo,sizeof(SYSTEM_PROCESS_INFORMATION))||IsBadWritePtr(ProcessInfo,sizeof(SYSTEM_PROCESS_INFORMATION))) return 0; _NtQuerySystemInformation(SystemProcessInformation ,(PVOID)ProcessInfo,sizeof(SYSTEM_PROCESS_INFORMATION),&ret); if (ret==0) { MessageBoxA(GetDesktopWindow(),"Function Call Failed: NtQuerySystemInformation\nThe program will now termin

ShowWindow(GetDlgItem(hdlg,IDC_LIST1),SW_HIDE); gabby

So I want to enumerate the processes using NtQuerySystemInformation() native api. I load it from ntdll.dll i use the process structure below unlike the one documented by microsoft. but i've seen that others use it too. typedef struct _SYSTEM_PROCESS_INFORMATION { DWORD dNext; DWORD dThreadCount; DWORD dReserved01; DWORD dReserved02; DWORD dReserved03; DWORD dReserved04; DWORD dReserved05; DWORD dReserved06; QWORD qCreateTime; QWORD qUserTime; QWORD qKernelTime; UNICODE_STRING usName; DWORD BasePriority; DWORD dUniqueProcessId; DWORD dInheritedFromUniqueProcessId; DWORD dHandleCount; DWORD dReserved07; DWORD dReserved08; VM_COUNTERS VmCounters; DWORD dCommitCharge; SYSTEM_THREAD Threads[1]; } SYSTEM_PROCESS_INFORMATION; the thing is that when I call it I don't get any error code or null pointers but the structure's members are zeros. the dNext member is not zero but I can't obtain the next pointer for another system_process_information because i get the invalid pointer error when I try this: if (ProcessInfo->dNext!=0) ProcessInfo=(SYSTEM_PROCESS_INFORMATION_DEF *)((ULONG *)ProcessInfo+ProcessInfo->dNext); And I have another question. How much space should I allocate for the ProcessInfo structure i only allocate for one structure SYSTEM_PROCESS_INFORMATION *ProcessInfo=(SYSTEM_PROCESS_INFORMATION *)malloc(sizeof(SYSTEM_PROCESS_INFORMATION)); or I shouldn't allocate at all. I will obtain a pointer to the structure anyway ? here is the code I use: HMODULE ntHinst; ntHinst=LoadLibraryA(NTDLL); if (ntHinst==NULL) { MessageBoxA(GetDesktopWindow(),"Error loading ntdll\nThe program will now end","ERROR",MB_ICONSTOP); return 0; } _NtQuerySystemInformation=(NTQUERYSYSTEMINFORMATION)GetProcAddress(ntHinst,"NtQuerySystemInformation"); if(!_NtQuerySystemInformation) { MessageBoxA(GetDesktopWindow(),"Error obtaining function pointer\nThe program will now terminate","ERROR",MB_ICONSTOP); return 0; } SYSTEM_PROCESS_INFORMATION *ProcessInfo=(SYSTEM_PROCESS_INFORMATION *)malloc(sizeof(SYSTEM_PROCESS_INFORMATION); if (IsBadReadPtr(ProcessInfo,sizeof(SYSTEM_PROCESS_INFORMATION))||IsBadWritePtr(ProcessInfo,sizeof(SYSTEM_PROCESS_INFORMATION))) return 0; _NtQuerySystemInformation(SystemProcessInformation ,(PVOID)ProcessInfo,sizeof(SYSTEM_PROCESS_INFORMATION),&ret); if (ret==0) { MessageBoxA(GetDesktopWindow(),"Function Call Failed: NtQuerySystemInformation\nThe program will now terminate","ERROR",MB_ICONSTOP); return 0; } if(ProcessInfo==NULL) { Mes

So I want to enumerate the processes using NtQuerySystemInformation() native api. I load it from ntdll.dll i use the process structure below unlike the one documented by microsoft. but i've seen that others use it too. typedef struct _SYSTEM_PROCESS_INFORMATION { DWORD dNext; DWORD dThreadCount; DWORD dReserved01; DWORD dReserved02; DWORD dReserved03; DWORD dReserved04; DWORD dReserved05; DWORD dReserved06; QWORD qCreateTime; QWORD qUserTime; QWORD qKernelTime; UNICODE_STRING usName; DWORD BasePriority; DWORD dUniqueProcessId; DWORD dInheritedFromUniqueProcessId; DWORD dHandleCount; DWORD dReserved07; DWORD dReserved08; VM_COUNTERS VmCounters; DWORD dCommitCharge; SYSTEM_THREAD Threads[1]; } SYSTEM_PROCESS_INFORMATION; the thing is that when I call it I don't get any error code or null pointers but the structure's members are zeros. the dNext member is not zero but I can't obtain the next pointer for another system_process_information because i get the invalid pointer error when I try this: if (ProcessInfo->dNext!=0) ProcessInfo=(SYSTEM_PROCESS_INFORMATION_DEF *)((ULONG *)ProcessInfo+ProcessInfo->dNext); And I have another question. How much space should I allocate for the ProcessInfo structure i only allocate for one structure SYSTEM_PROCESS_INFORMATION *ProcessInfo=(SYSTEM_PROCESS_INFORMATION *)malloc(sizeof(SYSTEM_PROCESS_INFORMATION)); or I shouldn't allocate at all. I will obtain a pointer to the structure anyway ? here is the code I use: HMODULE ntHinst; ntHinst=LoadLibraryA(NTDLL); if (ntHinst==NULL) { MessageBoxA(GetDesktopWindow(),"Error loading ntdll\nThe program will now end","ERROR",MB_ICONSTOP); return 0; } _NtQuerySystemInformation=(NTQUERYSYSTEMINFORMATION)GetProcAddress(ntHinst,"NtQuerySystemInformation"); if(!_NtQuerySystemInformation) { MessageBoxA(GetDesktopWindow(),"Error obtaining function pointer\nThe program will now terminate","ERROR",MB_ICONSTOP); return 0; } SYSTEM_PROCESS_INFORMATION *ProcessInfo=(SYSTEM_PROCESS_INFORMATION *)malloc(sizeof(SYSTEM_PROCESS_INFORMATION); if (IsBadReadPtr(ProcessInfo,sizeof(SYSTEM_PROCESS_INFORMATION))||IsBadWritePtr(ProcessInfo,sizeof(SYSTEM_PROCESS_INFORMATION))) return 0; _NtQuerySystemInformation(SystemProcessInformation ,(PVOID)ProcessInfo,sizeof(SYSTEM_P

hello I have a problem using mapi. I want to send mail using the mapi functions I use MapiLogon(NULL,NULL,NULL, MAPI_NEW_SESSION, 0, &sessionHandle); like this then I get ready the Mesaje Mapi Structure then I use MapiSend(0,0,Message,0,0) and I get an error with don't send bla bla bla. Can some one tell me what steps am I missing ? gabby

ThatsAlok wrote:

euacela wrote: Hey man what is this a programming forum or a good manner forum. Good Manner are also part of Good programming...

I agree to that. I don't know who you are Mr Losinger's lawyer . . . But look at how this thing started I just asked a question and you started making fun of me. Is that good manner I don't but id this is how you do around here I have no need for this website gabby

if u use CreateFile() Specifiy the create dispozition paramater: OPEN_EXISTING; if the function return INVALID_HANDLE_VALUE then it does not exist or u can use GetLastError() and FormatMessage() to see the exact error returned :) hope this helps gabby

or use EnumProcesses(); OpenProcess(); EnumProcessModules() GetModuleFileName() gabby