euacela wrote: without importing from win32 dll-s Use DeviceIoControl without using Win32?? Impossible. You have no choice but to import the function calls. euacela wrote: how do I communicate with a device with C# build in classes. That depends entirely on the device in question, but if it's not connected to a Serial Port, you don't. There are no classes native to the .NET Framework that deal with device communication, like USB, PCI, low level disk/volume work, ... euacela wrote: classes for registering/unregistering a service Yes, this is built into the .NET BCL. I believe it's the ServiceInstaller[^] class in the System.ServiceProcess namespace. euacela wrote: communicating via IOCTL's No, this is NOT in the .NET BCL. A guide to posting questions on CodeProject[^] Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic      2006, 2007

Hi euacela I saw your answer in example's MSDN that enumerate threads of a process and detail process's

You can get more information about the error by checking status information returned in IoStatusBlock. "Let us be thankful for the fools. But for them the rest of us could not succeed." - Mark Twain "There is no death, only a change of worlds." - Native American Proverb

You have the right idea here - if you are going to be looping, you might want to stay away from the ATL conversion macros if you are using VC++ 6.0 - those macros dynamically allocate from the stack and you can quickly blow the stack if looping over a good amount of files. euacela wrote: WideCharToMultiByte(CP_ACP,0,n->FileName,n->FileNameLength,name,sizeof(name),NULL,NULL); If name is a pointer (and it looks like it is), you cannot use sizeof(...) on it to determine the size of what it points to.  Try: ULONG ulFNLen = n -> FileNameLength; char *pcFileName = new char[ ulFNLen + 1 ]; // // Handle Error If pcFileName Is NULL... // ::WideCharToMultiByte( CP_THREAD_ACP, WC_SEPCHARS, n -> FileName,         ulFNLen, pcFileName, ulFNLen, NULL, NULL ); pcFileName[ ulFNLen ] = '\0'; // Paranoid Terminate The FileName // // Use pcFileName... // delete [] pcFileName; Your malloc(...) example is incorrect, because it does not include space for a terminating NUL character.    Peace! -=- James If you think it costs a lot to do it right, just wait until you find out how much it costs to do it wrong! Avoid driving a vehicle taller than you and remember that Professional Driver on Closed Course does not mean your Dumb Ass on a Public Road! DeleteFXPFiles & CheckFavorites (Please rate this post!)

euacela wrote: dude shut the f*** up; calm down buddy..... ok i will not come in your way!

euacela wrote: this is how you do around here I have no need for this website Ok Ok calm Down... I am sorry.. you are right I am not Chris lawyer nor admin here neither I am making fun of you... .. But remember one thing for this ego you going to pay in future... "Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David Crow cheers, Alok Gupta VC Forum Q&A :- I/ IV

I know that I can make a driver and use deviceiocontrol and get the handle out but just tell me the function. The EPROCESS structure doesn't have a member for the handle. I know about this function NTSYSAPI NTSTATUS NTAPI PsLookupProcessByProcessId (     IN ULONG        ProcessId,     OUT PEPROCESS       *Process ); and this is all I know about eprocess typedef struct _EPROCESS {     KPROCESS            Pcb;     EX_PUSH_LOCK        ProcessLock;     ...     UCHAR               ImageFileName[16];     ...     UCHAR               PriorityClass;     BOOLEAN             WorkingSetAcquiredUnsafe; } EPROCESS, *PEPROCESS; is KPROCESS the process HANDLE and if it is what ACCESS does it have, i supose PROCESS_ALL_ACCESS right ??/ gabby

It is definitly not. The code you are using may not even create a pointer to valid memory. Read the "SymFunctionTableAccess64" page in MSDN and you will see that IMAGE_FUNCTION_ENTRY is not used on x86 (Intel + AMD) platforms. Don't try it, just do it! ;-)

hope this is good #include "stdafx.h" #include #include #include #include #pragma comment (lib,"psapi.lib") LPCTSTR GetDriverFromFilePath(LPTSTR FilePath, LPTSTR DriverName); LPCTSTR ErrorMessage(DWORD ErrorId); typedef struct _ActivateInfo { BOOLEAN bActivate; } ACTIVATE_INFO, *PACTIVATE_INFO; typedef struct _CallbackInfo { HANDLE hParentId; HANDLE hProcessId; BOOLEAN bCreate; }CALLBACK_INFO, *PCALLBACK_INFO; DWORD WINAPI Opreste(LPVOID pParam); HANDLE kmev; bool out; #define FILE_DEVICE_UNKNOWN 0x00000022 #define IOCTL_UNKNOWN_BASE FILE_DEVICE_UNKNOWN #define IOCTL_PROCOBSRV_ACTIVATE_MONITORING \ CTL_CODE(IOCTL_UNKNOWN_BASE, 0x0800, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) #define IOCTL_PROCOBSRV_GET_PROCINFO \ CTL_CODE(IOCTL_UNKNOWN_BASE, 0x0801, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) /********************************************************* * Main Function Entry * *********************************************************/ int _cdecl main(void) { WIN32_FIND_DATA fd; SC_HANDLE hSCManager; SC_HANDLE hService; FindFirstFile("*.sys",&fd); char path[1024]; GetModuleFileName(0,path,sizeof(path)); MessageBox(0,ErrorMessage(GetLastError()),"GetModuleFileName",MB_ICONINFORMATION); char DriverName[1024]; strcpy(DriverName,GetDriverFromFilePath(path,fd.cFileName)); hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); MessageBox(0,ErrorMessage(GetLastError()),"OpenSCManager",MB_ICONINFORMATION); printf("Load Driver\n"); if(hSCManager!=NULL) { printf("Create Service\n"); hService = CreateService(hSCManager,fd.cFileName,fd.cFileName,SERVICE_ALL_ACCESS,SERVICE_KERNEL_DRIVER,SERVICE_DEMAND_START,SERVICE_ERROR_NORMAL,DriverName,NULL,NULL,NULL,NULL,NULL); MessageBox(0,ErrorMessage(GetLastError()),"CreateService",MB_ICONINFORMATION); if (hService==NULL) hService=OpenService(hSCManager, fd.cFileName,SERVICE_ALL_ACCESS); MessageBox(0,ErrorMessage(GetLastError()),"OpenService",MB_ICONINFORMATION); printf("Start Service\n"); if(StartService(hService, 0, NULL)==0) { MessageBox(0,ErrorMessage(GetLastError()),"Start Service",MB_ICONINFORMATION); DeleteService(hService); CloseServiceHandle(hService); } else { SERVICE_STATUS ss; while (1) { QueryServiceStatus(hService,&ss); if (ss.dwCurrentState!=SERVICE_RUNNIN

This is how its done. Its a code chunk out of an ndis driver but its the same as what you wil want: OBJECT_ATTRIBUTES ObjectAttributes; IO_STATUS_BLOCK IoStatusBlock; UNICODE_STRING ObjectName; RtlInitUnicodeString(&ObjectName, L"\\DosDevices\\C:\\R_NDIS.txt"); InitializeObjectAttributes(&ObjectAttributes, &ObjectName, OBJ_CASE_INSENSITIVE, NULL, NULL); Status = ZwCreateFile( &hfile, GENERIC_WRITE, &ObjectAttributes, &IoStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OVERWRITE_IF, FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_ALERT, NULL, 0); if(IoStatusBlock.Status != STATUS_SUCCESS) { DBGPRINT(ERROR, ("Couldn't create file\n")); } else { /// write data... Nunc est bibendum!

Unless a page actually references the .mdb file by name, a search engine won't find it. "Ideas are a dime a dozen. People who put them into action are priceless." - Unknown