Sign in to follow this  
psr100

Untitled

Recommended Posts

Hi, I am writing device driver in Windows. I want to use the following function. struct _EPROCESS* STDCALL IoGetCurrentProcess ( VOID ); But I can not find _EPROCESS definition anywhere. Is it not exported? If not, How can we use IoGetCurrentProcess ? Srinivas

Share this post


Link to post
Share on other sites
If you checked the MSDN link I provided, you see the documented return value of your function is PEPROCESS. So use that and never use _EPROCESS.

_EPROCESS is probably not documented, I wouldn't trust any structure name beginning with an underscore either. I'm not sure about that one, but it may be a naming convention for internal structure representations or something along those lines. So only stick with what you see in the docs (PEPROCESS that is).

Share this post


Link to post
Share on other sites
If it's not documented, then maybe they don't want you to play with the structure fieds. The reason is probably that the underlying structure depends on the Windows version. There are some functions that allow you to get some informations out from this pointer. For example, PsGetProcessId() (which also states The EPROCESS-typed process object structure is an opaque data structure that the operating system uses internally BTW).

What do you want to get from this EPROCESS structure?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this