ok so i am currently using ntqueryinformation function from the windows api. My problem is the 2nd parameter for this function is accepts a value from the PROCESSINFOCLASS enumeration. Problem is...in the enumeration in my windows header file does not have an enumeration value i want to use which is documented on msdn site....for example
on msdn it says i can pass the enumeration "ProcessDebugPort" value in parameter 2.
well it's undefined in my header because my header for this enumeration looks like this
typedef enum _PROCESSINFOCLASS {
ProcessBasicInformation = 0,
ProcessWow64Information = 26
} PROCESSINFOCLASS;
if i wanna fix this problem is it just as simple as changing the enumeration to look like this?
typedef enum _PROCESSINFOCLASS {
ProcessBasicInformation = 0,
ProcessDebugPort = 7,
ProcessWow64Information = 26
} PROCESSINFOCLASS;
/////////////////////////////////////////
this is the function prototype i am using in the windows api
/////////////////////////////////////////
NTSTATUS WINAPI NtQueryInformationProcess(
__in HANDLE ProcessHandle,
__in PROCESSINFOCLASS ProcessInformationClass,
__out PVOID ProcessInformation,
__in ULONG ProcessInformationLength,
__out_opt PULONG ReturnLength
);
win32 question!
I've never used this function so I may be wrong. Regarding the ProcessDebugPort, MSDN also says this:
Can you use those two instead?
CheckRemoteDebuggerPresent and IsDebuggerPresent
Quote:
It is best to use the CheckRemoteDebuggerPresent or IsDebuggerPresent function.
Can you use those two instead?
CheckRemoteDebuggerPresent and IsDebuggerPresent
Author
looking to not use that function :). but my question is still unawnsered anyway else know?
Is there any reason you do not want to use those functions? MSDN says they are the correct ones to use since NtQueryInformationProcess is unsupported and subject to change
Do you have the latest version of the Windows SDK?
http://msdn.microsoft.com/en-us/windows/bb980924.aspx
http://msdn.microsoft.com/en-us/windows/bb980924.aspx
Your question isn't about Win32 so much as it's about NT Native.
Note that the usual method of using functions exported from ntdll.dll involves using GetModuleHandle and GetProcAddress to supply an address to assign to a function pointer.
PROCESSINFOCLASS is sometimes named as PROCESS_INFORMATION_CLASS.
The definition of that enum is more likely found in the DDK than the SDK. This is from Gary Nebbet (Windows NT Native API).
Note that the usual method of using functions exported from ntdll.dll involves using GetModuleHandle and GetProcAddress to supply an address to assign to a function pointer.
PROCESSINFOCLASS is sometimes named as PROCESS_INFORMATION_CLASS.
The definition of that enum is more likely found in the DDK than the SDK. This is from Gary Nebbet (Windows NT Native API).
typedef enum _PROCESSINFOCLASS { // ## Query SetProcessBasicInformation, // 0 Y NProcessQuotaLimits, // 1 Y YProcessIoCounters, // 2 Y NProcessVmCounters, // 3 Y NProcessTimes, // 4 Y NProcessBasePriority, // 5 N YProcessRaisePriority, // 6 N YProcessDebugPort, // 7 Y YProcessExceptionPort, // 8 N YProcessAccessToken, // 9 N YProcessLdtInformation, // 10 Y YProcessLdtSize, // 11 N YProcessDefaultHardErrorMode, // 12 Y YProcessIoPortHandlers, // 13 N YProcessPooledUsageAndLimits, // 14 Y NProcessWorkingSetWatch, // 15 Y YProcessUserModeIOPL, // 16 N YProcessEnableAlignmentFaultFixup, // 17 N YProcessPriorityClass, // 18 N YProcessWx86Information, // 19 Y NProcessHandleCount, // 20 Y NProcessAffinityMask, // 21 N YProcessPriorityBoost, // 22 Y YProcessDeviceMap, // 23 Y YProcessSessionInformation, // 24 Y YProcessForegroundInformation, // 25 N YProcessWow64Information // 26 Y N} PROCESSINFOCLASS;NTSTATUS (WINAPI *NtQueryInformationProcess)( HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength);NtQueryInformationProcess = (void*)GetProcAddress(GetModuleHandle(_T("ntdll.dll"),"NtQueryInformationProcess");This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
