Index
> Macroinstructions > Having trouble with structures... |
| Author |
|
|
nocona 02 Sep 2007, 05:59
perhaps you don't have the UNICODE_STRING structure defined yet?
|
|||
02 Sep 2007, 05:59 |
|
|
ManOfSteel 02 Sep 2007, 06:02
Try 'du xx dup (?)' instead of UNICODE_STRING.
VmCounters, IoCounters, SYSTEM_THREAD_INFORMATION do not exist. If you're converting code, check the source where you got these from, there should be some 'type definition' like 'TCHAR typedef BYTE' in MASM for instance. |
|||
|
02 Sep 2007, 06:02 |
|
|
madmatt 02 Sep 2007, 09:40
Found this in the Windows SDK:
Code: The UNICODE_STRING structure is used by various LSA functions to specify a Unicode string. typedef struct _LSA_UNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING; The PWSTR means a pointer to a unicode string buffer so it is just a dword (Buffer dd ?). So the whole thing would be: Code:
struct UNICODE_STRING
Length dw ?
MaximumLength dw ?
Buffer dd ?
ends |
|||
|
02 Sep 2007, 09:40 |
|
|
shism2 02 Sep 2007, 17:30
Code:
struct SYSTEM_PROCESS_INFORMATION
Next dd ? ; offset to the next entry
ThreadCount dd ? ; number of threads
Reserved1 db 6 dup (?) ; reserved
CreateTime dd ? ; process creation time
UserTime dq ? ; time spent in user mode
ProcessName UNICODE_STRING
KernelTime dq ? ; time spent in kernel mode
BasePriority dd ? ; base process priority
ProcessId dd ? ; process identifier
ParentProcessId dd ? ; parent process identifier
HandleCount dd ? ; number of handles
Reserved2 db 2 dup (?)
VM_COUNTERS VmCounters
IO_COUNTERS IoCounters
Threads SYSTEM_THREAD_INFORMATION
ends
struct SYSTEM_THREAD_INFORMATION
KernelTime dq ? ; 100 nsec units
UserTime dq ? ; 100 nsec units
CreateTime dq ? ; relative to 01-01-1601
WaitTime dd ?
StartAddress dd ?
ClientId CLIENT_ID ; process/thread ids
Priority dd ?
BasePriority dd ?
ContextSwitches dd ?
ThreadState dd ? ; 2=running, 5=waiting
WaitReason dd ?
Reserved01 dd ?
ends
struct VM_COUNTERS
PeakVirtualSize dd ?
VirtualSize dd ?
PageFaultCount dd ?
PeakWorkingSetSize dd ?
WorkingSetSize dd ?
QuotaPeakPagedPoolUsage dd ?
QuotaPagedPoolUsage dd ?
QuotaPeakNonPagedPoolUsage dd ?
QuotaNonPagedPoolUsage dd ?
PagefileUsage dd ?
PeakPagefileUsage dd ?
ends
struct IO_COUNTERS
ReadOperationCount dd ?
WriteOperationCount dd ?
OtherOperationCount dd ?
ReadTransferCount dd ?
WriteTransferCount dd ?
OtherTransferCount dd ?
ends
struct UNICODE_STRING
Length dw ?
MaximumLength dw ?
Buffer dd ? ; offset
ends
I do have all the structures defined already...but I still get the error |
|||
|
02 Sep 2007, 17:30 |
|
|
asmfan 02 Sep 2007, 17:55
shism2 wrote:
Already means before their use. Define structure before use it in other structures. Put UNICODE_STRING before anything else. Btw in kenrel mode UNICODE_STRING imho is the most frequently used structure in API functions. No direct pointers on strings only this struct or pointer on it. _________________ Any offers? |
|||
|
02 Sep 2007, 17:55 |
|
|
shism2 02 Sep 2007, 21:31
Any of you have a better SYSTEM_PROCESS_INFORMATION structure ? Mine doesn't work correctly.... when I try to use it
|
|||
|
02 Sep 2007, 21:31 |
|
|
madmatt 03 Sep 2007, 10:38
Quote: * winternl.h -- This module defines the internal NT APIs and data * This is the include file that I found 'SYSTEM_PROCESS_INFORMATION' in. As you can read, it is not recommened that you use these structures and defines, Anyways, here's my what my include translation shows: Code: struct SYSTEM_PROCESS_INFORMATION
NextEntryOffset dd ?
Reserved1 db 52 dup(?)
Reserved2 dd ?,?,?
UniqueProcessId dd ?
Reserved3 dd ?
HandleCount dd ?
Reserved4 db 4 dup(?)
Reserved5 dd 11 dup(?)
PeakPagefileUsage dd ?
PrivatePageCount dd ?
Reserved6 dq 6 dup(?)
ends |
|||
|
03 Sep 2007, 10:38 |
|
< Last Thread | Next Thread > |
Forum Rules:
|