flat assembler
Message board for the users of flat assembler.
Index
> Windows > NtQuerySystemInformation |
Author |
|
bzdashek 29 Jul 2012, 09:31
Where is your
invoke ExitProcess,0 ? |
|||
29 Jul 2012, 09:31 |
|
Overflowz 29 Jul 2012, 09:49
as I said, I'm doing it just in testing case, I don't care about ExitProcess for now.
|
|||
29 Jul 2012, 09:49 |
|
Fockyerdoder 29 Jul 2012, 10:15
If i remember correctly the SystemInformationLength parameter passed to NtQuerySystemInformation has to be the length needed by the function to return the entire record of all processes, u have to call it once, and use the value returned in ReturnLength parameter to create the right size buffer, and call it again with the needed buffer size.
Check the return value of NtQuereySystemInformation, and check NTStatus.h codes |
|||
29 Jul 2012, 10:15 |
|
typedef 29 Jul 2012, 15:51
Where are you getting that struct from. This is what I found on MSDN:
Code: typedef struct _SYSTEM_PROCESS_INFORMATION { ULONG NextEntryOffset; BYTE Reserved1[52]; PVOID Reserved2[3]; HANDLE UniqueProcessId; PVOID Reserved3; ULONG HandleCount; BYTE Reserved4[4]; PVOID Reserved5[11]; SIZE_T PeakPagefileUsage; SIZE_T PrivatePageCount; LARGE_INTEGER Reserved6[6]; } SYSTEM_PROCESS_INFORMATION; http://msdn.microsoft.com/en-us/library/windows/desktop/ms724509%28v=vs.85%29.aspx |
|||
29 Jul 2012, 15:51 |
|
Overflowz 29 Jul 2012, 21:00
I was using struct as buffer argument, my bad. I'll try to code better tomorow.
typedef http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/System%20Information/Structures/SYSTEM_PROCESS_INFORMATION.html works well in C. |
|||
29 Jul 2012, 21:00 |
|
revolution 31 Jul 2012, 11:34
Also here:
Code: cinvoke printf,[sysinfo.ProcessName.Buffer] |
|||
31 Jul 2012, 11:34 |
|
Overflowz 01 Aug 2012, 22:16
Thank you all, I get it working now
|
|||
01 Aug 2012, 22:16 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.