windows - How can I access to an attribute of PEPROCESS structure? -
i have not experience @ in driver development. want access attribute of construction peprocess. have pointer pointing process object, obtained via psgetcurrentprocess routine. have seeing web describing construction internals (attributes) declaration, utilize offset of these attributes them, like:
hprocess = psgetcurrentprocess(); list = (list_entry*)((ulong)hproces + 0x88); //active process link offset however way leave me in middle of problem. create build of code able run in other kind of platforms (ex: x86, x86_64) , others version of windows (xp, 7, ...); , suppose not possible way because offset not same.
question: there not lame solution this? ex:
list = process->activeprocesslink or something.
try utilize macro: pchar containing_record( [in] pchar address, [in] type type, [in] pchar field);
windows device-driver windows-kernel
No comments:
Post a Comment