none
ZwQuerySystemInformation | SystemProcessInformation RRS feed

  • Question

  • So my problem is  :

                int nHandleInfoSize = 0x10000;
    
                void* ipHandlePointer = (void*)Marshal.AllocHGlobal((IntPtr)nHandleInfoSize);
                int nLength = 0;
    
    
                while (ZwQuerySystemInformation(Enumerations._SYSTEM_INFORMATION_CLASS.SystemProcessInformation, ipHandlePointer, nHandleInfoSize, out nLength) == NtDll.NTSTATUS.STATUS_INFO_LENGTH_MISMATCH)
                {
                    nHandleInfoSize = nLength;
                    Marshal.FreeHGlobal((IntPtr)ipHandlePointer);
                    ipHandlePointer = (void*)Marshal.AllocHGlobal(nLength);
    
                }
                //          MessageBox.Show(RtlGetNativeSystemInformation(Enumerations._SYSTEM_INFORMATION_CLASS.SystemBasicInformation, ipHandlePointer, nHandleInfoSize, out nLength).ToString());
    
                Structures._SYSTEM_PROCESS_INFORMATION* strstr = (Structures._SYSTEM_PROCESS_INFORMATION*)ipHandlePointer;
    
    
                MessageBox.Show(nLength.ToString());
                MessageBox.Show(strstr-> UniqueProcessId.ToString());

    When I try this code, I got success with NTSTATUS of my function  , I got the lenght of information , but when I try to read information , some of them got 0 like UniqueProcessId but NumberOfThreads returned a good number any idea or advice ?


    • Modifié Arsium mercredi 20 janvier 2021 09:44
    mercredi 20 janvier 2021 09:43

Réponses

Toutes les réponses