Hi,
I am working on a project to parse the Windows image file. To do that, I must understand the structure of some Windows components, like _EPROCESS. So I took some headers from ReactOS, and write *userland* code like below:
---- #include <pstypes.h> #include <stdio.h>
int main() { printf("size of EPROCESS: %d\n", sizeof(struct _EPROCESS)); return 0; } ----
The I got the problem: g++ reported that _EPROCESS is incomplete.
Clearly this means it doesnt see the structure _EPROCESS, so I took a closer look, and found that _EPROCESS is not defined in user-mode (NTOS_MODE_USER). I tried to fix it by putting
#undef NTOS_MODE_USER
in front of #include <pstypes>, but that doesnt help.
Anybody please tell me if there is any way to fix this?
I think I can fix that by modifying the original headers. but that is way too ugly.
Many thanks, Jun