23 May
2005
23 May
'05
3:44 p.m.
Alex Ionescu wrote:
Our structures are not wrong. Perhaps we still return the wrong version
info somewhere, or tehre's a bug in NtQuerySystemInformation.
I patch this to ps.c and I got it to work on xp! Needs more testing! XP seems
to tell what type of structure you are using, both NT4 and W2k work for some
reason.
#include <windows.h>
/* NOTE: W32API ddk/ntapi.h header has wrong definition of SYSTEM_PROCESSES. */
#include <ntos/types.h>
typedef ULARGE_INTEGER TIME, *PTIME;
typedef struct _SYSTEM_THREADS
{
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG TickCount;
PVOID StartEIP;
CLIENT_ID ClientId;
ULONG DynamicPriority;
ULONG BasePriority;
ULONG nSwitches;
DWORD State;
KWAIT_REASON WaitReason;
} SYSTEM_THREADS, *PSYSTEM_THREADS;
typedef struct _SYSTEM_PROCESSES
{
SIZE_T NextEntryDelta;
ULONG ThreadCount;
ULONG Unused1 [6];
TIME CreateTime;
TIME UserTime;
TIME KernelTime;
UNICODE_STRING ProcessName;
ULONG BasePriority;
ULONG ProcessId;
ULONG InheritedFromProcessId;
ULONG HandleCount;
ULONG SessionId;
ULONG PageDirectoryFrame;
ULONG PeakVirtualSizeBytes;
ULONG TotalVirtualSizeBytes;
ULONG PageFaultCount;
ULONG PeakWorkingSetSizeBytes;
ULONG TotalWorkingSetSizeBytes;
ULONG PeakPagedPoolUsagePages;
ULONG TotalPagedPoolUsagePages;
ULONG PeakNonPagedPoolUsagePages;
ULONG TotalNonPagedPoolUsagePages;
ULONG TotalPageFileUsageBytes;
ULONG PeakPageFileUsageBytes;
ULONG TotalPrivateBytes;
LARGE_INTEGER ReadOperationCount;
LARGE_INTEGER WriteOperationCount;
LARGE_INTEGER OtherOperationCount;
LARGE_INTEGER ReadTransferCount;
LARGE_INTEGER WriteTransferCount;
LARGE_INTEGER OtherTransferCount;
SYSTEM_THREADS Threads [1];
} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;
What now could go wrong,
James
Best regards,
Alex Ionescu