Alex Ionescu wrote:
Our structures are not wrong. Perhaps we still return the wrong version info somewhere, or tehre's a bug in NtQuerySystemInformation.
What now could go wrong, James
Best regards, Alex Ionescu
I patch this to ps.c and I got it to work on xp! Needs more testing! XP seems to tell what type of structure you are using, both NT4 and W2k work for some reason.
#include <windows.h> /* NOTE: W32API ddk/ntapi.h header has wrong definition of SYSTEM_PROCESSES. */ #include <ntos/types.h>
typedef ULARGE_INTEGER TIME, *PTIME;
typedef struct _SYSTEM_THREADS { LARGE_INTEGER KernelTime; LARGE_INTEGER UserTime; LARGE_INTEGER CreateTime; ULONG TickCount; PVOID StartEIP; CLIENT_ID ClientId; ULONG DynamicPriority; ULONG BasePriority; ULONG nSwitches; DWORD State; KWAIT_REASON WaitReason; } SYSTEM_THREADS, *PSYSTEM_THREADS; typedef struct _SYSTEM_PROCESSES { SIZE_T NextEntryDelta; ULONG ThreadCount; ULONG Unused1 [6]; TIME CreateTime; TIME UserTime; TIME KernelTime; UNICODE_STRING ProcessName; ULONG BasePriority; ULONG ProcessId; ULONG InheritedFromProcessId; ULONG HandleCount;
ULONG SessionId; ULONG PageDirectoryFrame; ULONG PeakVirtualSizeBytes; ULONG TotalVirtualSizeBytes; ULONG PageFaultCount; ULONG PeakWorkingSetSizeBytes; ULONG TotalWorkingSetSizeBytes; ULONG PeakPagedPoolUsagePages; ULONG TotalPagedPoolUsagePages; ULONG PeakNonPagedPoolUsagePages; ULONG TotalNonPagedPoolUsagePages; ULONG TotalPageFileUsageBytes; ULONG PeakPageFileUsageBytes; ULONG TotalPrivateBytes;
LARGE_INTEGER ReadOperationCount; LARGE_INTEGER WriteOperationCount; LARGE_INTEGER OtherOperationCount; LARGE_INTEGER ReadTransferCount; LARGE_INTEGER WriteTransferCount; LARGE_INTEGER OtherTransferCount;
SYSTEM_THREADS Threads [1]; } SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;