Thank you sooooooo much Timo :)....
try LARGE_UNICODE_STRING
...dude you are the man :)....it worked - mostly. I was using UNICODE_STRING which has USHORT vals but the LARGE_UNICODE_STRUCT did the trick :)
I can now retrieve the values for the ClassName and the WindowName parameters however sometimes trying to dereference these pointers - even doing a DbgPrint("%u",ClassName->Length) will crash the entire system....the only bug check report is a STOP: 0x0000008E (0x000000C5... which means that the driver has touched a region it shouldn't have.
Certain apps throw this error for sure - for e.g. IE...or even going to Start-Run
Bye for now
On Tuesday 21 Oct 2008, Timo Kreuzer wrote:
try LARGE_UNICODE_STRING http://www.reactos.org/wiki/index.php/Techwiki/win32k/LARGE_UNICODE_STRING That's what a WND stores internally.
Jeetu Golani schrieb:
Anyways the parameter ordering I've deduced seems to be :
NtUserCreateWindowEx(DWORD dwExStyle,PUNICODE_STRING UnsafeClassName,PUNICODE_STRING UnsafeWindowName,DWORD dwUnknown1,DWORD dwStyle,LONG x, LONG y,LONG nWidth, LONG nHeight,HWND hWndParent,HMENU,hMenu,HINSTANCE hInstance,LPVOID lpParam,DWORD dwShowMode,DWORD dwUnknown2)
This seems to be correct with regards the dwExStyle,dwStyle,x,y,nWidth,nHeight,hWndParent.hMenu,hInstance,lpParam arguments.
I'm still not able to verify the rest. My immediate concern though are the UnsafeClassName and UnsafeWindowName arguments.
I'm trying to print out these values...or test out what these values hold...but can't seem to get anywhere....don't even know for sure if these are UNICODE_STRING structure vals or LPCTSTR.