Thank you sooooooo much Timo :)....
try LARGE_UNICODE_STRING
...dude you are the man :)....it worked - mostly. I was using UNICODE_STRING
which has USHORT vals but the LARGE_UNICODE_STRUCT did the trick :)
I can now retrieve the values for the ClassName and the WindowName parameters
however sometimes trying to dereference these pointers - even doing a
DbgPrint("%u",ClassName->Length) will crash the entire system....the only bug
check report is a STOP: 0x0000008E (0x000000C5... which means that the driver
has touched a region it shouldn't have.
Certain apps throw this error for sure - for e.g. IE...or even going to
Start-Run
Bye for now
On Tuesday 21 Oct 2008, Timo Kreuzer wrote:
try LARGE_UNICODE_STRING
>
http://www.reactos.org/wiki/index.php/Techwiki/win32k/LARGE_UNICODE_STRING
> That's what a WND stores internally.
>
> Jeetu Golani schrieb:
> > Anyways the parameter ordering I've deduced seems to be :
> >
> > NtUserCreateWindowEx(DWORD dwExStyle,PUNICODE_STRING
> > UnsafeClassName,PUNICODE_STRING UnsafeWindowName,DWORD dwUnknown1,DWORD
> > dwStyle,LONG x, LONG y,LONG nWidth, LONG nHeight,HWND
> > hWndParent,HMENU,hMenu,HINSTANCE hInstance,LPVOID lpParam,DWORD
> > dwShowMode,DWORD dwUnknown2)
> >
> > This seems to be correct with regards the
> > dwExStyle,dwStyle,x,y,nWidth,nHeight,hWndParent.hMenu,hInstance,lpParam
> > arguments.
> >
> > I'm still not able to verify the rest. My immediate concern though are
> > the UnsafeClassName and UnsafeWindowName arguments.
> >
> > I'm trying to print out these values...or test out what these values
> > hold...but can't seem to get anywhere....don't even know for sure if
> > these are UNICODE_STRING structure vals or LPCTSTR.