[pso] [tema1][win]undocumented
Florin
f.bratu at yahoo.com
Thu Mar 15 22:30:31 EET 2007
Am vazut ca , pt implementarea functiilor "helper" din Sci_win.h : GetUserOf si
GetCurrentUser, se utilizeaza functii ce nu sunt documentate in DDK , dar care
sunt implementate in kernel, si sunt "importate" in modul :
<code>
extern NTSTATUS PsLookupProcessByProcessId(HANDLE, PEPROCESS*);
extern ULONG RtlLengthSid(PSID);
extern NTKERNELAPI void ExFreePoolWithTag(PVOID, ULONG);
extern ZwOpenThreadToken(HANDLE thread, ACCESS_MASK am, BOOLEAN utc, HANDLE *token);
extern ZwOpenProcessToken(HANDLE process, ACCESS_MASK am, HANDLE *token);
extern ZwQueryInformationToken(HANDLE token, long tic, void *ti, unsigned long til, unsigned long *rtil);
extern BOOLEAN RtlEqualSid (PSID, PSID);
NTSTATUS ZwOpenProcess (OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId OPTIONAL);
<\code>
Am citit ca , pt enumerarea proceselor din sistem in kernel-mode, se pot utiliza functiile PsGetNextProcess si PsQuitNextProcess. Am incercat si eu sa le import, urmand modelul din Sci_win.h :
<code>
extern PEPROCESS PsGetNextProcess (PEPROCESS);
extern PsQuitNextProcess (PEPROCESS);
<\code>
Insa, la link-time, imi da urmatoarea eroare:
<output>
sci_win.obj : error LNK2019: unresolved external symbol _PsQuitNextProcess at 4 ref
erenced in function _is_monitored at 8
sci_win.obj : error LNK2019: unresolved external symbol _PsGetNextProcess at 4 refe
renced in function _is_monitored at 8
objchk_wnet_x86\i386\sci.sys : error LNK1120: 2 unresolved externals
<\output>
nu inteleg de ce... can anyone help?
---------------------------------
Sucker-punch spam with award-winning protection.
Try the free Yahoo! Mail Beta.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cursuri.cs.pub.ro/pipermail/pso/attachments/20070315/2d6df3ab/attachment.html
More information about the pso
mailing list