Process Hacker Discussion Forum

Search found 65 matches

by 440bx
23 Oct 2021 03:49
Forum: General Discussion
Topic: _KEY_VALUE_LAYER_INFORMATION definition
Replies: 2
Views: 538

_PROCESS_LOGGING_INFORMATION definition

the definition of _PROCESS_LOGGING_INFORMATION in ntpsapi.h is as follows: typedef struct _PROCESS_LOGGING_INFORMATION { ULONG Flags; struct { ULONG EnableReadVmLogging : 1; ULONG EnableWriteVmLogging : 1; ULONG EnableProcessSuspendResumeLogging : 1; ULONG EnableThreadSuspendResumeLogging : 1; ULONG...
by 440bx
23 Oct 2021 03:30
Forum: General Discussion
Topic: _KEY_VALUE_LAYER_INFORMATION definition
Replies: 2
Views: 538

_KEY_VALUE_LAYER_INFORMATION definition

ntregapi.h shows the definition of _KEY_VALUE_LAYER_INFORMATION to be: typedef struct _KEY_VALUE_LAYER_INFORMATION { ULONG IsTombstone; ULONG Reserved; } KEY_VALUE_LAYER_INFORMATION, *PKEY_VALUE_LAYER_INFORMATION; but the definition in wdm.h shows it to be : typedef struct _KEY_VALUE_LAYER_INFORMATI...
by 440bx
19 Oct 2021 04:09
Forum: General Discussion
Topic: PROCESS_MITIGATION_POLICY_INFORMATION
Replies: 2
Views: 664

Re: PROCESS_MITIGATION_POLICY_INFORMATION

Thank you for the information dmex.
by 440bx
17 Oct 2021 02:15
Forum: General Discussion
Topic: PROCESS_MITIGATION_POLICY_INFORMATION
Replies: 2
Views: 664

PROCESS_MITIGATION_POLICY_INFORMATION

the definition of PROCESS_MITIGATION_POLICY_INFORMATION does not include the PROCESS_MITIGATION_DEP_POLICY policy nor the PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY and PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY. Is there some reason for PROCESS_MITIGATION_DEP_POLICY to not be included or was it s...
by 440bx
16 Sep 2021 04:43
Forum: General Discussion
Topic: _SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE
Replies: 1
Views: 4022

_SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE

in ntexapi.h the structures _SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE and _SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE are defined but, it is not clear what API uses them. from a bit of research, I am _guessing_ that they are used by NtQuerySystemInformation and NtSetSystemInformation respectivel...
by 440bx
13 Sep 2021 06:28
Forum: General Discussion
Topic: _MEMORY_PARTITION_INFORMATION_CLASS
Replies: 1
Views: 2632

_MEMORY_PARTITION_INFORMATION_CLASS

In wdm.h this enumeration goes by the name _PARTITION_INFORMATION_CLASS and declares two (2) elements not present in ntmmapi.h in wdm.h, the definition is as follows: typedef enum _PARTITION_INFORMATION_CLASS { SystemMemoryPartitionInformation = 0, SystemMemoryPartitionDedicatedMemoryInformation = 9...
by 440bx
13 Sep 2021 05:02
Forum: General Discussion
Topic: NtManagePartition
Replies: 1
Views: 2648

NtManagePartition

NtManagePartition number of parameters declared in ntmmapi.h does not match the number of parameters in the wdm.h defintion. in wdm.h, the prototype is as follows: _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtManagePartition ( _In_ HANDLE TargetHandle, _In_opt_ HANDLE SourceHan...
by 440bx
12 Sep 2021 13:00
Forum: General Discussion
Topic: ntpebteb.h
Replies: 2
Views: 2467

Re: ntpebteb.h

dmex wrote: 12 Sep 2021 12:31
Yes? That was fixed a few months ago:
https://github.com/processhacker/phnt/p ... a59dbecadd
Sorry. I'm using the source I downloaded sometime in May (I believe)
by 440bx
12 Sep 2021 03:38
Forum: General Discussion
Topic: ntpebteb.h
Replies: 2
Views: 2467

ntpebteb.h

In ntpebteb.h, the field "BOOLEAN UnalignedLoadStoreExceptions" in the definition of the TEB structure appears as applicable to both, the 32bit and 64bit TEB. I believe that field applies only to the 64bit definition. see Geoff Chappell's definition of the TEB at https://www.geoffchappell....
by 440bx
07 Sep 2021 12:07
Forum: General Discussion
Topic: RTL_IMAGE_MITIGATION_OPTION_STATE
Replies: 2
Views: 2084

Re: RTL_IMAGE_MITIGATION_OPTION_STATE

That makes sense. Thank you dmex.
by 440bx
06 Sep 2021 19:15
Forum: General Discussion
Topic: RTL_IMAGE_MITIGATION_OPTION_STATE
Replies: 2
Views: 2084

RTL_IMAGE_MITIGATION_OPTION_STATE

ntrtl.h declares _RTL_IMAGE_MITIGATION_OPTION_STATE but, I have not been able to find an API that uses that enumeration.

What API, if any, uses it ?

Thank you for your help.
by 440bx
06 Sep 2021 13:43
Forum: General Discussion
Topic: typo in declaration
Replies: 1
Views: 2681

typo in declaration

in ntrtl.h, the declaration PRTL_FEATURE_CONFIGURATION_CHANGE_NOTIFICAION is missing the "T" in "NOTIFICATION".
by 440bx
04 Sep 2021 21:07
Forum: General Discussion
Topic: RtlGetSearchPath
Replies: 1
Views: 1938

RtlGetSearchPath

ntrtl.h shows RtlGetSearchPath returns a BOOLEAN.

RtlGetSearchPath returns an NTSTATUS
by 440bx
04 Sep 2021 20:09
Forum: General Discussion
Topic: RtlGetExePath definition
Replies: 1
Views: 1938

RtlGetExePath definition

ntrtl.h shows RtlGetExePath as a function that takes no parameters and returns a pointer to a wide string.

Disassembly (of Win10 21H1) shows RtlGetExePath takes two parameters and returns an NTSTATUS.

Comments welcome.
by 440bx
31 Aug 2021 05:11
Forum: General Discussion
Topic: RtlCopyUnicodeString definition
Replies: 12
Views: 3589

TpSetWaitEx availability

nttp.h indicates that TpSetWaitEx is available in Win 7, TpSetWaitEx is available starting in Win8
by 440bx
31 Aug 2021 04:47
Forum: General Discussion
Topic: TpSetTimerEx availability
Replies: 1
Views: 2144

TpSetTimerEx availability

nttp.h indicates that TpSetTimerEx is available in Win 7, that API is available starting in Win 8
by 440bx
30 Aug 2021 02:27
Forum: General Discussion
Topic: RtlCopyUnicodeString definition
Replies: 12
Views: 3589

RtlGetSuiteMask

ntrtl.h indicates that RtlGetSuiteMask is available starting with REDSTONE2, the ntddk.h indicates it is available since the first REDSTONE.
by 440bx
30 Aug 2021 02:08
Forum: General Discussion
Topic: RtlGetNtProductType availability
Replies: 1
Views: 2199

RtlGetNtProductType availability

ntrtl.h shows RtlGetNtProductType as being available starting with REDSTONE.

That function is available in Windows 7 SP1 (I don't know if it is available or not before SP1)
by 440bx
30 Aug 2021 01:29
Forum: General Discussion
Topic: RtlCopyUnicodeString definition
Replies: 12
Views: 3589

RtlRunDecodeUnicodeString definition

In RtlRunDecodeUnicodeString, the disposition of the second parameter (the string to be decoded) is "_inout_". The current definition in ntrtl.h shows it as just "_in_"
by 440bx
29 Aug 2021 20:38
Forum: General Discussion
Topic: RtlComputePrivatizedDllName_U definition
Replies: 2
Views: 2937

Re: RtlComputePrivatizedDllName_U definition

dmex wrote: 29 Aug 2021 15:41
440bx wrote: 29 Aug 2021 04:04
Windows 7 SP1
There's no typedef for service packs.
I mentioned SP1 because I don't know if it is or isn't available in the original Win 7. It may or may not be, I don't know at this time, either way, it is available before Win 8.