Process Hacker Forums

The MS documentation states that the last parameter of that function (which is a BOOLEAN) is optional. That doesn't make sense. The prototype found in wdm.h shows the last parameter is "In", which based on the documented description of how the parameter is used, is correct. The prototype i...

That's a very convincing argument. I never noticed that WinDbg (I presume that is what produced the snapshot you posted) and the MSDN definition are not in agreement. I just checked Winnt.h and all the version fields are in Major/Minor sequence, including the Subsystem Major and Minor versions. I al...

I see what you're saying but, here is what I cannot reconcile in my mind: From the defnition in the MSDN link you posted : DWORD FileAlignment; WORD MajorOperatingSystemVersion; WORD MinorOperatingSystemVersion; WORD MajorImageVersion; WORD MinorImageVersion; WORD MajorSubsystemVersion; WORD MinorSu...

The second union in that structure is defined as follows: union { struct { USHORT MajorOperatingSystemVersion; USHORT MinorOperatingSystemVersion; }; ULONG OperatingSystemVersion; }; I am under the impression that the union is not about the O/S version but about the IMAGE version. Also, I am under t...

dmex, thank you very much. Everything you mentioned in your post synchs with what I had in mind. I appreciate your looking into it.

The definition of LdrAddLoadAsDataTable in Process Hacker shows it to have 4 parameters. Inspecting a disassembly of the function indicates that it has 5 parameters (1 more than shown in the definition.) For the record, after some casual tracing of the function, I haven't yet figured out what that 5...