This is a clearly unsupportable approach that will risk bugcheck or worse when hotfixes (or OS upgrades) shift internal structure layouts around without warning. Not to mention that the locks needed to operate on those fields in a correct fashion may not be exposed outside of the OS (and are certainly subject to change from release to release or hotfix to hotfix), etc.
The answer is simple: Don’t even try to do this at all. It’s wholly unsuitable for any sort of production driver.
What are you trying to accomplish that you believe requires access to the internal, undocumented fields of the OS’s process object? Perhaps the list can suggest a better, supported alternative to your problem with more details given on what you’re trying to do.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Saturday, November 01, 2014 9:00 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] How can I access to an attribute of PEPROCESS structure?
I have not any experience at all in driver development. I want to access to an attribute of the structure PEPROCESS. I have a pointer pointing to the process object, obtained via PsGetCurrentProcess routine. I have seeing already some web describing the structure internals (attributes) declaration, so I could use the offset of these attributes to get them, something like:
hprocess = PsGetCurrentProcess();
List = (LIST_ENTRY*)((ULONG)hproces + 0x88); //Active Process Link Offset
However this way leave me in the middle of a problem. I would like to make a build of this code that could be able to run in other kind of platforms (ex: x86, x86_64) and others version of Windows (XP, 7, …); and I suppose that is not possible with that way because the offset would not be the same.
Question: Is there a not lame solution for this? Ex: something like
List = hprocess->ActiveProcessLink
or something.
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer