Hi Guys
i wanna enumerate EPROCESS structure on multiprocessor system.
but the problem is the synchronization. how can i get safely EPROCESS pointer?
You can’t and you cannot rely on the internal structure of EPROCESS. What
are you really trying to achieve?
–
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
wrote in message news:xxxxx@ntdev…
> Hi Guys
>
> i wanna enumerate EPROCESS structure on multiprocessor system.
>
> but the problem is the synchronization. how can i get safely EPROCESS
> pointer?
>
>
>
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4387 (20090901)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
Information from ESET NOD32 Antivirus, version of virus signature database 4387 (20090901)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
> i wanna enumerate EPROCESS structure on multiprocessor system.
…and the next security update will change the definition of EPROCESS and crash the machine.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
>You can’t and you cannot rely on the internal structure of EPROCESS.
Indeed, not particularly wise idea…
What are you really trying to achieve?
I think the OP wants to detect hidden processes, so that he wants to enumerate all EPROCESSes and compare them to the list of processes that system-info API functions return (or, perhaps, do exactly the opposite and hide his target process from the system)…
Anton Bassov
ya anton you’r right. i wanna hide some process.
> ya anton you’r right. i wanna hide some process.
I leave it to Don to comment on it…
Anton Bassov
> ya anton you’r right. i wanna hide some process.
No software except malware has such a need.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
I guess his request and his style doesn’t need comments. Just one: we
don’t support malware writers here.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Wednesday, September 02, 2009 5:38 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to Get EPROCESS Structure using
Synchronization on MultiProcessor System> ya anton you’r right. i wanna hide some process.
I leave it to Don to comment on it…
Anton Bassov
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online
at http://www.osronline.com/page.cfm?name=ListServer
sorry guys but my intention is not wrong. i just wanna learn new things and try to run on my system
for my knowledge. if you can not support me then it’s fine.