I’ve searched the web for half a day allready.
I don’t know where my mistake is, but i cannot import ZwQuerySystemInformation in my driver.
I want to use this function to get a process’s kernel and user times.
I use this signature:
NTSYSAPI
NTSTATUS
NTAPI
ZwQuerySystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL );
But the linker gives me an unresolved reference error. I’ve checked ntoskrnl.exe and
the function is there, so why can’t i link it?
It’s a bit confusing because most of the samples i’ve seen are compiled with ntdll and are of course user mode, but i’ve got the idea that the same can be done from kernel mode as well. So where is my mistake? tnx.
I’ve searched the web for half a day allready.
I don’t know where my mistake is, but i cannot import
ZwQuerySystemInformation in my driver.
I want to use this function to get a process’s kernel and user times.
I use this signature:
NTSYSAPI
NTSTATUS
NTAPI
ZwQuerySystemInformation(
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL );
But the linker gives me an unresolved reference error. I’ve checked
ntoskrnl.exe and
the function is there, so why can’t i link it?
It’s a bit confusing because most of the samples i’ve seen are compiled
with ntdll and are of course user mode, but i’ve got the idea that the
same can be done from kernel mode as well. So where is my mistake? tnx.
I’ve searched the web for half a day allready.
I don’t know where my mistake is, but i cannot import
ZwQuerySystemInformation in my driver.
I want to use this function to get a process’s kernel and user times.
I use this signature:
NTSYSAPI
NTSTATUS
NTAPI
ZwQuerySystemInformation(
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL );
But the linker gives me an unresolved reference error. I’ve checked
ntoskrnl.exe and
the function is there, so why can’t i link it?
It’s a bit confusing because most of the samples i’ve seen are compiled
with ntdll and are of course user mode, but i’ve got the idea that the
same can be done from kernel mode as well. So where is my mistake? tnx.
Hmm… appearantly i did need one (extern “C” that is).
Didn’t see it in any of the samples i’ve seen.
Can someone explain or post a link to shed some light on the subject?
Thanks.
Try add the following in your c file and let me know the status.
#pragma comment(lib,“ntdll.lib”)
–Elango C
On Mon, Nov 10, 2008 at 2:26 PM, wrote:
> I’ve searched the web for half a day allready. > I don’t know where my mistake is, but i cannot import > ZwQuerySystemInformation in my driver. > I want to use this function to get a process’s kernel and user times. > I use this signature: > > NTSYSAPI > NTSTATUS > NTAPI > ZwQuerySystemInformation( IN > SYSTEM_INFORMATION_CLASS SystemInformationClass, > OUT PVOID SystemInformation, > IN ULONG SystemInformationLength, > OUT PULONG ReturnLength OPTIONAL ); > > But the linker gives me an unresolved reference error. I’ve checked > ntoskrnl.exe and > the function is there, so why can’t i link it? > > It’s a bit confusing because most of the samples i’ve seen are compiled > with ntdll and are of course user mode, but i’ve got the idea that the same > can be done from kernel mode as well. So where is my mistake? tnx. > > > — > NTDEV is sponsored by OSR > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at > http://www.osronline.com/page.cfm?name=ListServer >
Your source file is .cpp and consequently uses C++ name-mangling. extern C
forces the target of the extern C to use C unmangled names rather than C++
mangled names.
On Mon, Nov 10, 2008 at 4:37 AM, wrote:
> Hmm… appearantly i did need one (extern “C” that is). > Didn’t see it in any of the samples i’ve seen. > Can someone explain or post a link to shed some light on the subject? > Thanks. > > — > NTDEV is sponsored by OSR > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at > http://www.osronline.com/page.cfm?name=ListServer >