No need to apologize, many thanks for sharing this information.Kuzya69 wrote:Excuse me, I didn't look at date of the message.
Search found 46 matches
- Tue Dec 15, 2015 8:51 am
- Forum: madKernel
- Topic: [native] RtlWow64CallFunction64
- Replies: 18
- Views: 56676
Re: [native] RtlWow64CallFunction64
- Fri Jun 05, 2009 2:50 pm
- Forum: madCodeHook
- Topic: CreateProcessXXX hooking in Windows 7
- Replies: 23
- Views: 32260
- Fri Jun 05, 2009 8:21 am
- Forum: madCodeHook
- Topic: CreateProcessXXX hooking in Windows 7
- Replies: 23
- Views: 32260
Re: NtCreateUserProcess
The prototype in the Windows Research Kernel (WRK) should be sufficient.mikec wrote:I have an initial implementation of it but it seems to make the OS very unstable and i suspect that my prototype is incorrect. Would you be prepared to share your prototype with me?
- Thu May 28, 2009 7:16 am
- Forum: madExcept
- Topic: Big problem with DirectX (MadExcept crashes the application)
- Replies: 11
- Views: 11844
- Tue Apr 21, 2009 7:06 am
- Forum: madExcept
- Topic: Access Violation after closing program
- Replies: 4
- Views: 7235
- Thu Mar 12, 2009 9:27 am
- Forum: madCodeHook
- Topic: Norton Internet Security Warning
- Replies: 3
- Views: 4874
- Thu Mar 05, 2009 8:53 am
- Forum: madCodeHook
- Topic: Mouse hook in and only 1 process
- Replies: 2
- Views: 4250
- Thu Mar 05, 2009 8:48 am
- Forum: madCodeHook
- Topic: OutputDebugString replacement
- Replies: 5
- Views: 7987
- Thu Mar 05, 2009 8:45 am
- Forum: madCodeHook
- Topic: Possible bug with IPC comms in BDS 2009 with UnicodeString
- Replies: 5
- Views: 5360
- Wed Mar 04, 2009 8:03 am
- Forum: madCodeHook
- Topic: Object info from handle (Iconic help :))
- Replies: 3
- Views: 5095
If you want to determine the object types of many handles, you might call NtQuerySystemInformation(SystemHandleInformation) or NtQuerySystemInformation(SystemExtendedHandleInformation) and use the ObjectTypeIndex to cache the results (note: do not assume that this index is the same as in NtQueryObje...
- Wed Mar 04, 2009 7:46 am
- Forum: madCodeHook
- Topic: Possible bug with IPC comms in BDS 2009 with UnicodeString
- Replies: 5
- Views: 5360
- Mon Mar 02, 2009 12:16 pm
- Forum: madCodeHook
- Topic: Object info from handle (Iconic help :))
- Replies: 3
- Views: 5095
There are several ways to optimize the query for a large amount of handles. The following sample code retrieves the object type name for a single handle: {$ALIGN ON} {$MINENUMSIZE 4} type TNtStatus = LongInt; type PNtUnicodeString = ^TNtUnicodeString; TNtUnicodeString = record Length : Word; Maximum...
- Fri Feb 13, 2009 3:19 pm
- Forum: madExcept
- Topic: madExcept error with FreeAndNil
- Replies: 6
- Views: 6741
- Wed Feb 11, 2009 10:32 am
- Forum: madKernel
- Topic: [native] RtlWow64CallFunction64
- Replies: 18
- Views: 56676
- Wed Feb 11, 2009 9:00 am
- Forum: madKernel
- Topic: [native] RtlWow64CallFunction64
- Replies: 18
- Views: 56676
FYI: SystemExtendedHandleInformation is correctly emulated by WOW64 (at least on Windows Vista). However, the pointers are (of course) truncated to 32-bit (you need external 64-bit code or have to use Turbo Dispatching to retrieve the native pointers). // // SystemExtendedHandleInformation (64) // t...