c++ - How to retrieve the 64-bit address for a specific kernel object from a wow64 process -


is possible obtain 64-bit address of kernel object within 32-bit wow64 process?

for instance, want obtain 64-bit kernel address process given pid. value "uniqueprocesskey" kernel logger process event.

i can obtain 32-bit address using ntdll:

ntquerysysteminformation  typedef struct _system_handle {     ulong processid;     byte objecttypenumber;     byte flags;     ushort handle;     pvoid object;     access_mask grantedaccess; } system_handle, *psystem_handle;

but need 64-bit address. in advance.

well found answer.

the premise since wow64 emulator living within address space of 64 bit process, should possible call 64 bit versions of nt... functions. turns out can. there functions like:

32-bit:                      64-bit: ntquerysysteminformation     ntwow64getnativesysteminformation ntqueryinformationprocess    ntwow64queryinformationprocess64

there problem however. ntwow64getnativesysteminformation doesn't support systemhandleinformation class, @ least on win7. such cannot addresses.

regardless, if need deal 64-bit processes in 32 bit wow process cant escape because of dependency, has other threads worth looking into:

how list of gdi handles

get command line string of 64-bit process 32-bit process


Comments

Post a Comment

Popular posts from this blog

cakephp - simple blog with croogo -

i not problem, made simple blog in croogo, problem is not adding or modifying or delete, because arabic language ?? function add in controller `public function admin_add() { $this->set('title_for_layout', __('add part')); if (!empty($this->request->data)) { $this->part->create(); if ($this->part->save($this->request->data)) { $this->session->setflash(__('the part has been saved'), 'default', array('class' => 'success')); $this->redirect(array('action' => 'index'));//, $this->part->id)); } else { $this->session->setflash(__('the part not saved. please, try again.'), 'default', array('class' => 'error')); } } }` => model `class part extends appmodel { public $name = 'part'; var $belongst...
Read more

How to group boxplot outliers in gnuplot -

i have large set of data points. try plot them boxplot, of outliers exact same value , represented on line beside each other. found how set horizontal distance between outliers in gnuplot boxplot , doesn't much, apparently not possible. is possible group outliers together, print 1 point , print number in brackets beside indicate how many points there are? think make more readable in graph. for information, have 3 boxplots 1 x value , times 6 in 1 graph. using gnuplot 5 , played around pointsize, doesn't reduce distance anymore. hope can help! edit: set terminal pdf set output 'dat.pdf' file0 = 'dat1.dat' file1 = 'dat2.dat' file2 = 'dat3.dat' set pointsize 0.2 set notitle set xlabel 'x' set ylabel 'y' header = system('head -1 '.file0); n = words(header) set xtics ('' 1) set [i=1:n] xtics add (word(header, i) i) set style data boxplot plot file0 using (1-0.25):1:(0.2) boxplot lw 2 lc rgb '#8b0000...
Read more

bash - Performing variable substitution in a string -

i have string contains use of variable, , i'd substitute variable's value string. right best have is #!/bin/bash foo='$name; echo bar' name="the name" expanded="$(eval echo "$foo")" echo "$expanded" which has obvious defects: prints the name bar while i'd print the name; echo bar instead of eval can bash's regex matching bash's string replacement: foo='$name; echo bar' name="the name" [[ "$foo" =~ \$([[:alnum:]]+) ]] && s="${!bash_rematch[1]}" && expanded="${foo/\$${bash_rematch[1]}/$s}" echo "$expanded" name; echo bar
Read more