Home > Others

Corrected system_threads and system_processes struct

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Recently, a 32-bit program needs to be transplanted to a 64-bit system. The program uses the zwquerysysteminformation function to enumerate the process and thread information in the system, however, the transplanted program does not work properly in Windows x64. The process/thread information obtained is messy and incorrect. By querying the wrk and Win2k source code, the Members in the struct are modified, and the compiled program can be properly displayed.

Because zwquerysysteminformation is a Windows undocumented function, the structures that can be searched on the network are obtained reversely Based on Win32, so there may be some deviations.

The most obvious problem is the difference between handle and ulong. In Windows, the handle type is defined as typedef handle pvoid *. On a 32-bit platform, sizeof (handle) = sizeof (ulong) = 4. Therefore, it is possible that the human who reversed the handle type was written into the ulong type, in this way, writing on a 32-bit platform won't go wrong, but on a 64-bit platform, the handle type is changed to 8 bytes, the ulong type is defined in the compiler as a ulong32 type, that is, a 32-bit unsigned integer, resulting in a member offset deviation in the structure.

In Windows, the process ID is represented by the handle type, rather than the ulong type. Note This when porting the platform! Too many people like to express the process ID in the ulong type.

Typedef struct _ system_threads
{
Large_integer kerneltime;
Large_integer usertime;
Large_integer createtime;
Ulong waittime;
Pvoid startaddress;
Client_id clientid;
Kpriority priority;
Kpriority basepriority;
Ulong contextswitchcount;
Ulong threadstate;
Kwait_reason waitreason;
Ulong reserved; // Add
} System_threads, * psystem_threads;

Typedef struct _ system_processes
{
Ulong nextentrydelta;
Ulong threadcount;
Ulong reserved [6];
Large_integer createtime;
Large_integer usertime;
Large_integer kerneltime;
Unicode_string processname;
Kpriority basepriority;
Handle processid; // modify
Handle inheritedfromprocessid; // modify
Ulong handlecount;
Ulong sessionid;
Ulong_ptr pagedirectorybase;
Vm_counters vmcounters;
Size_t privatepagecount; // Add
Io_counters iocounters; // Windows 2000 only
Struct _ system_threads threads [1];
} System_processes, * psystem_processes;

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More