4 Oct
2012
4 Oct
'12
11:18 a.m.
On 2012-10-04 13:07, Christian Costa wrote:
2012/10/4 Paul Chitescu paulc@voip.null.ro
AFAIK the structure differs for each major version of Windows and some SP too.
I was expecting something like this. :(
At the minimum I saw some drivers expecting that at the returned pointer to be a "System" C-style string.
Which windows version it is ? In Vista definition the first basic element can be either an UCHAR or an ULONG. Not a char buffer.
What all versions have in common is that processes are dispatcher objects. Thus the EPROCESS/KPROCESS structure starts with a DISPATCHER_HEADER.