Re: [PATCH 1/3] ntoskrnl.exe: Add include/ddk/ntifs.h header with EPROCESS struct definition.
On Friday 05 October 2012 10:00:00 am Christian Costa wrote:
include/ddk/ntifs.h | 555 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 555 insertions(+) create mode 100644 include/ddk/ntifs.h
diff --git a/include/ddk/ntifs.h b/include/ddk/ntifs.h new file mode 100644 [...]
What version of Windows were these extracted from?
2012/10/5 Paul Chitescu paulc@voip.null.ro
On Friday 05 October 2012 10:00:00 am Christian Costa wrote:
include/ddk/ntifs.h | 555 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 555 insertions(+) create mode 100644 include/ddk/ntifs.h
diff --git a/include/ddk/ntifs.h b/include/ddk/ntifs.h new file mode 100644 [...]
What version of Windows were these extracted from?
It's Vista. I didn't take these declarations directly from the ddk but on
several sources on the web. I've just downloaded the DDK 7.1.0 to verify and make some changes if needed.
2012/10/5 Christian Costa titan.costa@gmail.com
2012/10/5 Paul Chitescu paulc@voip.null.ro
On Friday 05 October 2012 10:00:00 am Christian Costa wrote:
include/ddk/ntifs.h | 555 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 555 insertions(+) create mode 100644 include/ddk/ntifs.h
diff --git a/include/ddk/ntifs.h b/include/ddk/ntifs.h new file mode 100644 [...]
What version of Windows were these extracted from?
It's Vista. I didn't take these declarations directly from the ddk but on
several sources on the web. I've just downloaded the DDK 7.1.0 to verify and make some changes if needed.
I cannot find these definitions in ddk 7.1.0 headers. It does not seem they are supposed to be in the DDK.
I based my patch on these ones at http://www.nirsoft.net/kernel_struct/vista/EPROCESS.html. I saw on the web that ntifs.h was always involved.
-
Christian Costa -
Paul Chitescu