Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Include NtQueryInformationProcess function and its associated structures like PROCESS_BASIC_INFORMATION/PEB/RTL_USER_PROCESS_PARAMETERS

See original GitHub issue

Is your feature request related to a problem? Please describe. I would request that we include NtQueryInformationProcess into Vanara.PInvoke.NTDll, and also put the associated structures for the function in suitable locations.

On a side note, given a UNICODE_STRING from the Vanara library, can I read its buffer contents from another process in an idiomatic way?

Issue Analytics

State:
Created 3 years ago
Comments:21 (11 by maintainers)

Top GitHub Comments

1reaction

ThomasLebruncommented, Jan 25, 2021

Using the code available here (https://stackoverflow.com/a/16142791/1438337), I get the correct CommandLine.

I’ve noticed there is a difference between this code and your: there is an offset when reading PebBaseAddress and when getting UNICODE_STRING_WOW64 / RTL_USER_PROCESS_PARAMETERS (offseet with different values according to x32/x64): maybe that could be the issue ?

I would like, if possible, not having to do the P/Invoke import on my side and rely on your lib instead 😃

1reaction

dahallcommented, Jan 25, 2021

public static string GetString(in UNICODE_STRING us, HPROCESS hProc)
{
	using var mem = new SafeCoTaskMemString(us.MaximumLength);
	return ReadProcessMemory(hProc, us.Buffer, mem, mem.Size, out _) ? mem : string.Empty;
}