11,574 questions
Okay I solved my issue while looking at : http://www.dotnetframework.org/default.aspx/DotNET/DotNET/8@0/untmp/whidbey/REDBITS/ndp/fx/src/Services/Monitoring/system/Diagnosticts/ProcessManager@cs/1/ProcessManager@cs
ZwQuerySystemInformation | SystemProcessInformation
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 73%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Arsium *****
331
Reputation points
So my problem is :
int nHandleInfoSize = 0x10000;
void* ipHandlePointer = (void*)Marshal.AllocHGlobal((IntPtr)nHandleInfoSize);
int nLength = 0;
while (ZwQuerySystemInformation(Enumerations._SYSTEM_INFORMATION_CLASS.SystemProcessInformation, ipHandlePointer, nHandleInfoSize, out nLength) == NtDll.NTSTATUS.STATUS_INFO_LENGTH_MISMATCH)
{
nHandleInfoSize = nLength;
Marshal.FreeHGlobal((IntPtr)ipHandlePointer);
ipHandlePointer = (void*)Marshal.AllocHGlobal(nLength);
}
// MessageBox.Show(RtlGetNativeSystemInformation(Enumerations._SYSTEM_INFORMATION_CLASS.SystemBasicInformation, ipHandlePointer, nHandleInfoSize, out nLength).ToString());
Structures._SYSTEM_PROCESS_INFORMATION* strstr = (Structures._SYSTEM_PROCESS_INFORMATION*)ipHandlePointer;
MessageBox.Show(nLength.ToString());
MessageBox.Show(strstr-> UniqueProcessId.ToString());
When I try this code, I got success with NTSTATUS of my function , I got the lenght of information , but when I try to read information , some of them got 0 like UniqueProcessId but NumberOfThreads returned a number any idea or advice ?