Code:
#define SystemHandleInformation 0x10
typedef struct _SYSTEM_HANDLE_INFORMATION {
ULONG ProcessId;
UCHAR ObjectTypeNumber;
UCHAR Flags;
USHORT Handle;
PVOID Object;
ACCESS_MASK GrantedAccess;
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
ULONG NumberOfHandles;
SYSTEM_HANDLE_INFORMATION Information[1];
} SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
typedef DWORD (WINAPI *PfZwQuerySystemInformation)(int, PBYTE, ULONG, PULONG);
PfZwQuerySystemInformation MyZwQuerySystemInformation;
PSYSTEM_HANDLE_INFORMATION_EX pStruct;
ULONG dimBuffer = sizeof(SYSTEM_HANDLE_INFORMATION);
pStruct = (PSYSTEM_HANDLE_INFORMATION_EX)malloc(dimBuffer);
MyZwQuerySystemInformation = (PfZwQuerySystemInformation)GetProcAddress(GetModuleHandle("ntdll.dll"),"ZwQuerySystemInformation");
#define STATUS_INFO_LENGTH_MISMATCH 0xC0000004L
#define STATUS_BUFFER_OVERFLOW 0x80000005L
if(STATUS_INFO_LENGTH_MISMATCH == MyZwQuerySystemInformation(SystemHandleInformation, (PBYTE)pStruct, dimBuffer, &dimBuffer))
MessageBox(NULL,"STATUS_INFO_LENGTH_MISMATCH","",MB_OK | MB_ICONERROR);
else goto QUERY_OK;
// realloc pStruct
free(pStruct);
char c[20]; sprintf(c,"0x%x",dimBuffer);MessageBox(NULL,c,"dimBuffer",MB_OK);
pStruct = (PSYSTEM_HANDLE_INFORMATION_EX)malloc(dimBuffer);
if(STATUS_INFO_LENGTH_MISMATCH == MyZwQuerySystemInformation(SystemHandleInformation, (PBYTE)pStruct, dimBuffer, &dimBuffer)){
MessageBox(NULL,"STATUS_INFO_LENGTH_MISMATCH","",MB_OK | MB_ICONERROR);
return;
}
QUERY_OK:
// .......
All 3 messages wiil be printed out,and dimBuffer will be 0 after the first call to NtQuerySystemInformation( )
the second call fails because dimBuffer is 0,but shouldn't the first call assign a nonzero value to it???