All 3 messages wiil be printed out,and dimBuffer will be 0 after the first call to NtQuerySystemInformation( )Code:#define SystemHandleInformation 0x10 typedef struct _SYSTEM_HANDLE_INFORMATION { ULONG ProcessId; UCHAR ObjectTypeNumber; UCHAR Flags; USHORT Handle; PVOID Object; ACCESS_MASK GrantedAccess; } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; typedef struct _SYSTEM_HANDLE_INFORMATION_EX { ULONG NumberOfHandles; SYSTEM_HANDLE_INFORMATION Information[1]; } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX; typedef DWORD (WINAPI *PfZwQuerySystemInformation)(int, PBYTE, ULONG, PULONG); PfZwQuerySystemInformation MyZwQuerySystemInformation; PSYSTEM_HANDLE_INFORMATION_EX pStruct; ULONG dimBuffer = sizeof(SYSTEM_HANDLE_INFORMATION); pStruct = (PSYSTEM_HANDLE_INFORMATION_EX)malloc(dimBuffer); MyZwQuerySystemInformation = (PfZwQuerySystemInformation)GetProcAddress(GetModuleHandle("ntdll.dll"),"ZwQuerySystemInformation"); #define STATUS_INFO_LENGTH_MISMATCH 0xC0000004L #define STATUS_BUFFER_OVERFLOW 0x80000005L if(STATUS_INFO_LENGTH_MISMATCH == MyZwQuerySystemInformation(SystemHandleInformation, (PBYTE)pStruct, dimBuffer, &dimBuffer)) MessageBox(NULL,"STATUS_INFO_LENGTH_MISMATCH","",MB_OK | MB_ICONERROR); else goto QUERY_OK; // realloc pStruct free(pStruct); char c[20]; sprintf(c,"0x%x",dimBuffer);MessageBox(NULL,c,"dimBuffer",MB_OK); pStruct = (PSYSTEM_HANDLE_INFORMATION_EX)malloc(dimBuffer); if(STATUS_INFO_LENGTH_MISMATCH == MyZwQuerySystemInformation(SystemHandleInformation, (PBYTE)pStruct, dimBuffer, &dimBuffer)){ MessageBox(NULL,"STATUS_INFO_LENGTH_MISMATCH","",MB_OK | MB_ICONERROR); return; } QUERY_OK: // .......
the second call fails because dimBuffer is 0,but shouldn't the first call assign a nonzero value to it???
