Help me please.
PostPosted:Thu Aug 09, 2018 2:28 pm
Hello guys,today i'm just trying to list all processes in kernel mode by using the plist entry struct (blink and flink).
I understand if i want to access to the plist entry structure from a process i gotta do this little operation to access in it in mem
------------------------------------------
PEPROCESS thisProcess;
PLIST_ENTRY currentLink;
ULONG thisProcessAddr=0;
thisProcess=PsGetCurrentProcess(); //current process: System pid 4
thisProcessAddr=(ULONG)thisProcess // to obtain his address in mem
currentLink = ((PLIST_ENTRY)thisProcessAddr + ACTIVE_PROCESS_LINK_OFFS64// windows 10 x64); //ACTIVE_PROCESS_LINK_OFFS64 windows 10 x64 offset to the listentry of the eprocess struct
---------------------------------------------------------
Then idk what to do, i tried to search everywhere but i'm stucked.
Thank you.
I understand if i want to access to the plist entry structure from a process i gotta do this little operation to access in it in mem
------------------------------------------
PEPROCESS thisProcess;
PLIST_ENTRY currentLink;
ULONG thisProcessAddr=0;
thisProcess=PsGetCurrentProcess(); //current process: System pid 4
thisProcessAddr=(ULONG)thisProcess // to obtain his address in mem
currentLink = ((PLIST_ENTRY)thisProcessAddr + ACTIVE_PROCESS_LINK_OFFS64// windows 10 x64); //ACTIVE_PROCESS_LINK_OFFS64 windows 10 x64 offset to the listentry of the eprocess struct
---------------------------------------------------------
Then idk what to do, i tried to search everywhere but i'm stucked.
Thank you.