Re: "\\Re: "\\Re: "Re: Ál"\\lás -> Wind"ows könyv"""

[hwsw famulus]

kozben egy attekinto iromany sok erdekes temaval....
http://osg.informatik.tu-chemnitz.de/publikat/papers/00/WINNT.pdf

> De ha elkuldod a PEPROCESS struktura deklaraciojat. 

Igazabol nem erintett ez a terulet sose, ezert nem is ertek hozza, de
vaktyuk alapon nem lehet, hogy a struktura amire mutat az ez?

 struct _EPROCESS {
     struct _KPROCESS Pcb;
     int32    ExitStatus;
     struct _KEVENT LockEvent;
     uint32   LockCount;
     union _LARGE_INTEGER CreateTime;
     union _LARGE_INTEGER ExitTime;
     struct _KTHREAD *LockOwner;
     void     *UniqueProcessId;
     struct _LIST_ENTRY ActiveProcessLinks;
     uint32   QuotaPeakPoolUsage[2];
     uint32   QuotaPoolUsage[2];
     uint32   PagefileUsage;
     uint32   CommitCharge;
     uint32   PeakPagefileUsage;
     uint32   PeakVirtualSize;
     uint32   VirtualSize;
     struct _MMSUPPORT Vm;
     struct _LIST_ENTRY SessionProcessLinks;
     void     *DebugPort;
     void     *ExceptionPort;
     struct _HANDLE_TABLE *ObjectTable;
     void     *Token;
     struct _FAST_MUTEX WorkingSetLock;
     uint32   WorkingSetPage;
     byte     ProcessOutswapEnabled;
     byte     ProcessOutswapped;
     byte     AddressSpaceInitialized;
     byte     AddressSpaceDeleted;
     struct _FAST_MUTEX AddressCreationLock;
     uint32   HyperSpaceLock;
     struct _ETHREAD *ForkInProgress;
     uint16   VmOperation;
     byte     ForkWasSuccessful;
     byte     MmAgressiveWsTrimMask;
     struct _KEVENT *VmOperationEvent;
     void     *PaeTop;
     uint32   LastFaultCount;
     uint32   ModifiedPageCount;
     void     *VadRoot;
     void     *VadHint;
     void     *CloneRoot;
     uint32   NumberOfPrivatePages;
     uint32   NumberOfLockedPages;
     uint16   NextPageColor;
     byte     ExitProcessCalled;
     byte     CreateProcessReported;
     void     *SectionHandle;
     struct _PEB *Peb;
     void     *SectionBaseAddress;
     struct _EPROCESS_QUOTA_BLOCK *QuotaBlock;
     int32    LastThreadExitStatus;
     struct _PAGEFAULT_HISTORY *WorkingSetWatch;
     void     *Win32WindowStation;
     void     *InheritedFromUniqueProcessId;
     uint32   GrantedAccess;
     uint32   DefaultHardErrorProcessing;
     void     *LdtInformation;
     void     *VadFreeHint;
     void     *VdmObjects;
     void     *DeviceMap;
     uint32   SessionId;
     struct _LIST_ENTRY PhysicalVadList;
     struct _HARDWARE_PTE_X86 PageDirectoryPte;
     uint64   Filler;
     uint32   PaePageDirectoryPage;
     byte     ImageFileName[16];
     uint32   VmTrimFaultValue;
     byte     SetTimerResolution;
     byte     PriorityClass;
     byte     SubSystemMinorVersion;
     byte     SubSystemMajorVersion;
     uint16   SubSystemVersion;
     void     *Win32Process;
     struct _EJOB *Job;
     uint32   JobStatus;
     struct _LIST_ENTRY JobLinks;
     void     *LockedPagesList;
     void     *SecurityPort;
     struct _WOW64_PROCESS *Wow64Process;
     union _LARGE_INTEGER ReadOperationCount;
     union _LARGE_INTEGER WriteOperationCount;
     union _LARGE_INTEGER OtherOperationCount;
     union _LARGE_INTEGER ReadTransferCount;
     union _LARGE_INTEGER WriteTransferCount;
     union _LARGE_INTEGER OtherTransferCount;
     uint32   CommitChargeLimit;
     uint32   CommitChargePeak;
     struct _LIST_ENTRY ThreadListHead;
     struct _RTL_BITMAP *VadPhysicalPagesBitMap;
     uint32   VadPhysicalPages;
     uint32   AweLock;
};