Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #define echo(x) x
- #define label(x) echo(x)__LINE__
- #define RTL_CONSTANT_STRINGW(s) { sizeof( s ) - sizeof( (s)[0] ), sizeof( s ),(PWSTR)(s) }
- #define STATIC_UNICODE_STRING(name, str) static const WCHAR label(__)[] = L##str; static const UNICODE_STRING name = RTL_CONSTANT_STRINGW(label(__))
- NTSTATUS GetCsrssPid(HANDLE* pUniqueProcessId)
- {
- NTSTATUS status;
- ULONG cb = 0x10000;
- do
- {
- status = STATUS_INSUFFICIENT_RESOURCES;
- if (PVOID buf = ExAllocatePool(PagedPool, cb))
- {
- if (0 <= (status = NtQuerySystemInformation(SystemProcessInformation, buf, cb, &cb)))
- {
- status = STATUS_NOT_FOUND;
- union {
- PSYSTEM_PROCESS_INFORMATION pspi;
- PVOID pv;
- PUCHAR pb;
- };
- pv = buf;
- ULONG NextEntryOffset = 0;
- do
- {
- pb += NextEntryOffset;
- STATIC_UNICODE_STRING(csrss, "csrss.exe");
- if (pspi->UniqueProcessId)
- DbgPrint("%p %wZ\n", pspi->UniqueProcessId, &pspi->ImageName);
- if (RtlEqualUnicodeString(&csrss, &pspi->ImageName, TRUE))
- {
- ///////// This part never is executed ///////
- *pUniqueProcessId = pspi->UniqueProcessId;
- DbgPrint("%p\n", *pUniqueProcessId);
- status = STATUS_SUCCESS;
- break;
- ////////////////////////////////////////////
- }
- } while (NextEntryOffset = pspi->NextEntryOffset);
- }
- ExFreePool(buf);
- }
- } while (status == STATUS_INFO_LENGTH_MISMATCH);
- return status;
- }
- // Usage:
- HANDLE hCsrssPid = (HANDLE)0;
- GetCsrssPid(&hCsrssPid);
- DbgPrint("%x\n", hCsrssPid);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
