Archive for December, 2008

Windows Vista Recovery Disc

Monday, December 29th, 2008

Vi segnalo questo interessante post:

http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/

Si tratta di un disco di 120 MB per poter eseguire il recovery di un installazione di Vista danneggiata. Purtroppo mi è capitato che si guastasse Vista (ma che strano :-) ) qualche file di configurazione ed il boot non era più praticabile, con questo CD ho potuto recuperare il mio sistema senza troppa fatica.

Posted in Uncategorized | No Comments »

How to use NtQuerySystemInformation

Saturday, December 27th, 2008

NtQuerySystemaInformation http://msdn.microsoft.com/en-us/library/ms724509(VS.85).aspx is useful undocumented and discouraged API of ntdll.dll. This API shouldn’t be used but in some case is a short way to get a lot information.

With this API you can make a lot of thinks but in this example is used to get some information about process.

This function should be linked at runtime, see more information at this link: http://msdn.microsoft.com/en-us/library/ms686944(VS.85).aspx.

To invoke NtQuerySystemInformation you should pass the follow argument:

  • Kind of information that you want get, in this example the SystemProcessInformation.
  • Address of a chunk of memory to place all information.
  • Size of previous chunk of memory.
  • A integer passed by reference that will filled with the size of return value.

Unfortunately size of second arguments isn’t know, a solution is pass a chunk of memory and if it is too small retry. This solution is possible because the NtQuerySystemInformation in case of a chunk of memory is too small it return a specific error code.

In this example enumerations and structures used by this program are placed in stdafx.h header file.

This example is written with Visual Studio 2008.

Download example

Tags: ,
Posted in C++, Coding | No Comments »