Adding a related function to NtQueryInformationProcess #18

libyanlake · 2024-12-29T22:48:20Z

Decompilation of GetLogicalDrives shows it uses NtQueryInformationProcess under the hood;

DWORD GetLogicalDrives
{
      int32_t buffer;
      NTSTATUS status = NtQueryInformationProcess(-1, 0x17, &buffer, 0x24, 0);
      
      if (status < STATUS_SUCCESS)
      {
          BaseSetLastNTError(status);
          return 0;
      }
      
      int32_t rax = buffer;
      
      if (rax != 0)
          return rax;
      
      RtlSetLastWin32Error(0);
      return buffer;
}

As such, I find it logical to add it to the "Related Win32 API" paragraph.

m417z · 2024-12-30T06:52:42Z

@diversenok can you review please?

diversenok · 2024-12-30T15:44:29Z

Yeah, looks good.
@libyanlake, you can also add the same link in processinfoclass.md under related APIs for ProcessDeviceMap (23) since that's what the function uses.

libyanlake · 2024-12-30T22:41:38Z

Sure, done. Is there anywhere else it should be added?

m417z · 2024-12-31T08:31:53Z

Thanks!

Add more details to ntqueryinformationprocess.md

eb9d3aa

add more info to processinfoclass.md

9ee708a

m417z merged commit 24af683 into m417z:main Dec 31, 2024
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Adding a related function to NtQueryInformationProcess #18

Adding a related function to NtQueryInformationProcess #18

libyanlake commented Dec 29, 2024 •

edited

Loading

m417z commented Dec 30, 2024

diversenok commented Dec 30, 2024

libyanlake commented Dec 30, 2024

m417z commented Dec 31, 2024

Adding a related function to NtQueryInformationProcess #18

Adding a related function to NtQueryInformationProcess #18

Conversation

libyanlake commented Dec 29, 2024 • edited Loading

m417z commented Dec 30, 2024

diversenok commented Dec 30, 2024

libyanlake commented Dec 30, 2024

m417z commented Dec 31, 2024

libyanlake commented Dec 29, 2024 •

edited

Loading