On 2012-10-04 13:07, Christian Costa wrote: > 2012/10/4 Paul Chitescu <pa...@voip.null.ro> >> AFAIK the structure differs for each major version of Windows and some SP >> too. >> >> > I was expecting something like this. :( > > >> At the minimum I saw some drivers expecting that at the returned pointer >> to be >> a "System" C-style string. >> > > Which windows version it is ? In Vista definition the first basic element > can be either an UCHAR or an ULONG. Not a char buffer.
What all versions have in common is that processes are dispatcher objects. Thus the EPROCESS/KPROCESS structure starts with a DISPATCHER_HEADER.