I want to take SystemBasicInformation, SystemPerformanceInformation, SystemFileCacheInformation in kernel-space(from my nonPnP driver). But I can't call NtQuerySystemInformation in kernel-space, because it needs the user-space ntdll.lib. Does anybody know the same NtQuerySystemInformation in kernel-space?
What you are looking probably is ZwQuerySystemInformation
Zw indicates that it is for drivers, so you can always google some API with Zw prefix.
Also, why do you think that ntdll.lib means that API has to be called from user space? NtQuerySystemInformation should work as well, have you tried it, or just made a guess?
I want to take SystemBasicInformation, SystemPerformanceInformation, SystemFileCacheInformation in kernel-space(from my nonPnP driver). But I can't call NtQuerySystemInformation in kernel-space, because it needs the user-space ntdll.lib. Does anybody know the same NtQuerySystemInformation in kernel-space?
What you are looking probably is ZwQuerySystemInformation
Zw indicates that it is for drivers, so you can always google some API with Zw prefix.
Also, why do you think that ntdll.lib means that API has to be called from user space? NtQuerySystemInformation should work as well, have you tried it, or just made a guess?
0 commentaires:
Enregistrer un commentaire