Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Development
  New Posts New Posts RSS Feed - zwcreateprocess undeclared
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

zwcreateprocess undeclared

 Post Reply Post Reply
Author
Message
daehyeok View Drop Down
Newbie
Newbie


Joined: 28 January 2010
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote daehyeok Quote  Post ReplyReply Direct Link To This Post Topic: zwcreateprocess undeclared
    Posted: 28 January 2010 at 7:34am
 i tried hook zwcreateprocess
 using gooing i am found some code hook zwcreatefile and modify code to hook zwcreateprocess ;;
 i got link error( when compile using wdk)
 
 error C2065: 'ZwCreateProcess' : undeclared identifier
 
my code worked when i hook  zwcreatefile  
 wdk not permit to use 'ZwCreateProcess' ??
Back to Top
wj32 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 16 January 2009
Location: Australia
Status: Offline
Points: 1016
Post Options Post Options   Thanks (0) Thanks(0)   Quote wj32 Quote  Post ReplyReply Direct Link To This Post Posted: 28 January 2010 at 7:44am
You're not supposed to use Nt/ZwCreateProcess. It's not in the headers, and it's not even exported. The only way you're going to hook that function is by looking at the SSDT (KeServiceDescriptorTable).
PH, a free and open source process viewer.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down