Menu
I came across a short C++ code designed to prevent applications from stealing focus using DLL injection. As usual with C++, I have problems with things being undefined and libraries being missing.
Specifically, this constant is undefined: SYSTEM_INFORMATION_CLASS. In this code:
typedef NTSTATUS( WINAPI* PNT_QUERY_SYSTEM_INFORMATION ) (
__in SYSTEM_INFORMATION_CLASS SystemInformationClass,
__inout PVOID SystemInformation,
__in ULONG SystemInformationLength,
__out_opt PULONG ReturnLength
);
The windows.h is already included so it must be something else missing. When googling that, I got lot of results about getting the CPU temperature, but I can't see what should I include in them...
723
As stated in the documentation, this enum is defined in the Winternl.h header file. The definition in the header file from the version 7.1 SDK is:
typedef enum _SYSTEM_INFORMATION_CLASS {
SystemBasicInformation = 0,
SystemPerformanceInformation = 2,
SystemTimeOfDayInformation = 3,
SystemProcessInformation = 5,
SystemProcessorPerformanceInformation = 8,
SystemInterruptInformation = 23,
SystemExceptionInformation = 33,
SystemRegistryQuotaInformation = 37,
SystemLookasideInformation = 45
} SYSTEM_INFORMATION_CLASS;
This NT API function is somewhat under documented. There are other values which you can find by searching online. As to how to use those other values, again you may need to take a leap of faith and rely on reverse engineered information that you can find from a web search.
Using undocumented functionality is risky business. Do not be surprised if Microsoft change or remove functionality in a future release, thus breaking your program. You might care to think twice before using undocumented functionality, or functionality that is documented as being liable to change in the future. Again, the documentation that I linked to does warn you about that in this way:
NtQuerySystemInformation may be altered or unavailable in future versions of Windows. Applications should use the alternate functions listed in this topic.
131
Finally, I found some SYSTEM_INFORMATION_CLASS definition using search terms "typedef SYSTEM_INFORMATION_CLASS". Though at the time of posting this, my own question is 3rd result...
Here's what I've got:
typedef enum _SYSTEM_INFORMATION_CLASS {
SystemBasicInformation,
SystemProcessorInformation,
SystemPerformanceInformation,
SystemTimeOfDayInformation,
SystemPathInformation,
SystemProcessInformation,
SystemCallCountInformation,
SystemDeviceInformation,
SystemProcessorPerformanceInformation,
SystemFlagsInformation,
SystemCallTimeInformation,
SystemModuleInformation,
SystemLocksInformation,
SystemStackTraceInformation,
SystemPagedPoolInformation,
SystemNonPagedPoolInformation,
SystemHandleInformation,
SystemObjectInformation,
SystemPageFileInformation,
SystemVdmInstemulInformation,
SystemVdmBopInformation,
SystemFileCacheInformation,
SystemPoolTagInformation,
SystemInterruptInformation,
SystemDpcBehaviorInformation,
SystemFullMemoryInformation,
SystemLoadGdiDriverInformation,
SystemUnloadGdiDriverInformation,
SystemTimeAdjustmentInformation,
SystemSummaryMemoryInformation,
SystemNextEventIdInformation,
SystemEventIdsInformation,
SystemCrashDumpInformation,
SystemExceptionInformation,
SystemCrashDumpStateInformation,
SystemKernelDebuggerInformation,
SystemContextSwitchInformation,
SystemRegistryQuotaInformation,
SystemExtendServiceTableInformation,
SystemPrioritySeperation,
SystemPlugPlayBusInformation,
SystemDockInformation,
SystemPowerInformation,
SystemProcessorSpeedInformation,
SystemCurrentTimeZoneInformation,
SystemLookasideInformation
} SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;
Being unable to compile anything, I can't be sure it's correct. I just created new .hpp file and added the code above to it.
23
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With