Closed cybexr closed 9 months ago
The function works like this, but NtQueryInformationProcess always return -1073741820 , codes like:
buf: TSynTempBuffer; begin if NtQueryInformationProcess(prochandle, ProcessBasicInformation, buf.buf, buf.len, @sizeneeded) < 0 then
After some digging, the error code means STATUS_INFO_LENGTH_MISMATCH, see links below https://binarysharp.com/topic/14-error-when-attaching-to-a-process/ https://stackoverflow.com/questions/17152735/getting-the-teb-of-a-64bit-process-on-windows
and MS_PROCESS_BASIC_INFORMATION record definition already considers the padding, the problem occurs with buf.len,windows consider this length illegal, so can I post a Pull Request?
Of course, please post a Pull Request. :)
The function works like this, but NtQueryInformationProcess always return -1073741820 , codes like:
buf: TSynTempBuffer; begin if NtQueryInformationProcess(prochandle, ProcessBasicInformation, buf.buf, buf.len, @sizeneeded) < 0 then
After some digging, the error code means STATUS_INFO_LENGTH_MISMATCH, see links below https://binarysharp.com/topic/14-error-when-attaching-to-a-process/ https://stackoverflow.com/questions/17152735/getting-the-teb-of-a-64bit-process-on-windows
and MS_PROCESS_BASIC_INFORMATION record definition already considers the padding, the problem occurs with buf.len,windows consider this length illegal, so can I post a Pull Request?