Blizzhackers

http://msdn.microsoft.com/en-us/library ... 85%29.aspx
have a question about this api the second param'
it says it only has one SUPPORTED possibility... not that we can't obtain information and pass it on correct?
was kind of just wondering if this could be used to bypass NtQueryInformationProcess in a hook, by using this api to set proper Process Info o.O
Idk just woke up, still eh...
Had a long day yesterday coding syscalls which are still buggy-ish (or maybe its my write math fuck i hate console(External))
I know this api is INTENDED to set priority to memory within the workingset but, i was wondering if we could make our own ProcessInformationClass structure (modified of course) to pass on to this api.


Parameters

hProcess [in]

A handle to the process. This handle must have the PROCESS_SET_INFORMATION access right. For more information, see Process Security and Access Rights.
ProcessInformationClass [in]

The class of information to set. The only supported value is ProcessMemoryPriority.
ProcessInformation

Pointer to a structure that contains the type of information specified by the ProcessInformationClass parameter.

If the ProcessInformationClass parameter is ProcessMemoryPriority, this parameter must point to a MEMORY_PRIORITY_INFORMATION structure.
ProcessInformationSize [in]

The size in bytes of the structure specified by the ProcessInformation parameter.

If the ProcessInformationClass parameter is ProcessMemoryPriority, this parameter must be sizeof(MEMORY_PRIORITY_INFORMATION).

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

You developing for Windows 8?

7 ultimate is what I am running

Says minimum supported client is 8 RP and Server 12. What are you trying to do, exactly? They probably wont fully support that function until Win8 is released.

use in anti warden routines o.O lol .

QueryInformationProcess
route code to ->
make_it_look_like_it_should(bool iswardencalling?){
if(! iswardencalling=true){
return
}
else{
SetProcessInformation(properfixupofeverything);
}
}

Jumpback

Call QueryInformationProcess ->return;
o.O

All it does is set the priority of the process. :/

if you call it with the only "supported" class info param yes...
other than that no... we can make our own structures to call it from...

Enumeration type PROCESS_INFORMATION_CLASS is used in calls to NtQueryInformationProcess and NtSetInformationProcess.

typedef enum _PROCESS_INFORMATION_CLASS {

ProcessBasicInformation, ProcessQuotaLimits, ProcessIoCounters, ProcessVmCounters, ProcessTimes, ProcessBasePriority, ProcessRaisePriority, ProcessDebugPort, ProcessExceptionPort, ProcessAccessToken, ProcessLdtInformation, ProcessLdtSize, ProcessDefaultHardErrorMode, ProcessIoPortHandlers, ProcessPooledUsageAndLimits, ProcessWorkingSetWatch, ProcessUserModeIOPL, ProcessEnableAlignmentFaultFixup, ProcessPriorityClass, ProcessWx86Information, ProcessHandleCount, ProcessAffinityMask, ProcessPriorityBoost, MaxProcessInfoClass

} PROCESS_INFORMATION_CLASS, *PPROCESS_INFORMATION_CLASS;

Looks like it is just a Win32 of the Nt function(s). For OS prior to Win8 RP, you'll probably need to call NtQuery/NtSet anyway.

having trouble with NtQuery o.O

What kind of trouble?

cant get the callgate setup proper o.O

You shouldn't need a callgate for NtQuery. All you have to do is set up a definition.



If you don't have the proper headers, you can always define your own PROCESSINFOCLASS enumerations and structures. You can literally just Copy/Paste from MSDN.