Databases
StackOverflow2013
Postsdbo
PODefining Function Pointers
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PODefining Function Pointers
    primarykey
    data
    text
    <p>I am trying to call the internal Windows NT API function NtOpenProcess. I know calling internal APIs can be a bad idea, but for this particular tool I need the low-level access this API provides.</p> <p>My problem is that to use such an internal API, I need to use Runtime Dynamic Linking, as specified in <a href="http://msdn.microsoft.com/en-us/library/ms686944(VS.85).aspx" rel="noreferrer">this article</a></p> <p>To do that, I need to define a function pointer to NtOpenProcess. Here's my declaration:</p> <pre><code>typedef NTSTATUS (NTAPI *_NtOpenProcess) ( OUT PHANDLE, IN ACCESS_MASK, IN POBJECT_ATTRIBUTES, IN PCLIENT_ID OPTIONAL); class procManager { HINSTANCE hNTDLL; public: procManager() { hNTDLL = LoadLibrary(L"ntdll.dll"); if (!hNTDLL) throw std::runtime_error("NTDLL.DLL failure."); _NtOpenProcess NtOpenProcess; NtOpenProcess = reinterpret_cast &lt;_NtOpenProcess&gt; (GetProcAddress(hNTDLL, L"NtOpenProcess")); if (!NtOpenProcess) throw std::runtime_error("NtOpenProcess not found."); //Use NTOpenProcess for stuff here }; ~procManager() { FreeLibrary(hNTDLL); }; }; </code></pre> <p>Problem is, apparently there is an error in my typedef above. The compiler returns:</p> <blockquote> <p>error C2059: syntax error : '__stdcall'</p> </blockquote> <p>I used the handy dandy "Go To Definition" feature of my IDE (Visual Studio 2008) and found that NTAPI in the declaration is defined as __stdcall.</p> <p>Unfortunately, removing NTAPI from my declaration, making it this:</p> <pre><code>typedef NTSTATUS (*_NtOpenProcess) ( OUT PHANDLE, IN ACCESS_MASK, IN POBJECT_ATTRIBUTES, IN PCLIENT_ID OPTIONAL); </code></pre> <p>results in another error:</p> <blockquote> <p>error C2065: '_NtOpenProcess' : undeclared identifier</p> </blockquote> <p>At this point I'm saying "Of course it's undefined, that's why it's a typedef!"</p> <p>Does anyone see my error in the declaration?</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USÓlafur Waage
    1. USBilly ONeal
    plurals
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. PODefining Function Pointers
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PODefining Function Pointers
      1. USBobbyShaftoe
      1. VTFavorite
    3. VO
      singulars
      1. PODefining Function Pointers
      1. This table or related slice is empty.
      1. VTUpMod
    1. COGet ntdll.lib from the DDK and link statically.
      singulars
      1. PODefining Function Pointers
      1. USAnton Tykhyy
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload