Parameter "ReturnLength" always "0" when NtQuerySystemInformation is called,...

K

Kerem Gümrükcü

Hi,

the topic says all. I use this code from C# to call the
NtQuerySystemInformation.
When i call NtQuerySystemInformation the first time with zero buffer length
to
get the buffer size needed for the information i get a
STATUS_INFO_LENGTH_MISMATCH
which is -1073741820 in number, this is ok, but why does the function not
store the required
buffer size in "ReturnLength"? Its always zero,...why? Is something wrong
with my declaration:

[DllImport("ntdll.dll",
EntryPoint = "NtQuerySystemInformation",
SetLastError = true,
CharSet = CharSet.Unicode,
ExactSpelling = true,
CallingConvention = CallingConvention.Winapi)]
public static extern int NtQuerySystemInformation(
SYSTEM_INFORMATION_CLASS SystemInformationClass,
IntPtr SystemInformation,
uint SystemInformationLength,
out uint ReturnLength);

uint l = 0;
IntPtr ptrBuffer = Marshal.AllocHGlobal(10000000); //just some "buffer"
space, not used
int err = DRWin32APIClass.NtQuerySystemInformation(
DRWin32APIClass.SYSTEM_INFORMATION_CLASS.SystemBasicInformation,
ptrBuffer,
10000000,
out l);

MessageBox.Show(DRWin32APIClass.NtStatusToWin32Exception(err).Message + "\n"
+ err.ToString() + "\n" + l.ToString());

Marshal.FreeHGlobal(ptrBuffer);

The "ReturnLength" is always zero (0),...very strange. I am doing something
wrong here,...

I know that i can use for this class the Win32 API GetSystemInfo(...), but
the
call fails on any class, no matter if i want some Handles/Objects, etc
Information,...


Regards

Kerem

--
 
M

Mattias Sjögren

the topic says all. I use this code from C# to call the
NtQuerySystemInformation.
When i call NtQuerySystemInformation the first time with zero buffer length
to
get the buffer size needed for the information i get a
STATUS_INFO_LENGTH_MISMATCH
which is -1073741820 in number, this is ok, but why does the function not
store the required
buffer size in "ReturnLength"? Its always zero,...why?
Click to expand...


It is (or was) a bug in the function implementation. Don't know which
OS version you're running, but it looks like they've fixed it in
Vista.


Mattias
 
K

Kerem Gümrükcü

Hi Matthias,

thanks for the reply. I use XP SP3 up2date and i cant
get it work, still cant get it work and it is really not
clear to me, why this fails,...

If you have any idea how i can fix this, please
let me know, or know an alternative to enumerate
all kernel objects on a system like mutants, mutexes,
etc,...

I could write a writer for this and use a user defined
IOCTL to move the data from Kernel to Userland,
but since this can be done, at least what i need here,
with User Mode Code, there is no need for a Driver
so far,...



Regards

Kerem

--
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

accessing COM from C# with an IStream** parameter 7
Unmanaged buffer problem? 2
Protection Fault! 3
Changing Time Zone using Interop 0
SendInput() Always Returns "0" 1
SendInput Always Returns "0" 5
Parameter passing question 2
Wrapping DeviceIoControl() for IOCTL_VIDEO_QUERY_DISPLAY_BRIGHTNES 0

Top