Class NtDllFFM
java.lang.Object
oshi.ffm.ForeignFunctions
oshi.ffm.windows.WindowsForeignFunctions
oshi.ffm.windows.NtDllFFM
FFM bindings for NtDll functions and structures used for process information queries.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StructLayoutstatic final longstatic final StructLayoutstatic final longstatic final intstatic final StructLayoutstatic final StructLayoutstatic final StructLayoutstatic final StructLayoutstatic final StructLayoutstatic final longstatic final longstatic final longstatic final longstatic final longstatic final longFields inherited from class ForeignFunctions
CAPTURE_CALL_STATE, CAPTURED_STATE_LAYOUT, ERRNO_HANDLE, LIBRARY_ARENA, LINKER, NATIVE_LONG_SIZE, NATIVE_POINTER_SIZE, NATIVE_SIZE_T_SIZE, SYMBOL_LOOKUP -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic intNtQueryInformationProcess(MemorySegment processHandle, int processInformationClass, MemorySegment processInformation, int processInformationLength, MemorySegment returnLength) Retrieves information about the specified process.static StringreadUnicodeString(MemorySegment processHandle, MemorySegment unicodeString, Arena arena) Reads a UNICODE_STRING from process memory.Methods inherited from class WindowsForeignFunctions
checkSuccess, isSuccess, readAnsiString, readWideString, setupTokenPrivileges, toWideStringMethods inherited from class ForeignFunctions
downcall, getByteArrayFromNativePointer, getErrno, getStringFromNativePointer, getStructFromNativePointer, lib, libraryLookup
-
Field Details
-
PROCESS_BASIC_INFORMATION
public static final int PROCESS_BASIC_INFORMATION- See Also:
-
UNICODE_STRING
-
UNICODE_STRING_LENGTH_OFFSET
public static final long UNICODE_STRING_LENGTH_OFFSET -
UNICODE_STRING_BUFFER_OFFSET
public static final long UNICODE_STRING_BUFFER_OFFSET -
CURDIR
-
STRING
-
RTL_DRIVE_LETTER_CURDIR
-
PROCESS_BASIC_INFORMATION_STRUCT
-
PBI_PEB_BASE_ADDRESS_OFFSET
public static final long PBI_PEB_BASE_ADDRESS_OFFSET -
PEB
-
PEB_PROCESS_PARAMETERS_OFFSET
public static final long PEB_PROCESS_PARAMETERS_OFFSET -
RTL_USER_PROCESS_PARAMETERS
-
UPP_CURRENT_DIRECTORY_OFFSET
public static final long UPP_CURRENT_DIRECTORY_OFFSET -
UPP_COMMAND_LINE_OFFSET
public static final long UPP_COMMAND_LINE_OFFSET -
UPP_ENVIRONMENT_OFFSET
public static final long UPP_ENVIRONMENT_OFFSET -
UPP_ENVIRONMENT_SIZE_OFFSET
public static final long UPP_ENVIRONMENT_SIZE_OFFSET
-
-
Constructor Details
-
NtDllFFM
public NtDllFFM()
-
-
Method Details
-
NtQueryInformationProcess
public static int NtQueryInformationProcess(MemorySegment processHandle, int processInformationClass, MemorySegment processInformation, int processInformationLength, MemorySegment returnLength) Retrieves information about the specified process.- Parameters:
processHandle- A handle to the processprocessInformationClass- The type of process information to be retrievedprocessInformation- Buffer to receive the requested informationprocessInformationLength- Size of the bufferreturnLength- Pointer to receive the actual size of the information returned- Returns:
- NTSTATUS code (0 indicates success)
-
readUnicodeString
public static String readUnicodeString(MemorySegment processHandle, MemorySegment unicodeString, Arena arena) Reads a UNICODE_STRING from process memory.- Parameters:
processHandle- Handle to the processunicodeString- The UNICODE_STRING segment containing Length and Buffer pointerarena- Arena for memory allocation- Returns:
- The string content, or empty string on failure
-