Andrey Bazhan AndreyBazhan
AndreyBazhan
/ ws.cpp
Created
May 27, 2019 19:49
Process Explorer: Process Properties->Performance tab performance issue
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <psapi.h> | |
| int main() | |
| { | |
| HANDLE ProcessHandle; | |
| ULONG Processes[4096]; | |
| ULONG DataSize; | |
| ULONG NumberOfProcesses; |
AndreyBazhan
/ gist:0c12ea4c83833f756b9afbfa6bb66cdd
Created
April 30, 2019 15:06
List of Windows kernels that have incorrect offsets in MiState _MI_SYSTEM_INFORMATION structure
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ?? @@(ntoskrnl!MiState) + #FIELD_OFFSET(ntoskrnl!_MI_SYSTEM_INFORMATION, Vs); ? poi(ntoskrnl!MiVisibleState) | |
| 10.0.15063.1659 x64 | |
| unsigned int64 0x00000001`4036d080 | |
| Evaluate expression: 5372301504 = 00000001`4036d0c0 | |
| 10.0.15063.1659 x86 | |
| unsigned int64 0x60f700 |