linker error undefined reference calling PsGetProcess

Question

this is a code that hides a specific process given the Pid, but i can not get PsGetCurrentProcess() working, it keeps throwing undefined reference error and i dont know what to do here is the code

#include <iostream>
#include <conio.h>
#include "ddk\ntddk.h"
#include <stdio.h>
unsigned long SearchProcId(unsigned int Pid){

unsigned long eproc,aux,proceso,ret;
PLIST_ENTRY lista;
unsigned int idProceso=0;

eproc=(unsigned long)PsGetCurrentProcess();//estamos en "System"
lista=(LIST_ENTRY*)(eproc+0x88);//tenemos los punteros al siguiente y al anterior
aux=(unsigned long)lista->Blink;
proceso=(unsigned long)lista;
idProceso=*((int *)(proceso+0x84));

while(proceso!=0 && aux!=proceso && Pid!=idProceso)//recorremos la lista
{
    proceso-=0x88;
    ret=proceso;

    idProceso=*((int *)(proceso+0x84));
    //avanzamos
    lista=lista->Flink;
    proceso=(unsigned long)lista;
}

if(Pid!=idProceso)
ret=0;

return ret;
}








int main(int argc, char** argv) {
PLIST_ENTRY plist_active_procs;
unsigned long eproc=0;
printf ("id del proceso del lol?");
unsigned int i=0;
scanf ("%d",&i);
eproc = SearchProcId(i);
plist_active_procs = (LIST_ENTRY*)(eproc+0x88);
plist_active_procs -> Blink -> Flink=plist_active_procs->Flink;
plist_active_procs -> Flink -> Blink=plist_active_procs->Blink;

return 0;
}

it keeps throwing me this error i don't know what to do C:\Users\Gabriel\Documents\main.o main.cpp:(.text+0xe): undefined reference to `imp_IoGetCurrentProcess@0'

Can we get your compiler command and output... Also, your two closing } are missing 4 spaces. — MobA11y, Jun 04 '13 at 17:48
If you check a [reference](http://msdn.microsoft.com/en-us/library/windows/hardware/ff559933%28v=vs.85%29.aspx) it will tell you what library you need to link with. — Some programmer dude, Jun 04 '13 at 17:50

score 0 · Answer 1 · answered Jun 04 '13 at 17:51

0

The fact that you are including <iostream> and ddk/ntddk.h in the same source file indicates that you are probably not writing a driver.

PsGetCurrentProcess is only available to drivers. In normal applications you should use GetCurrentProcess

Of course, going poking around the process control blocks, like the other parts of your code does, won't work at all in user-mode. If you want to do that, you need to build a driver (and thus, remove all stdio, iostream and similar usage - you need to write a separate application that feeds the data into and out of the driver)

answered Jun 04 '13 at 17:51

Mats Petersson

126,704
14
140
227

Short answer, you can't. Maybe you can explain what you are ACTUALLY trying to do (looks like you are trying to hide your own process, which is a naughty thing to do - not sure I want to help you do that). – Mats Petersson Jun 04 '13 at 23:24
yep that it is a program that hides a process given the Pid – Gabriel Della Maggiora Jun 05 '13 at 00:46

linker error undefined reference calling PsGetProcess

1 Answers1