I want to enumerate all of the process id running on my system by using EPROCESS structure but the problem here is, I do not know how to access to the UniqueProcessId field in EPROCESS structure. Now, I've got the pointer to EPROCESS structure by this function PEPROCESS Process; PsLookupProcessByProcessId(_ProcessID,&Process); and calculated the offset of UniqueProcessId field which is 0x0b4. I attempted this code "*(Process+0x0b4(UniqueProcessId offset))" to get the value of UniqueProcessId field but always it brought wrong and invalid value/data. Could anyone help me know how to access to the UniqueProcessId field? My system is Windows7/x86. Thanks in advance!
Asked
Active
Viewed 1,132 times
