C# GetProcTable

[Akhuile]

Hi,

I’ve been struggling with this for a few days now, I’m writing an app for myself to monitor process bandwidth usage, but I cannot get the NtTdiApi.GetProcTable() to work, and would really appreciate it if someone could point me in the right direction!

PInvoke in the api wrapper:
============================================
[DllImport(“NtTdiApi.Dll”,SetLastError=true)]
public static extern bool GetProcTable(
[In] int hOpen,
//[In, Out, MarshalAs(UnmanagedType.LPArray, ArraySubType = UnmanagedType.Struct, SizeParamIndex = 2)]
IntPtr pProcTable,
[In, Out] ref int pdwSize
);

=============================================
c# code:

---

int tablesize = 1024;
IntPtr pProcTable = Marshal.AllocHGlobal(new IntPtr(tablesize));
while (!NtTdiApi.GetProcTable(hDriver, pProcTable, ref tablesize))
{
pProcTable = Marshal.AllocHGlobal(new IntPtr(tablesize));
}
NTTDI_PROCESS_TABLE ProcTable = (NTTDI_PROCESS_TABLE)Marshal.PtrToStructure(pProcTable, typeof(NTTDI_PROCESS_TABLE));

if (ProcTable.m_NumEntries > 0)
{
//NTTDI_PROCESS_ENTRY ProcessEntry = (NTTDI_PROCESS_ENTRY)ProcTable.m_Table;
// NTTDI_PROCESS_ENTRY ProcessEntry = (NTTDI_PROCESS_ENTRY)Marshal.PtrToStructure(ProcTable.m_Table, typeof(NTTDI_PROCESS_ENTRY));
//NTTDI_PROCESS_ENTRY[] ProcessEntry1 = (NTTDI_PROCESS_ENTRY[])Marshal.PtrToStructure(ProcTable.m_Table, typeof(NTTDI_PROCESS_ENTRY[]));
}

==========================================
According to the API :

struct _NTTDI_PROCESS_TABLE
{
unsigned long m_TableSize;
unsigned long m_NumEntries;
NTTDI_PROCESS_ENTRY m_Table[0];
}NTTDI_PROCESS_TABLE,*PNTTDI_PROCESS_TABLE;

---

m_table:
A pointer to an array of NTTDI_PROCESS_ENTRY structures.

---

I did check, the m_NumEntries are the same amount as my open processes, so i am getting a valid NTTDI_PROCESS_TABLE object.

I’m not familiar with c++ so i don’t know what i’m doing wrong :(.
None of the three casts inside “if (ProcTable.m_NumEntries > 0)” work…

Thanks in advance!
Chris

[Akhuile]

bump

[Author]

Posts