SYSTEM_PROCESS_INFORMATION definition, could you provide it jan

Hi Jan

First, thanks for publishing IDAStealth source, it works so well under IDA I have been interested to port it under OllyDbg.
Almost everything is done now but because I compiled it under GCC 4.5.0 I will need the structures you have used to define SYSTEM_PROCESS_INFORMATION

mine show like that but I think it is not perfect because I think the findProcessChunk() function does not return what supposed to return

I have defined my structure that way based from the nt undocumented website:

typedef struct _SYSTEM_THREAD {
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientId;
KPRIORITY Priority;
LONG BasePriority;
ULONG ContextSwitchCount;
ULONG State;
KWAIT_REASON WaitReason;
} SYSTEM_THREAD, *PSYSTEM_THREAD;

typedef struct _SYSTEM_PROCESS_INFORMATION {
ULONG NextEntryOffset;
ULONG NumberOfThreads;
LARGE_INTEGER Reserved[3];
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ImageName;
KPRIORITY BasePriority;
HANDLE UniqueProcessId;
HANDLE ParentProcessId;
ULONG HandleCount;
LPCWSTR Reserved2[2];
ULONG PrivatePageCount;
VM_COUNTERS VirtualMemoryCounters;
IO_COUNTERS IoCounters;
SYSTEM_THREAD Threads[0];
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;

Thanks again for you great lib dude, with the help of delayloadhelpers I have made a neat dll serving two purpose 1) acts like a standard olly plugin 2) auto-injection in processes, I have rebuild the lib with dlltool.exe -y this is the trick to use delay load helpers

Works flawlessy NCodeHooks Ninject rocks!