public static void UpdateDynamicData() { NT._OSVERSIONINFOEXW osvi = new NT._OSVERSIONINFOEXW() { dwOSVersionInfoSize = (uint)Marshal.SizeOf(typeof(NT._OSVERSIONINFOEXW)) }; NT.RtlGetVersion(&osvi); g_VersionLong = (osvi.dwMajorVersion << 16) | (osvi.dwMinorVersion << 8) | osvi.wServicePackMajor; switch (g_VersionLong) { case 0x060101 /*win 7*/: g_IsWindows7Machine = true; g_OffsetDirectoryTable = 0x028; g_OffsetProcessId = 0x180; g_OffsetProcessLinks = 0x188; g_OffsetObjectTable = 0x200; break; case 0x060200 /*win 8*/: case 0x060300 /*win 8.1*/: g_OffsetDirectoryTable = 0x028; g_OffsetProcessId = 0x2e0; g_OffsetProcessLinks = 0x2e8; g_OffsetObjectTable = 0x408; break; case 0x0A0000 /*win 10*/: { switch (osvi.dwBuildNumber) { case 10240: case 10586: case 14393: g_OffsetDirectoryTable = 0x028; g_OffsetProcessId = 0x2E8; g_OffsetProcessLinks = 0x2F0; g_OffsetObjectTable = 0x418; break; case 15063: case 16299: g_OffsetDirectoryTable = 0x028; g_OffsetProcessId = 0x2E0; g_OffsetProcessLinks = 0x2E8; g_OffsetObjectTable = 0x418; break; default: throw new Exception("Unsupported dwBuildNumber"); } break; } default: throw new Exception("Unsupported version_long"); } }