public static void UpdateDynamicData()
{
NT._OSVERSIONINFOEXW osvi = new NT._OSVERSIONINFOEXW()
{
dwOSVersionInfoSize = (uint)Marshal.SizeOf(typeof(NT._OSVERSIONINFOEXW))
};
NT.RtlGetVersion(&osvi);
g_VersionLong = (osvi.dwMajorVersion << 16) | (osvi.dwMinorVersion << 8) | osvi.wServicePackMajor;
switch (g_VersionLong)
{
case 0x060101 /*win 7*/:
g_IsWindows7Machine = true;
g_OffsetDirectoryTable = 0x028;
g_OffsetProcessId = 0x180;
g_OffsetProcessLinks = 0x188;
g_OffsetObjectTable = 0x200;
break;
case 0x060200 /*win 8*/:
case 0x060300 /*win 8.1*/:
g_OffsetDirectoryTable = 0x028;
g_OffsetProcessId = 0x2e0;
g_OffsetProcessLinks = 0x2e8;
g_OffsetObjectTable = 0x408;
break;
case 0x0A0000 /*win 10*/:
{
switch (osvi.dwBuildNumber)
{
case 10240:
case 10586:
case 14393:
g_OffsetDirectoryTable = 0x028;
g_OffsetProcessId = 0x2E8;
g_OffsetProcessLinks = 0x2F0;
g_OffsetObjectTable = 0x418;
break;
case 15063:
case 16299:
g_OffsetDirectoryTable = 0x028;
g_OffsetProcessId = 0x2E0;
g_OffsetProcessLinks = 0x2E8;
g_OffsetObjectTable = 0x418;
break;
default:
throw new Exception("Unsupported dwBuildNumber");
}
break;
}
default:
throw new Exception("Unsupported version_long");
}
}
