Kernel Mode IP Helper Functions

Besides user mode IP Helper functions, Vista or above also have kernel mode IP Helper functions, which can be used by include netioapi.h and link to netio.lib (the lib is not mentioned in current MSDN Library), unfortunately the kernel version looks like a subset of user mode version.

Some other useful kernel routines for query process information:

  • PsLookupProcessByProcessId
  • ObReferenceObjectByPointer
  • ObReferenceObjectByHandle
  • ZwOpenProcess
  • ZwQueryInformationProcess
  • ZwQuerySystemInformation

Posted on March 15, 2011, in Uncategorized. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: