Windows process structure: how to store user information?

Question

Windows process structure: how to store user information?

I want to store some information in the EPROCESS structure of a process in Windows NT kernel. My goal is that when calling winlogon, I want to assign a unique value to the next process based on which the user logs in. But I don't know where to store this unique ID. I have tried and modified some information (like tokens) in the EPROCESS block of a process by modifying the direct kernel, and I'm wondering if there is any structure in this EPROCESS block where some other information could be stored.

ps To modify the EPROCESS block, I used the device driver.

0

security windows winapi kernel

Nishesh Dec 10. '08 at 8:29

source to share

2 answers

James · Answer 1 · 2009-01-27T18:45:21+0000

The EPROCESS structure is opaque and undocumented, which means you don't have to mess with your internals. This requires, among other things, testing each OS version and service pack that you plan to support.

user82238 · Answer 2 · 2009-03-25T20:30:48+0000

Do not change EPROCESS. This will bring you great sorrow.

Also, if you do, don't install it on any elses computer. It is absolutely wrong to impose such deeply destructive, system-destabilizing changes on another personal computer. How would you like it if I gave you tuberculosis?

Windows process structure: how to store user information?

More articles: