Trouble with KeAttachProcess
I am having trouble with the following section of code.
if (pv){
KeAttachProcess(pv); // attach to process
d32=myGetPA((DWORD32)*(pIOBuffer +2)); //changed to +2 because we are using DWORD64 parameters
nOut=myReadPA(d32);
KeDetachProcess();
}
I have checked to see that pv is returning different data for each process tested, but nOut returns the same value for all apps.
It appears that I am not connecting to the process because nOut remains the same if I comment out the KeAttachProcess and KeDetachProcess lines ( I suppose that the values are for my current memory space.
A few of questions:
How can I verify if KeAttachProcess was successful?
How can I verify that pv is returning valid process addresses?
Is there anything I need to do different since I am making calls to functions to return nOut (am i somehow losing my attachement to process pv)?
Thanks for any help. I will continute to fiddle with the code and figure what I am doing wrong. BTW thanks, this exercise is teaching much about the DDK.