Highest Voted 'ntdll' Questions

20

votes

3 answers

Unexplained crashes related to ntdll.dll

I have an application that I've written that crashes intermittently, but I'm unable to capture an exception at the application layer. I always get an entry in the event log but doesn't give me much info: Faulting application name: BCS-UI.exe,…

c# windows dll ntdll

asked Dec 11 '18 at 15:24

Jesse Roper

1,269
7
31
56

19

votes

1 answer

Why is ntdll.dll crashing my c++ executable?

I am having trouble to get a Visual C++ executable to work, the app crashes , here is what I have seen in the event viewer. Faulting application name: submit.exe, version: 0.0.0.0, time stamp: 0x50a3cce7 Faulting module name: ntdll.dll, version:…

visual-c++ process crash ntdll

asked Nov 14 '12 at 22:16

user1789769

9

votes

2 answers

What is the difference between NtCreateProcess and ZwCreateProcess?

What is the difference between NtCreateProcess and ZwCreateProcess? In ntdll.dll, both NtCreateProcess and ZwCreateProcess point to exactly the same address

windows winapi createprocess kernel-mode ntdll

asked Nov 06 '10 at 22:42

小太郎

5,510
6
37
48

7

votes

1 answer

Delete a mutex from another process

Using the topic Overview - Handle Enumeration, number 5, the attempt Close mutex of another process and and information from Mutex analysis, the canary in the coal mine and discovering new families of malware/, I have came up with: Attempt 1:…

c# mutex instances ntdll

asked Jul 24 '11 at 18:37

ParoX

5,685
23
81
152

7

votes

1 answer

Ollydbg "Single step event at ntdll - Press shift+f8 to pass execution...."?

I had olly 2 Beta which was working fine but it misses some old features of Olly 1 like Call stack window and also it doesn't works with any plugins. So i decided to switch to Olly 1.10. The problem is, whenever i load any program, it says "Single…

events exception ollydbg ntdll

asked Oct 13 '12 at 12:39

Jaspreet Singh

321
1
6
13

6

votes

1 answer

Python NtQueryDirectoryFile (File information structure)

I've written a simple (test) script to list files in a selected directory. Not using FindFirstFile; only native API. When I execute the script and watch, Win32API monitor tells me STATUS_SUCCESS. My File Information buffer is c_buffer(1024), not…

python python-3.x ctypes ntdll nt-native-api

asked Dec 12 '14 at 08:10

Vusal Aliyev

75
6

5

votes

1 answer

Are Win32 applications automatically linked against ntdll.dll?

I've just found out by accident that doing this GetModuleHandle("ntdll.dll") works without a previous call to LoadLibrary("ntdll.dll"). This means ntdll.dll is already loaded in my process. Is it safe to assume that ntdll.dll will always be loaded…

windows winapi dll loadlibrary ntdll

asked Apr 25 '17 at 17:46

GetFree

40,278
18
77
104

5

votes

1 answer

Calling Nt function from ntdll.dll in Win32 environment, C++

I want to call some Nt function from ntdll.dll, I'm doing that like this above. For calling: NtTestAlert() , you need typical ntcall kernel routine, accessable via int 2Eh. ( from here I got Nt functions http://undocumented.ntinternals.net/ ) Code…

c++ winapi native function-call ntdll

asked Apr 09 '12 at 15:26

user1131997

4

votes

1 answer

How to access PE resources using Windows Native API?

I have a Windows native application that contain embedded resources and I'd like to access them using the native API. Are there native functions that handle resources (something similar to FindResource/LoadResource) or I will have to create my own…

c++ c windows ntdll nt-native-api

asked Apr 13 '16 at 18:41

Thiago Cardoso

725
1
5
19

4

votes

0 answers

Java Randomly Crashing (Possible Culprite: ntdll.dll?)

I have a program that I've written in Java and have set up with Windows Task Scheduler to run every 5 minutes. It executes "C:\Program Files\Java\jre7\bin\javaw.exe" and passes along the jar file and all of the command-line parameters. For the most…

java crash ntdll

asked Jan 30 '14 at 01:07

Alex

557
2
8
15

3

votes

1 answer

How to fix QueryFullProcessImageName throwing "A device attached to the system is not functioning"?

I am attempting to find the name of a process that owns a handle from a list of handles obtained through NtQueryObject. I am running through each handle to check its process name and occasionally it throws the…

java winapi jna ntdll

asked Nov 04 '19 at 15:30

Kmara

33
6

3

votes

0 answers

NtSetInformationProcess with ProcessQuotaLimits

I'm trying to limit a process CPU usage by calling NtSetInformationProcess with ProcessQuotaLimits info class. When using NtQueryInformationProcess with the ProcessQuotaLimits class I get the right numbers for the Page limits/working sets etc. but…

c# ntdll

asked Jul 25 '18 at 08:30

Nick van der Meulen

71
5

3

votes

1 answer

Application crash in ntdll.dll, version: 6.1.7601.23677 with .Net Framework Version: v4.0.30319

My application is crashing frequently after updating .Net frame work. Below is the application event log found in event viewer, Faulting application name: MyApp.exe, version: Version of my App, time stamp: 0x5885f545 Faulting module name:…

c# .net-4.5 ntdll

asked Feb 07 '18 at 04:48

srajeshnkl

883
3
16
49

3

votes

3 answers

Does NtDll really export C runtime functions, and can I use these in my application?

I was looking at the NtDll export table on my Windows 10 computer, and I found that it exports standard C runtime functions, like memcpy, sprintf, strlen, etc. Does that mean that I can call them dynamically at runtime through LoadLibrary and…

c windows winapi crt ntdll

asked Aug 16 '16 at 15:58

Vlad

369
4
16

3

votes

2 answers

Is there a way to make Windows 7 x64 load ntdll.dll from local directory, not system32?

I'm working on an application which saves state of custom process and then restores it from the point stopped at. Right now there is the following issue. When system is reboot, all base addresses of system modules are randomized (ntdll.dll,…

redirect dll windows-7-x64 ntdll

asked May 16 '16 at 11:07

greenpiece

621
8
20

Questions tagged [ntdll]