Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add more documentation #3

Open
emesare opened this issue Dec 2, 2022 · 2 comments
Open

Add more documentation #3

emesare opened this issue Dec 2, 2022 · 2 comments
Labels
documentation Improvements or additions to documentation help wanted Extra attention is needed

Comments

@emesare
Copy link
Member

emesare commented Dec 2, 2022

The ideal place to add this documentation would be within the typing file, here.

@emesare emesare added documentation Improvements or additions to documentation help wanted Extra attention is needed labels Dec 2, 2022
@emesare emesare pinned this issue Dec 24, 2022
@roadkillsanta
Copy link

In process.rs there is a comment starting on line 259 stating that Process.address() returns the address of the PEB.
Upon testing, I found that it actually is the address of the EPROCESS structure.

I would be happy to correct this as well as add more documentation, is there a desired format?

@emesare
Copy link
Member Author

emesare commented Jul 4, 2023

In process.rs there is a comment starting on line 259 stating that Process.address() returns the address of the PEB. Upon testing, I found that it actually is the address of the EPROCESS structure.

I would be happy to correct this as well as add more documentation, is there a desired format?

Are you observing this when enumerating kernel modules? If so, then If you would like to add a note next to it that in windows kernel this returns the EPROCESS structure that would help, thanks.

Maybe something like:

/// On a Windows process module this will be the address where the [`PEB`](https://docs.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb) entry is stored.
/// On a Windows kernel module this will be the address of the [`_EPROCESS`](https://www.nirsoft.net/kernel_struct/vista/EPROCESS.html) structure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

2 participants