Cannot cast struct pointer to PUCHAR

Question

I'm testing a code (based in this reference ) and i'm receiving a error that says:

'type cast': cannot convert from 'SYSTEM_SERVICE_TABLE' to 'PUCHAR'

How can solve it?

Edition:

The goal is try find Shadow SSDT table address on Windows 10 32bit.

#include <ntddk.h>

#define NTOSAPI __declspec(dllimport)

typedef struct tag_SYSTEM_SERVICE_TABLE {
    PULONG ServiceTable;
    PULONG CounterTable;
    ULONG ServiceLimit;
    PCHAR ArgumentTable;
} SYSTEM_SERVICE_TABLE, *PSYSTEM_SERVICE_TABLE, **PPSYSTEM_SERVICE_TABLE;

NTOSAPI SYSTEM_SERVICE_TABLE KeServiceDescriptorTable;

NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING RegistryPath) {

    NTSTATUS NtStatus = STATUS_SUCCESS;

    pDriverObject->DriverUnload = DriverUnload;
    
    DbgPrint("DriverEntry()!\n");

    PUCHAR p = NULL;
    PSYSTEM_SERVICE_TABLE KeServiceDescriptorTableWIN32K = NULL;
    
    for (p = (PUCHAR)KeServiceDescriptorTable - PAGE_SIZE; p < (PUCHAR)KeServiceDescriptorTable + PAGE_SIZE; p++)
    {
        if (p != (PUCHAR)KeServiceDescriptorTable)
        {
            if (memcmp(p, &KeServiceDescriptorTable, sizeof(SYSTEM_SERVICE_TABLE)) == 0)
            {
                KeServiceDescriptorTableWIN32K = (PSYSTEM_SERVICE_TABLE)(p + sizeof(SYSTEM_SERVICE_TABLE));
                break;
            }
        }
    }

    return NtStatus;
}

Answer 1

Your title says "Cannot cast struct pointer to PUCHAR", but the code is not trying to cast a pointer , it is trying to cast the struct itself , which is why the compiler complains. You need to get the address of the struct and cast that instead, ie:

(PUCHAR)&KeServiceDescriptorTable