WRK-NtOpenProcess 的流程草图~
2013-07-08 00:22
495 查看
NTSTATUS
NtOpenProcess (
__out PHANDLE ProcessHandle,
__in ACCESS_MASK DesiredAccess,
__in POBJECT_ATTRIBUTES ObjectAttributes,
__in_opt PCLIENT_ID ClientId
)
/*++
Routine Description:
This function opens a handle to a process object with the specified
desired access.
The object is located either by name, or by locating a thread whose
Client ID matches the specified Client ID and then opening that thread's
process.
Arguments:
ProcessHandle - Supplies a pointer to a variable that will receive
the process object handle.
DesiredAccess - Supplies the desired types of access for the process
object.
ObjectAttributes - Supplies a pointer to an object attributes structure.
If the ObjectName field is specified, then ClientId must not be
specified.
ClientId - Supplies a pointer to a ClientId that if supplied
specifies the thread whose process is to be opened. If this
argument is specified, then ObjectName field of the ObjectAttributes
structure must not be specified.
Return Value:
NTSTATUS - Status of call
--*/
NtOpenProcess (
__out PHANDLE ProcessHandle,
__in ACCESS_MASK DesiredAccess,
__in POBJECT_ATTRIBUTES ObjectAttributes,
__in_opt PCLIENT_ID ClientId
)
/*++
Routine Description:
This function opens a handle to a process object with the specified
desired access.
The object is located either by name, or by locating a thread whose
Client ID matches the specified Client ID and then opening that thread's
process.
Arguments:
ProcessHandle - Supplies a pointer to a variable that will receive
the process object handle.
DesiredAccess - Supplies the desired types of access for the process
object.
ObjectAttributes - Supplies a pointer to an object attributes structure.
If the ObjectName field is specified, then ClientId must not be
specified.
ClientId - Supplies a pointer to a ClientId that if supplied
specifies the thread whose process is to be opened. If this
argument is specified, then ObjectName field of the ObjectAttributes
structure must not be specified.
Return Value:
NTSTATUS - Status of call
--*/
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Couldn't resolve error at 'ntdll!NtOpenProcess'
- 过NtOpenProcess保护的方法总结
- NtOpenProcess被HOOK,跳回原函数地址后仍然无法看到进程
- Hook SSDT NtOpenProcess的完整代码
- r0调用ntOpenprocess函数枚举进程
- 新手学ssdt_hook_ntopenprocess
- windbg下查看应用层ntdll!NtOpenProcess
- 过NtOpenProcess保护的方法总结
- SSDT的例子2-NtOpenProcess
- Hook SSDT NtOpenProcess的完整代码
- HOOK SSDT NtOpenProcess 保护进程
- 蹂躏D&F数据之XP-NtOpenProcess(虚拟机)
- 64位下Hook NtOpenProcess的实现进程保护 + 源码 (升级篇 )
- SSDT HOOK,通过hook NtOpenProcess达到保护制定进程效果
- 内核编程之SSDTHook(2)Hook NtOpenProcess实现进程保护
- 读取无保护的SSDT表中的NtOpenProcess函数的当前地址
- windbg跟踪NtOpenProcess
- NtOpenProcess
- inline hook NtOpenProcess学习资料以及总结问题
- HOOK NtOpenProcess 保护指定进程