[winddk] process id, process handle, eprocess

參觀人次統計

今日人氣: 32

累積人氣: 188105

最新文章

[C] VC compiler的最佳化

[AI] 讓 langchain_openai 可以支援 reasoning_content

[AI] 可以關掉 Qwen3.5 thinking mode

[AI] build llama.cpp in windows

[python] 讓 LLM 的 query 可以留下 SSLKEYLOGFILE

2008 10 05 04 12 [winddk] process id, process handle, eprocess

要把 process id 轉成 eprocess 要用

NTSTATUS PsLookupProcessByProcessId(
IN HANDLE ProcessId,
OUT PEPROCESS *Process);

要從 eprocess 轉成 process id 則要用

HANDLE PsGetProcessId(
IN PEPROCESS Process);

而要從 process id 拿到 process handle 則要這樣做

CLIENT_ID cid;
OBJECT_ATTRIBUTES obj;
HANDLE Process;

InitializeObjectAttributes(&obj, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);
cid.UniqueProcess = (HANDLE)Handles->Information[r].ProcessId;
cid.UniqueThread = 0;
NtOpenProcess(&Process, PROCESS_DUP_HANDLE, &obj, &cid);

要在從 process handle 拿到 eprocess 就用

NTSTATUS ObReferenceObjectByHandle(
    IN HANDLE Handle,
    IN ACCESS_MASK DesiredAccess,
    IN POBJECT_TYPE ObjectType OPTIONAL,
    IN KPROCESSOR_MODE AccessMode,
    OUT PVOID *Object,
    OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL);

上一頁 150 151 152 153 154 155 156 157 158 159 下一頁