-
-
[求助] R3 下不能用“NtUnmapViewOfSection”吗?
-
发表于: 2009-11-11 00:16 4090
-
请问大家一下:
R3 下不能用“NtUnmapViewOfSection”吗?
function MyUnLoadModules(dwProcessId : DWORD; BaseAddress : PVOID) : DWORD;
var
ProcessHandle : THANDLE;
status : NTSTATUS;
begin
Result:=0;
ProcessHandle:=MyOpenProcess(PROCESS_ALL_ACCESS, dwProcessId);
if ProcessHandle > 0 then
begin
status :=NtUnmapViewOfSection(ProcessHandle, BaseAddress);
if STATUS_SUCCESS = status then Result:=1;
ZwClose(ProcessHandle);
end;
end;
试了一下,在 Delphi 7 中运行时,能返回 1 , 但实际上“卸载进程模块”也是不成功的。
单独运行(不在 Delphi 7 环境中),返回 0 , 但 程序在启动时, 我就设了“SeDebugPrivilege:
function GetSystemPrivilege(TokenName: PChar) : Boolean;
var
hToken : THandle;
ReturnLength: DWORD;
tkp, PrevTokenPriv: TTokenPrivileges;
luid: TLargeInteger;
begin
Result := False;
if OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken) then
begin
try
if not LookupPrivilegeValue(nil, TokenName, luid) then Exit;
tkp.PrivilegeCount := 1;
tkp.Privileges[0].luid := luid;
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
if not AdjustTokenPrivileges(hToken, False, tkp, SizeOf(TTOKENPRIVILEGES), PrevTokenPriv, ReturnLength) then Exit;
Result:=GetLastError = ERROR_SUCCESS;
finally
CloseHandle(hToken);
end;
end;
end;
R3 下不能用“NtUnmapViewOfSection”吗?
function MyUnLoadModules(dwProcessId : DWORD; BaseAddress : PVOID) : DWORD;
var
ProcessHandle : THANDLE;
status : NTSTATUS;
begin
Result:=0;
ProcessHandle:=MyOpenProcess(PROCESS_ALL_ACCESS, dwProcessId);
if ProcessHandle > 0 then
begin
status :=NtUnmapViewOfSection(ProcessHandle, BaseAddress);
if STATUS_SUCCESS = status then Result:=1;
ZwClose(ProcessHandle);
end;
end;
试了一下,在 Delphi 7 中运行时,能返回 1 , 但实际上“卸载进程模块”也是不成功的。
单独运行(不在 Delphi 7 环境中),返回 0 , 但 程序在启动时, 我就设了“SeDebugPrivilege:
function GetSystemPrivilege(TokenName: PChar) : Boolean;
var
hToken : THandle;
ReturnLength: DWORD;
tkp, PrevTokenPriv: TTokenPrivileges;
luid: TLargeInteger;
begin
Result := False;
if OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken) then
begin
try
if not LookupPrivilegeValue(nil, TokenName, luid) then Exit;
tkp.PrivilegeCount := 1;
tkp.Privileges[0].luid := luid;
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
if not AdjustTokenPrivileges(hToken, False, tkp, SizeOf(TTOKENPRIVILEGES), PrevTokenPriv, ReturnLength) then Exit;
Result:=GetLastError = ERROR_SUCCESS;
finally
CloseHandle(hToken);
end;
end;
end;
赞赏
他的文章
- [分享] Windows 可视化管理 的前身源代码 1799
- Windows 可视化管理 1.0.8.2 11769
- [分享]从注册表查询USB插拔记录 8693
看原图
赞赏
雪币:
留言: