-
-
[求助]通过EPROCESS 获得进程的全路径偶尔会蓝屏,求高手指点
-
2011-6-2 17:11
5121
-
[求助]通过EPROCESS 获得进程的全路径偶尔会蓝屏,求高手指点
BOOLEAN GetProcessPathAndID( PEPROCESS p , ProcessInfo* pPI )
{
ULONG peb;
ULONG procparam;
PUNICODE_STRING pPath;
PULONG tmp = NULL;
BOOLEAN bRet = FALSE;
if ( p == NULL || pPI == NULL )
return bRet;
tmp = (PULONG)( (ULONG)p + XP3_EPROCESS_PEB_OFFSET );
if ( tmp == NULL )
return bRet;
peb = *tmp;
KeAttachProcess(p);
tmp = (PULONG)( peb + XP3_PEB_PROCESSPARAM_OFFSET );
if (tmp == NULL )
goto Out;
#if 0
procparam = *tmp;
pPath = (PUNICODE_STRING)( procparam + XP3_PROCESSPARAM_IMAGEPATH_OFFSET );
if ( pPath->Buffer != NULL && pPath->Length != 0 && pPath->Length < MAX_PATH*2 )
memcpy( pPI->szPath , pPath->Buffer , pPath->Length );
pPI->lEPAddr = (ULONG)p;
pPI->lPID = *(PULONG)((ULONG)p + XP3_EPROCESS_PID_OFFSET);
bRet = TRUE;
#endif
Out:
KeDetachProcess();
return bRet;
}
[培训]《安卓高级研修班(网课)》月薪三万计划,掌
握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
