-
-
[原创]浅谈系列之Object hook
-
发表于:
2013-8-12 10:30
7731
-
_asm
{
push eax
mov eax,pObject
mov eax,DWORD ptr DS:[eax-10h]
mov PP,eax
pop eax
}
kd> dt _object_header
nt!_OBJECT_HEADER
+0x000 PointerCount : Int4B
+0x004 HandleCount : Int4B
+0x004 NextToFree : Ptr32 Void
+0x008 Type : Ptr32 _OBJECT_TYPE <==看这个:
+0x00c NameInfoOffset : UChar
+0x00d HandleInfoOffset : UChar
+0x00e QuotaInfoOffset : UChar
+0x00f Flags : UChar
+0x010 ObjectCreateInfo : Ptr32 _OBJECT_CREATE_INFORMATION
+0x010 QuotaBlockCharged : Ptr32 Void
+0x014 SecurityDescriptor : Ptr32 Void
+0x018 Body : _QUAD
[峰会]看雪.第八届安全开发者峰会10月23日上海龙之梦大酒店举办!