-
-
[原创]HOOK NtOpenProcessWINDBG调试一直断
-
发表于:
2014-2-26 14:50
2855
-
[原创]HOOK NtOpenProcessWINDBG调试一直断
断下的内容是
kd> g
MyNtOpenProcessEx Entry Success! //出现这个提示说明我是HOOK成功的!
Access violation - code c0000005 (!!! second chance !!!)
nt!KiServiceExit2:
8053e7f0 fa cli
会隔一阵子断在这个地方 一阵子就断
怎么顺利进行不让他在断在这个地方?
我并没用打开新程序!
还是我理解错误NtOpenProcess 不是只有在进程打开时候调用的?系统还有什么时候会调用这个函数?
调试的系统是XP。
下面是新的NtOpenProcess
/新NtOpenProcess
extern "C" NTSTATUS __stdcall MyNtOpenProcessEx(OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ParentProcess,
IN BOOLEAN InheritObjectTable,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL,
IN BOOLEAN InJob)
{
DbgPrint("MyNtOpenProcessEx Entry Success!\r\n");
//调用真正NtOpenProcess
RealNtOpenProcessEx(ProcessHandle, DesiredAccess, ObjectAttributes, ParentProcess,
InheritObjectTable, SectionHandle, DebugPort, ExceptionPort, InJob);
return STATUS_SUCCESS;
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
