-
-
[旧帖]
[求助]x64 Hook NtCreateThreadEx
0.00雪花
-
发表于:
2016-5-19 16:06
2021
-
[旧帖] [求助]x64 Hook NtCreateThreadEx
0.00雪花
在x64上HookNtCreateThreadEx后,打不开文件夹和软件,求解是参数有问题吗?
typedef DWORD (*LPTHREAD_START_ROUTINE) (LPVOID lpThreadParameter);
typedef NTSTATUS (*PFNTCREATETHREADEX)
(
PHANDLE ThreadHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,
HANDLE ProcessHandle,
LPTHREAD_START_ROUTINE lpStartAddress,
PVOID lpParameter,
BOOL CreateSuspended,
SIZE_T ZeroBits OPTIONAL,
SIZE_T StackSize OPTIONAL,
SIZE_T MaximumStackSize OPTIONAL,
PVOID AttributeList
);
PFNTCREATETHREADEX MyNtCreateThreadEx = NULL;
ULONG OldTpVal;
NTSTATUS Fake_NtCreateThreadEx( PHANDLE ThreadHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,
HANDLE ProcessHandle,
LPTHREAD_START_ROUTINE lpStartAddress,
PVOID lpParameter,
BOOL CreateSuspended,
SIZE_T ZeroBits,
SIZE_T StackSize,
SIZE_T MaximumStackSize OPTIONAL,
PVOID AttributeList
)
{
DbgPrint("11111\n");
return MyNtCreateThreadEx(ThreadHandle,
DesiredAccess,
ObjectAttributes,
ProcessHandle,
lpStartAddress,
lpParameter,
CreateSuspended,
ZeroBits,
StackSize,
MaximumStackSize,
AttributeList);
}
[课程]Linux pwn 探索篇!
