-
-
[求助]Ring0列举每个进程路径
-
发表于:
2008-11-18 17:53
5032
-
每个进程都有个EPROCESS,在这个结构里面保存了进程的大量的进程信息,请大侠们帮忙写个列举进程信息的程序(只要列举每个进程路径就行了)网上有这样的代码,可是在DRIVERENTRY中只能得到SYSTEM的信息,其他进程该怎么列举呢???????谢谢帮忙!!!!
PCWSTR GetCurrentProcessFileName()
{
DWORD dwAddress = (DWORD)PsGetCurrentProcess();
if(dwAddress == 0 || dwAddress == 0xFFFFFFFF)
return NULL;
dwAddress += 0x1B0;
if((dwAddress = *(DWORD*)dwAddress) == 0) return 0;
dwAddress += 0x10;
if((dwAddress = *(DWORD*)dwAddress) == 0) return 0;
dwAddress += 0x3C;
if((dwAddress = *(DWORD*)dwAddress) == 0) return 0;
KdPrint((“Current Process Full Path Name: %ws\n”, (PCWSTR)dwAddress));
return (PCWSTR)dwAddress;
}
[课程]Android-CTF解题方法汇总!