能力值:
( LV8,RANK:130 )
|
-
-
26 楼
创建user process的同时是需要创建user thread的
|
能力值:
( LV8,RANK:130 )
|
-
-
27 楼
我去注册个 第八个男人
|
能力值:
( LV8,RANK:130 )
|
-
-
29 楼
BYTE* EnvironmentStringsW={
"0x0 0x49 0x0 0x4e 0x0 0x44 0x0 0x4f 0x0 0x57"
"0x0 0x53 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c"
"0x0 0x57 0x0 0x49 0x0 0x4e 0x0 0x44 0x0 0x4f"
"0x0 0x57 0x0 0x53 0x0 0x5c 0x0 0x53 0x0 0x79"
"0x0 0x73 0x0 0x74 0x0 0x65 0x0 0x6d 0x0 0x33"
"0x0 0x32 0x0 0x5c 0x0 0x57 0x0 0x62 0x0 0x65"
"0x0 0x6d 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c"
"0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72"
"0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69"
"0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x43"
"0x0 0x6f 0x0 0x6d 0x0 0x6d 0x0 0x6f 0x0 0x6e"
"0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c 0x0 0x65"
"0x0 0x73 0x0 0x5c 0x0 0x54 0x0 0x65 0x0 0x6c"
"0x0 0x65 0x0 0x63 0x0 0x61 0x0 0x20 0x0 0x53"
"0x0 0x68 0x0 0x61 0x0 0x72 0x0 0x65 0x0 0x64"
"0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50"
"0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61"
"0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c"
"0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d 0x0 0x69"
"0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73 0x0 0x6f"
"0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56 0x0 0x69"
"0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c 0x0 0x20"
"0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64 0x0 0x69"
"0x0 0x6f 0x0 0x5c 0x0 0x43 0x0 0x6f 0x0 0x6d"
"0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x5c 0x0 0x54"
"0x0 0x6f 0x0 0x6f 0x0 0x6c 0x0 0x73 0x0 0x5c"
"0x0 0x57 0x0 0x69 0x0 0x6e 0x0 0x4e 0x0 0x54"
"0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50"
"0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61"
"0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c"
"0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d 0x0 0x69"
"0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73 0x0 0x6f"
"0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56 0x0 0x69"
"0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c 0x0 0x20"
"0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64 0x0 0x69"
"0x0 0x6f 0x0 0x5c 0x0 0x43 0x0 0x6f 0x0 0x6d"
"0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x5c 0x0 0x4d"
"0x0 0x53 0x0 0x44 0x0 0x65 0x0 0x76 0x0 0x39"
"0x0 0x38 0x0 0x5c 0x0 0x42 0x0 0x69 0x0 0x6e"
"0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50"
"0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61"
"0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c"
"0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d 0x0 0x69"
"0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73 0x0 0x6f"
"0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56 0x0 0x69"
"0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c 0x0 0x20"
"0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64 0x0 0x69"
"0x0 0x6f 0x0 0x5c 0x0 0x43 0x0 0x6f 0x0 0x6d"
"0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x5c 0x0 0x54"
"0x0 0x6f 0x0 0x6f 0x0 0x6c 0x0 0x73 0x0 0x3b"
"0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50 0x0 0x72"
"0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61 0x0 0x6d"
"0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c 0x0 0x65"
"0x0 0x73 0x0 0x5c 0x0 0x4d 0x0 0x69 0x0 0x63"
"0x0 0x72 0x0 0x6f 0x0 0x73 0x0 0x6f 0x0 0x66"
"0x0 0x74 0x0 0x20 0x0 0x56 0x0 0x69 0x0 0x73"
"0x0 0x75 0x0 0x61 0x0 0x6c 0x0 0x20 0x0 0x53"
"0x0 0x74 0x0 0x75 0x0 0x64 0x0 0x69 0x0 0x6f"
"0x0 0x5c 0x0 0x56 0x0 0x43 0x0 0x39 0x0 0x38"
"0x0 0x5c 0x0 0x62 0x0 0x69 0x0 0x6e 0x0 0x3b"
"0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50 0x0 0x72"
"0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61 0x0 0x6d"
"0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c 0x0 0x65"
"0x0 0x73 0x0 0x5c 0x0 0x53 0x0 0x74 0x0 0x6f"
"0x0 0x72 0x0 0x6d 0x0 0x49 0x0 0x49 0x0 0x5c"
"0x0 0x43 0x0 0x6f 0x0 0x64 0x0 0x65 0x0 0x63"
"0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50"
"0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61"
"0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c"
"0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x53 0x0 0x74"
"0x0 0x6f 0x0 0x72 0x0 0x6d 0x0 0x49 0x0 0x49"
"0x0 0x0 0x0 0x50 0x0 0x41 0x0 0x54 0x0 0x48"
"0x0 0x45 0x0 0x58 0x0 0x54 0x0 0x3d 0x0 0x2e"
"0x0 0x43 0x0 0x4f 0x0 0x4d 0x0 0x3b 0x0 0x2e"
"0x0 0x45 0x0 0x58 0x0 0x45 0x0 0x3b 0x0 0x2e"
"0x0 0x42 0x0 0x41 0x0 0x54 0x0 0x3b 0x0 0x2e"
"0x0 0x43 0x0 0x4d 0x0 0x44 0x0 0x3b 0x0 0x2e"
"0x0 0x56 0x0 0x42 0x0 0x53 0x0 0x3b 0x0 0x2e"
"0x0 0x56 0x0 0x42 0x0 0x45 0x0 0x3b 0x0 0x2e"
"0x0 0x4a 0x0 0x53 0x0 0x3b 0x0 0x2e 0x0 0x4a"
"0x0 0x53 0x0 0x45 0x0 0x3b 0x0 0x2e 0x0 0x57"
"0x0 0x53 0x0 0x46 0x0 0x3b 0x0 0x2e 0x0 0x57"
"0x0 0x53 0x0 0x48 0x0 0x3b 0x0 0x2e 0x0 0x42"
"0x0 0x4f 0x0 0x58 0x0 0x0 0x0 0x50 0x0 0x52"
"0x0 0x4f 0x0 0x43 0x0 0x45 0x0 0x53 0x0 0x53"
"0x0 0x4f 0x0 0x52 0x0 0x5f 0x0 0x41 0x0 0x52"
"0x0 0x43 0x0 0x48 0x0 0x49 0x0 0x54 0x0 0x45"
"0x0 0x43 0x0 0x54 0x0 0x55 0x0 0x52 0x0 0x45"
"0x0 0x3d 0x0 0x78 0x0 0x38 0x0 0x36 0x0 0x0"
"0x0 0x50 0x0 0x52 0x0 0x4f 0x0 0x43 0x0 0x45"
"0x0 0x53 0x0 0x53 0x0 0x4f 0x0 0x52 0x0 0x5f"
"0x0 0x49 0x0 0x44 0x0 0x45 0x0 0x4e 0x0 0x54"
"0x0 0x49 0x0 0x46 0x0 0x49 0x0 0x45 0x0 0x52"
"0x0 0x3d 0x0 0x78 0x0 0x38 0x0 0x36 0x0 0x20"
"0x0 0x46 0x0 0x61 0x0 0x6d 0x0 0x69 0x0 0x6c"
"0x0 0x79 0x0 0x20 0x0 0x31 0x0 0x35 0x0 0x20"
"0x0 0x4d 0x0 0x6f 0x0 0x64 0x0 0x65 0x0 0x6c"
"0x0 0x20 0x0 0x37 0x0 0x39 0x0 0x20 0x0 0x53"
"0x0 0x74 0x0 0x65 0x0 0x70 0x0 0x70 0x0 0x69"
"0x0 0x6e 0x0 0x67 0x0 0x20 0x0 0x32 0x0 0x2c"
"0x0 0x20 0x0 0x41 0x0 0x75 0x0 0x74 0x0 0x68"
"0x0 0x65 0x0 0x6e 0x0 0x74 0x0 0x69 0x0 0x63"
"0x0 0x41 0x0 0x4d 0x0 0x44 0x0 0x0 0x0 0x50"
"0x0 0x52 0x0 0x4f 0x0 0x43 0x0 0x45 0x0 0x53"
"0x0 0x53 0x0 0x4f 0x0 0x52 0x0 0x5f 0x0 0x4c"
"0x0 0x45 0x0 0x56 0x0 0x45 0x0 0x4c 0x0 0x3d"
"0x0 0x31 0x0 0x35 0x0 0x0 0x0 0x50 0x0 0x52"
"0x0 0x4f 0x0 0x43 0x0 0x45 0x0 0x53 0x0 0x53"
"0x0 0x4f 0x0 0x52 0x0 0x5f 0x0 0x52 0x0 0x45"
"0x0 0x56 0x0 0x49 0x0 0x53 0x0 0x49 0x0 0x4f"
"0x0 0x4e 0x0 0x3d 0x0 0x34 0x0 0x66 0x0 0x30"
"0x0 0x32 0x0 0x0 0x0 0x50 0x0 0x72 0x0 0x6f"
"0x0 0x67 0x0 0x72 0x0 0x61 0x0 0x6d 0x0 0x46"
"0x0 0x69 0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x3d"
"0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50 0x0 0x72"
"0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61 0x0 0x6d"
"0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c 0x0 0x65"
"0x0 0x73 0x0 0x0 0x0 0x53 0x0 0x45 0x0 0x53"
"0x0 0x53 0x0 0x49 0x0 0x4f 0x0 0x4e 0x0 0x4e"
"0x0 0x41 0x0 0x4d 0x0 0x45 0x0 0x3d 0x0 0x43"
"0x0 0x6f 0x0 0x6e 0x0 0x73 0x0 0x6f 0x0 0x6c"
"0x0 0x65 0x0 0x0 0x0 0x53 0x0 0x79 0x0 0x73"
"0x0 0x74 0x0 0x65 0x0 0x6d 0x0 0x44 0x0 0x72"
"0x0 0x69 0x0 0x76 0x0 0x65 0x0 0x3d 0x0 0x43"
"0x0 0x3a 0x0 0x0 0x0 0x53 0x0 0x79 0x0 0x73"
"0x0 0x74 0x0 0x65 0x0 0x6d 0x0 0x52 0x0 0x6f"
"0x0 0x6f 0x0 0x74 0x0 0x3d 0x0 0x43 0x0 0x3a"
"0x0 0x5c 0x0 0x57 0x0 0x49 0x0 0x4e 0x0 0x44"
"0x0 0x4f 0x0 0x57 0x0 0x53 0x0 0x0 0x0 0x54"
"0x0 0x45 0x0 0x4d 0x0 0x50 0x0 0x3d 0x0 0x43"
"0x0 0x3a 0x0 0x5c 0x0 0x44 0x0 0x4f 0x0 0x43"
"0x0 0x55 0x0 0x4d 0x0 0x45 0x0 0x7e 0x0 0x31"
"0x0 0x5c 0x0 0x41 0x0 0x44 0x0 0x4d 0x0 0x49"
"0x0 0x4e 0x0 0x49 0x0 0x7e 0x0 0x31 0x0 0x5c"
"0x0 0x4c 0x0 0x4f 0x0 0x43 0x0 0x41 0x0 0x4c"
"0x0 0x53 0x0 0x7e 0x0 0x31 0x0 0x5c 0x0 0x54"
"0x0 0x65 0x0 0x6d 0x0 0x70 0x0 0x0 0x0 0x54"
"0x0 0x4d 0x0 0x50 0x0 0x3d 0x0 0x43 0x0 0x3a"
"0x0 0x5c 0x0 0x44 0x0 0x4f 0x0 0x43 0x0 0x55"
"0x0 0x4d 0x0 0x45 0x0 0x7e 0x0 0x31 0x0 0x5c"
"0x0 0x41 0x0 0x44 0x0 0x4d 0x0 0x49 0x0 0x4e"
"0x0 0x49 0x0 0x7e 0x0 0x31 0x0 0x5c 0x0 0x4c"
"0x0 0x4f 0x0 0x43 0x0 0x41 0x0 0x4c 0x0 0x53"
"0x0 0x7e 0x0 0x31 0x0 0x5c 0x0 0x54 0x0 0x65"
"0x0 0x6d 0x0 0x70 0x0 0x0 0x0 0x55 0x0 0x53"
"0x0 0x45 0x0 0x52 0x0 0x44 0x0 0x4f 0x0 0x4d"
"0x0 0x41 0x0 0x49 0x0 0x4e 0x0 0x3d 0x0 0x43"
"0x0 0x46 0x0 0x35 0x0 0x37 0x0 0x35 0x0 0x34"
"0x0 0x39 0x0 0x36 0x0 0x46 0x0 0x33 0x0 0x37"
"0x0 0x38 0x0 0x34 0x0 0x36 0x0 0x33 0x0 0x0"
"0x0 0x55 0x0 0x53 0x0 0x45 0x0 0x52 0x0 0x4e"
"0x0 0x41 0x0 0x4d 0x0 0x45 0x0 0x3d 0x0 0x41"
"0x0 0x64 0x0 0x6d 0x0 0x69 0x0 0x6e 0x0 0x69"
"0x0 0x73 0x0 0x74 0x0 0x72 0x0 0x61 0x0 0x74"
"0x0 0x6f 0x0 0x72 0x0 0x0 0x0 0x55 0x0 0x53"
"0x0 0x45 0x0 0x52 0x0 0x50 0x0 0x52 0x0 0x4f"
"0x0 0x46 0x0 0x49 0x0 0x4c 0x0 0x45 0x0 0x3d"
"0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x44 0x0 0x6f"
"0x0 0x63 0x0 0x75 0x0 0x6d 0x0 0x65 0x0 0x6e"
"0x0 0x74 0x0 0x73 0x0 0x20 0x0 0x61 0x0 0x6e"
"0x0 0x64 0x0 0x20 0x0 0x53 0x0 0x65 0x0 0x74"
"0x0 0x74 0x0 0x69 0x0 0x6e 0x0 0x67 0x0 0x73"
"0x0 0x5c 0x0 0x41 0x0 0x64 0x0 0x6d 0x0 0x69"
"0x0 0x6e 0x0 0x69 0x0 0x73 0x0 0x74 0x0 0x72"
"0x0 0x61 0x0 0x74 0x0 0x6f 0x0 0x72 0x0 0x0"
"0x0 0x56 0x0 0x53 0x0 0x38 0x0 0x30 0x0 0x43"
"0x0 0x4f 0x0 0x4d 0x0 0x4e 0x0 0x54 0x0 0x4f"
"0x0 0x4f 0x0 0x4c 0x0 0x53 0x0 0x3d 0x0 0x43"
"0x0 0x3a 0x0 0x5c 0x0 0x50 0x0 0x72 0x0 0x6f"
"0x0 0x67 0x0 0x72 0x0 0x61 0x0 0x6d 0x0 0x20"
"0x0 0x46 0x0 0x69 0x0 0x6c 0x0 0x65 0x0 0x73"
"0x0 0x5c 0x0 0x4d 0x0 0x69 0x0 0x63 0x0 0x72"
"0x0 0x6f 0x0 0x73 0x0 0x6f 0x0 0x66 0x0 0x74"
"0x0 0x20 0x0 0x56 0x0 0x69 0x0 0x73 0x0 0x75"
"0x0 0x61 0x0 0x6c 0x0 0x20 0x0 0x53 0x0 0x74"
"0x0 0x75 0x0 0x64 0x0 0x69 0x0 0x6f 0x0 0x20"
"0x0 0x38 0x0 0x5c 0x0 0x43 0x0 0x6f 0x0 0x6d"
"0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x37 0x0 0x5c"
"0x0 0x54 0x0 0x6f 0x0 0x6f 0x0 0x6c 0x0 0x73"
"0x0 0x5c 0x0 0x0 0x0 0x77 0x0 0x69 0x0 0x6e"
"0x0 0x64 0x0 0x69 0x0 0x72 0x0 0x3d 0x0 0x43"
"0x0 0x3a 0x0 0x5c 0x0 0x57 0x0 0x49 0x0 0x4e"
"0x0 0x44 0x0 0x4f 0x0 0x57 0x0 0x53 0x0 0x0"
"0x0 0x57 0x0 0x4e 0x0 0x45 0x0 0x54 0x0 0x42"
"0x0 0x41 0x0 0x53 0x0 0x45 0x0 0x3d 0x0 0x46"
"0x0 0x3a 0x0 0x5c 0x0 0x57 0x0 0x49 0x0 0x4e"
"0x0 0x44 0x0 0x44 0x0 0x4b 0x0 0x5c 0x0 0x33"
"0x0 0x37 0x0 0x39 0x0 0x30 0x0 0x2e 0x0 0x31"
"0x0 0x38 0x0 0x33 0x0 0x30 0x0 0x0 0x0 0x5f"
"0x0 0x41 0x0 0x43 0x0 0x50 0x0 0x5f 0x0 0x4c"
"0x0 0x49 0x0 0x42 0x0 0x3d 0x0 0x43 0x0 0x3a"
"0x0 0x5c 0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67"
"0x0 0x72 0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46"
"0x0 0x69 0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c"
"0x0 0x4d 0x0 0x69 0x0 0x63 0x0 0x72 0x0 0x6f"
"0x0 0x73 0x0 0x6f 0x0 0x66 0x0 0x74 0x0 0x20"
"0x0 0x56 0x0 0x69 0x0 0x73 0x0 0x75 0x0 0x61"
"0x0 0x6c 0x0 0x20 0x0 0x53 0x0 0x74 0x0 0x75"
"0x0 0x64 0x0 0x69 0x0 0x6f 0x0 0x5c 0x0 0x56"
"0x0 0x43 0x0 0x39 0x0 0x38 0x0 0x5c 0x0 0x4c"
"0x0 0x49 0x0 0x42 0x0 0x3b 0x0 0x43 0x0 0x3a"
"0x0 0x5c 0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67"
"0x0 0x72 0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46"
"0x0 0x69 0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c"
"0x0 0x4d 0x0 0x69 0x0 0x63 0x0 0x72 0x0 0x6f"
"0x0 0x73 0x0 0x6f 0x0 0x66 0x0 0x74 0x0 0x20"
"0x0 0x56 0x0 0x69 0x0 0x73 0x0 0x75 0x0 0x61"
"0x0 0x6c 0x0 0x20 0x0 0x53 0x0 0x74 0x0 0x75"
"0x0 0x64 0x0 0x69 0x0 0x6f 0x0 0x5c 0x0 0x56"
"0x0 0x43 0x0 0x39 0x0 0x38 0x0 0x5c 0x0 0x4d"
"0x0 0x46 0x0 0x43 0x0 0x5c 0x0 0x4c 0x0 0x49"
"0x0 0x42 0x0 0x0 0x0 0x5f 0x0 0x41 0x0 0x43"
"0x0 0x50 0x0 0x5f 0x0 0x50 0x0 0x41 0x0 0x54"
"0x0 0x48 0x0 0x3d 0x0 0x43 0x0 0x3a 0x0 0x5c"
"0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72"
"0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69"
"0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d"
"0x0 0x69 0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73"
"0x0 0x6f 0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56"
"0x0 0x69 0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c"
"0x0 0x20 0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64"
"0x0 0x69 0x0 0x6f 0x0 0x5c 0x0 0x43 0x0 0x6f"
"0x0 0x6d 0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x5c"
"0x0 0x4d 0x0 0x53 0x0 0x44 0x0 0x65 0x0 0x76"
"0x0 0x39 0x0 0x38 0x0 0x5c 0x0 0x42 0x0 0x69"
"0x0 0x6e 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c"
"0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72"
"0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69"
"0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d"
"0x0 0x69 0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73"
"0x0 0x6f 0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56"
"0x0 0x69 0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c"
"0x0 0x20 0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64"
"0x0 0x69 0x0 0x6f 0x0 0x5c 0x0 0x56 0x0 0x43"
"0x0 0x39 0x0 0x38 0x0 0x5c 0x0 0x42 0x0 0x49"
"0x0 0x4e 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c"
"0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72"
"0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69"
"0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d"
"0x0 0x69 0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73"
"0x0 0x6f 0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56"
"0x0 0x69 0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c"
"0x0 0x20 0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64"
"0x0 0x69 0x0 0x6f 0x0 0x5c 0x0 0x43 0x0 0x6f"
"0x0 0x6d 0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x5c"
"0x0 0x54 0x0 0x4f 0x0 0x4f 0x0 0x4c 0x0 0x53"
"0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50"
"0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61"
"0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c"
"0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d 0x0 0x69"
"0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73 0x0 0x6f"
"0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56 0x0 0x69"
"0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c 0x0 0x20"
"0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64 0x0 0x69"
"0x0 0x6f 0x0 0x5c 0x0 0x43 0x0 0x6f 0x0 0x6d"
"0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x5c 0x0 0x54"
"0x0 0x4f 0x0 0x4f 0x0 0x4c 0x0 0x53 0x0 0x5c"
"0x0 0x57 0x0 0x49 0x0 0x4e 0x0 0x4e 0x0 0x54"
"0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x57"
"0x0 0x49 0x0 0x4e 0x0 0x44 0x0 0x4f 0x0 0x57"
"0x0 0x53 0x0 0x5c 0x0 0x73 0x0 0x79 0x0 0x73"
"0x0 0x74 0x0 0x65 0x0 0x6d 0x0 0x33 0x0 0x32"
"0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x57"
"0x0 0x49 0x0 0x4e 0x0 0x44 0x0 0x4f 0x0 0x57"
"0x0 0x53 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c"
"0x0 0x57 0x0 0x49 0x0 0x4e 0x0 0x44 0x0 0x4f"
"0x0 0x57 0x0 0x53 0x0 0x5c 0x0 0x53 0x0 0x79"
"0x0 0x73 0x0 0x74 0x0 0x65 0x0 0x6d 0x0 0x33"
"0x0 0x32 0x0 0x5c 0x0 0x57 0x0 0x62 0x0 0x65"
"0x0 0x6d 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c"
"0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72"
"0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69"
"0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x43"
"0x0 0x6f 0x0 0x6d 0x0 0x6d 0x0 0x6f 0x0 0x6e"
"0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c 0x0 0x65"
"0x0 0x73 0x0 0x5c 0x0 0x54 0x0 0x65 0x0 0x6c"
"0x0 0x65 0x0 0x63 0x0 0x61 0x0 0x20 0x0 0x53"
"0x0 0x68 0x0 0x61 0x0 0x72 0x0 0x65 0x0 0x64"
"0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50"
"0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61"
"0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c"
"0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x53 0x0 0x74"
"0x0 0x6f 0x0 0x72 0x0 0x6d 0x0 0x49 0x0 0x49"
"0x0 0x5c 0x0 0x43 0x0 0x6f 0x0 0x64 0x0 0x65"
"0x0 0x63 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c"
"0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72"
"0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69"
"0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x53"
"0x0 0x74 0x0 0x6f 0x0 0x72 0x0 0x6d 0x0 0x49"
"0x0 0x49 0x0 0x0 0x0 0x5f 0x0 0x4d 0x0 0x53"
"0x0 0x44 0x0 0x45 0x0 0x56 0x0 0x5f 0x0 0x42"
"0x0 0x4c 0x0 0x44 0x0 0x5f 0x0 0x45 0x0 0x4e"
"0x0 0x56 0x0 0x5f 0x0 0x3d 0x0 0x31 0x0 0x0"
"0x0 0x5f 0x0 0x5f 0x0 0x43 0x0 0x4f 0x0 0x4d"
"0x0 0x50 0x0 0x41 0x0 0x54 0x0 0x5f 0x0 0x4c"
"0x0 0x41 0x0 0x59 0x0 0x45 0x0 0x52 0x0 0x3d"
"0x0 0x45 0x0 0x6e 0x0 0x61 0x0 0x62 0x0 0x6c"
"0x0 0x65 0x0 0x4e 0x0 0x58 0x0 0x53 0x0 0x68"
"0x0 0x6f 0x0 0x77 0x0 0x55 0x0 0x49 0x0 0x20"
"0x0 0x0 0x0"};
.....
|
能力值:
( LV8,RANK:130 )
|
-
-
30 楼
从这儿读吧
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
|
能力值:
( LV12,RANK:450 )
|
-
-
31 楼
都创建了进程了,线程不是早就创建完毕了 
|
能力值:
( LV2,RANK:10 )
|
-
-
32 楼
纯粹从“意义”角度说的。
创建User Thread,就可以在在这个Thread里面CreateProcess,就不用做InfoCsrss这类的Dirty Work。。。
|
能力值:
( LV12,RANK:470 )
|
-
-
33 楼
其实一样要InfoCsrss的 
少的只是前面那些进程的环境初始化(比如PEB之类)
|
能力值:
( LV3,RANK:20 )
|
-
-
34 楼
先谢谢啦。哪位大哥解释一下。我怎么弄不明白啊?这些函数为什么要自己获得地址啊
ZwWriteVirtualMemory = (pFnZwWriteVirtualMemory) GetSSDTApi("ZwWriteVirtualMemory");//从ssdt表里面得到这些函数的地址
ZwResumeThread = (pFnZwResumeThread) GetSSDTApi("ZwResumeThread");
ZwCreateThread = (pFnZwCreateThread) GetSSDTApi("ZwCreateThread");
ZwProtectVirtualMemory = (pFnZwProtectVirtualMemory)GetSSDTApi("ZwProtectVirtualMemory");
ZwCreateProcess = (pFnZwCreateProcess) GetSSDTApi("ZwCreateProcess");
ExEnumHandleTable = (pFnExEnumHandleTable) GetFunctionAddr(L"ExEnumHandleTable");
而ZwAllocateVirtualMemory,ZwOpenFile, ZwCreateSection, ZwMapViewOfSection为什么就不用得到函数地址就能用呢
|
能力值:
( LV2,RANK:10 )
|
-
-
35 楼
另外还有个驱动中创建用户态线程的函数,觉得太简单了,就不贴了
=============================================
贴出来扫扫盲啊
|
能力值:
( LV2,RANK:10 )
|
-
-
36 楼
编译测试了一下,报错了????
不知道有没有人测试成功的。。
我把ssdt.exe改成了calc.exe。。。。
是不是运行界面程序有问题?
|
能力值:
( LV2,RANK:10 )
|
-
-
37 楼
|
能力值:
( LV12,RANK:450 )
|
-
-
38 楼
如果在用户态线程创建进程,那还不如用以前的插apc呢……
出错我分析是没加锁吧?后面没搞了。牛人们帮忙改改~ 
|
能力值:
( LV2,RANK:10 )
|
-
-
39 楼
|
能力值:
( LV2,RANK:10 )
|
-
-
41 楼
插apc要强制改变一个线程的alartable状态,虽然大多数时候没事,但是毕竟是不安全的。
用创建用户态线程,就安全多了。
|
能力值:
( LV2,RANK:10 )
|
-
-
42 楼
楼主太厉害了!
|
能力值:
( LV2,RANK:10 )
|
-
-
43 楼
是不是防止SSDT HOOK?!
|
能力值:
( LV2,RANK:10 )
|
-
-
44 楼
早就看出是武陵盟主的大作
|
能力值:
( LV2,RANK:10 )
|
-
-
45 楼
强烈要求知道的出来扫盲 
|
能力值:
( LV2,RANK:10 )
|
-
-
46 楼
37 楼那个错误,有人能解释下不??
|
能力值:
( LV2,RANK:10 )
|
-
-
47 楼
这个方法比用apc的方法优美啊
|
能力值:
( LV12,RANK:450 )
|
-
-
48 楼
很简单的函数,创建远程线程。内核态用户态都可以:
NTSTATUS
MyCreateRemoteThread(
IN HANDLE ProcessHandle,
IN PVOID ThreadStartAddress,
IN PVOID ThreadParameter,
IN OUT ULONG *ThreadStackSize,
OUT PVOID *ThreadStackAddress,
OUT HANDLE *ThreadHandle
)
{
OBJECT_ATTRIBUTES ObjectAttributes;
CONTEXT ThreadContext;
INITIAL_TEB InitialTeb;
CLIENT_ID ThreadClientId;
NTSTATUS Status;
//HMODULE hNTDLL = LoadLibraryW(L"ntdll.dll");
//pFnZwAllocateVirtualMemory ZwAllocateVirtualMemory =
// (pFnZwAllocateVirtualMemory) GetProcAddress (hNTDLL, "ZwAllocateVirtualMemory");
//pFnZwFreeVirtualMemory ZwFreeVirtualMemory =
// (pFnZwFreeVirtualMemory) GetProcAddress (hNTDLL, "ZwFreeVirtualMemory");
//pFnZwCreateThread ZwCreateThread =
// (pFnZwCreateThread) GetProcAddress (hNTDLL, "ZwCreateThread");
//pFnRtlInitializeContext RtlInitializeContext =
// (pFnRtlInitializeContext) GetProcAddress (hNTDLL, "RtlInitializeContext");
// 创建新线程的堆栈
*ThreadHandle = NULL;
*ThreadStackAddress = NULL;
*ThreadStackSize = 0x400000;
Status = ZwAllocateVirtualMemory(
ProcessHandle,
ThreadStackAddress,
0,
ThreadStackSize,
MEM_COMMIT,
PAGE_READWRITE
);
if ( ! NT_SUCCESS( Status ))
return Status;
InitialTeb.StackLimit = *ThreadStackAddress;
InitialTeb.StackBase = (PVOID)((PCHAR)*ThreadStackAddress + *ThreadStackSize );
//RtlpCreateStack(handle, 0, 0, 0L, &InitialTeb );
RtlInitializeContext(
ProcessHandle,
&ThreadContext,
ThreadParameter,
ThreadStartAddress,
InitialTeb.StackBase
);
InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL );
Status = ZwCreateThread(
ThreadHandle,
THREAD_ALL_ACCESS,
&ObjectAttributes,
ProcessHandle,
&ThreadClientId,
&ThreadContext,
&InitialTeb,
FALSE
);
if ( ! NT_SUCCESS( Status )) {
*ThreadStackSize = 0;
ZwFreeVirtualMemory(
ProcessHandle,
ThreadStackAddress,
ThreadStackSize,
MEM_RELEASE
);
}
return Status;
}
int __stdcall RtlInitializeContext(int a1, CONTEXT *a2, char a3, DWORD a4, DWORD a5)
{
int result;
DWORD v6;
DWORD v7;
int v8;
a2->Eax = 0;
a2->Ebp = 0;
a2->SegGs = 0;
a2->SegEs = 32;
a2->SegDs = 32;
a2->SegSs = 32;
a2->Eip = a4;
v6 = a5;
v7 = (DWORD)&a2->Esp;
a2->Ebx = 1;
a2->Ecx = 2;
a2->Edx = 3;
a2->Esi = 4;
a2->Edi = 5;
a2->SegFs = 56;
a2->SegCs = 24;
a2->EFlags = 512;
a2->ContextFlags = 65543;
v6 -= 4;
v8 = a1;
a2->Esp = v6;
result = ZwWriteVirtualMemory(v8, v6, &a3, 4, 0);
*(_DWORD *)v7 -= 4;
return result;
}
HANDLE MyOpenProcess(HANDLE id)
{
NTSTATUS status;
OBJECT_ATTRIBUTES oa = {sizeof(OBJECT_ATTRIBUTES), 0, NULL, 0};
ACCESS_MASK da = 0x0001;
HANDLE ProcessHandle = NULL;
CLIENT_ID ClientId;
ClientId.UniqueProcess = id;
ClientId.UniqueThread = 0;
ZwOpenProcess(&ProcessHandle, da, &oa, &ClientId);
return ProcessHandle;
}
|
能力值:
( LV3,RANK:20 )
|
-
-
49 楼
最近在搞进程加载,创建
|
能力值:
( LV2,RANK:10 )
|
-
-
50 楼
有创建用户态进程,那有没有加载DLL的呢:H贪心一个
|
