-
-
[求助]《Undocumented Windows 2000 Secrets》中一段代码的疑惑
-
发表于:
2009-2-23 01:42
4385
-
[求助]《Undocumented Windows 2000 Secrets》中一段代码的疑惑
在《Undocumented Windows 2000 Secrets》一文中有这样一段枚举进程ID的代码:
BOOL WINAPI EnumProcesses( PDWORD lpidProcess, DWORD cb,PDWORD lpcbNeeded)
{
PSYSTEM_PROCESS_INFORMATION pspi, pSpiNext;
DWORD dSize, i;
NTSTATUS ns;
BOOL fOk = FALSE;
for (dSize=0x8000; ((pspi = LocalAlloc(LMEM_FIXED,dSize)) != NULL); dSize += 0x8000)
{
ns = NtQuerySystemInformation( SystemProcessInformation,pspi, dSize, NULL);
if ( STATUS_SUCCESS == ns )
{
pSpiNext = pspi;
for ( i=0; i < cb/sizeof(DWORD); i++ )
{
lpidProcess[i] = pspiNext->dUniqueProcessId;
pSpiNext = (PSYSTEM_PROCESS_INFORMATION)((BYTE)pSpiNext + pSpiNext->dNext);
}
*lpcbNeeded = i * sizeof(DWORD);
fOk = TRUE;
}
LocalFree(pspi);
if ( fOk || (ns != STATUS_INFO_LENGTH_MISMATCH) )
{
if ( !fOk) SetLastError(RtlNtStatusToDosError(ns));
break;
}
return fOk;
}
}
代码中定义了“pspi, pSpiNext”,在后面取进程ID值的时候,
为何要用“pSpiNext”而不直接用“pspi”???
如果只定义“pspi”,用此变量取ID值,为何会导致蓝屏???
[课程]Linux pwn 探索篇!