ntdll!Ntopenprocess 和 nt!ntopenprocess 的区别是什么呀?高手帮忙看下
lkd> x ntdll!*openprocess
77466f40 ntdll!NtOpenProcess = <no type information>
77466f40 ntdll!ZwOpenProcess = <no type information>
lkd> x nt!*openprocess
82870838 nt!ZwOpenProcess (<no parameter info>)
82abcc0d nt!NtOpenProcess (<no parameter info>)
lkd> u 7746f40
07746f40 ?? ???
^ Memory access error in 'u 7746f40'
lkd> u ntdll!ntopenprocess
ntdll!NtOpenProcess:
77466f40 b8be000000 mov eax,0BEh
77466f45 ba0003fe7f mov edx,offset SharedUserData!SystemCallStub (7ffe0300)
77466f4a ff12 call dword ptr [edx]
77466f4c c21000 ret 10h
77466f4f 90 nop
ntdll!ZwOpenProcessToken:
77466f50 b8bf000000 mov eax,0BFh
77466f55 ba0003fe7f mov edx,offset SharedUserData!SystemCallStub (7ffe0300)
77466f5a ff12 call dword ptr [edx]
lkd> u nt!ntopenprocess
nt!NtOpenProcess:
82abcc0d 8bff mov edi,edi
82abcc0f 55 push ebp
82abcc10 8bec mov ebp,esp
82abcc12 51 push ecx
82abcc13 51 push ecx
82abcc14 64a124010000 mov eax,dword ptr fs:[00000124h]
82abcc1a 8a803a010000 mov al,byte ptr [eax+13Ah]
82abcc20 8b4d14 mov ecx,dword ptr [ebp+14h]
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课