在ZwCreateProcess的Hook处理过程中
返回STATUS_ACCESS_DENIED等错误代码该进程就创建不起来
参考如下的代码片断:
NTSTATUS
HookCreateProcessEx(
OUT PHANDLE phProcess,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE hParentProcess,
IN BOOLEAN bInheritParentHandles,
IN HANDLE hSection OPTIONAL,
IN HANDLE hDebugPort OPTIONAL,
IN HANDLE hExceptionPort OPTIONAL,
IN ULONG unKnownParam OPTIONAL
)
{
NTSTATUS ns;
if(hSection)
{
ns=GetProcName(hSection,fullname);
if(!FilterProcHandle(fullname)) return STATUS_ACCESS_DENIED;
}
ns=(RealCreateProcessEx(phProcess,DesiredAccess,ObjectAttributes,hParentProcess,bInheritParentHandles,hSection,hDebugPort,hExceptionPort,unKnownParam);
return ns;
}
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ:24596024