WIN 64 Driver 傳PROCESS NAME問題
以下為DRIVER程式NTKERNELAPI
UCHAR *
PsGetProcessImageFileName(PEPROCESS Process);
ULONG dwInputPid;
PEPROCESS eProcess=NULL;
UCHAR *processname;
memcpy(&dwInputPid,pIoBuffer,4);
status=PsLookupProcessByProcessId(dwInputPid,&eProcess);
if(NT_SUCCESS(status))
{
processname = PsGetProcessImageFileName(eProcess);
memcpy(pIoBuffer,&processname,8);
}
以下為EXE檔程式
IoControl(hSSDTDrv ,CTL_CODE_GEN(0x805), &dwInputPid,4,&processname,8);
在傳回processname時會出現只有SIZE 1,PROCESS NAME傳不回來的問題,不知有沒有哪位高手知道問題點~~
status=PsLookupProcessByProcessId(dwInputPid,&eProcess);
改为:
status=PsLookupProcessByProcessId((HANDLE)dwInputPid,&eProcess);
memcpy(pIoBuffer,&processname,8);
改为:
memcpy(pIoBuffer,processname,15); Tesla.Angela 发表于 2013-8-30 17:07 static/image/common/back.gif
status=PsLookupProcessByProcessId(dwInputPid,&eProcess);
改为:
status=PsLookupProcessByProcessId((H ...
問題一樣,而且在執行完IoControl後dwInputPid的值會被改掉,
不過沒關係了。我又別的方法做了!
謝謝版大~~~
页:
[1]