文件名称:CreateProcessNotify
- 所属分类:
- 系统编程
- 资源属性:
- [Windows] [Visual C] [源码]
- 上传时间:
- 2012-11-26
- 文件大小:
- 13kb
- 下载次数:
- 0次
- 提 供 者:
- 黄*
- 相关连接:
- 无
- 下载说明:
- 别用迅雷下载,失败请重下,重下不扣分!
介绍说明--下载内容均来自于网络,请自行研究使用
监控下一个进程的创建过程,关键函数的执行先后关系如下:
XP sp3下:
1.NtCreateProcessEx
2.NtCreateThread
3.CreateProcessNotify,调用创建进程回调函数,在PspCreateThread中调用
4.CreateThreadNotify,调用创建线程回调函数,在PspCreateThread中调用
Vista、Win7下:
1.NtCreateUserProcess->PspInsertThread
2.CreateProcessNotify,调用创建进程回调函数,在PspInsertThread中调用,也就是NtCreateUserProcess的深层
3.CreateThreadNotify,调用创建进程回调函数,在PspInsertThread中调用,也就是NtCreateUserProcess的深层-Under the control of the creation of a process, the key function of the relationship between the Executive has the following: XP sp3 under: 1.NtCreateProcessEx 2.NtCreateThread 3.CreateProcessNotify, call the callback function to create the process, in PspCreateThread call 4.CreateThreadNotify, create a thread callback call function call in PspCreateThread Vista, Win7 under: 1.NtCreateUserProcess-> PspInsertThread 2.CreateProcessNotify, call the callback function to create the process, in PspInsertThread call, which is NtCreateUserProcess deep 3.CreateThreadNotify, call the callback function to create the process, in PspInsertThread call, that is, the deep NtCreateUserProcess
XP sp3下:
1.NtCreateProcessEx
2.NtCreateThread
3.CreateProcessNotify,调用创建进程回调函数,在PspCreateThread中调用
4.CreateThreadNotify,调用创建线程回调函数,在PspCreateThread中调用
Vista、Win7下:
1.NtCreateUserProcess->PspInsertThread
2.CreateProcessNotify,调用创建进程回调函数,在PspInsertThread中调用,也就是NtCreateUserProcess的深层
3.CreateThreadNotify,调用创建进程回调函数,在PspInsertThread中调用,也就是NtCreateUserProcess的深层-Under the control of the creation of a process, the key function of the relationship between the Executive has the following: XP sp3 under: 1.NtCreateProcessEx 2.NtCreateThread 3.CreateProcessNotify, call the callback function to create the process, in PspCreateThread call 4.CreateThreadNotify, create a thread callback call function call in PspCreateThread Vista, Win7 under: 1.NtCreateUserProcess-> PspInsertThread 2.CreateProcessNotify, call the callback function to create the process, in PspInsertThread call, which is NtCreateUserProcess deep 3.CreateThreadNotify, call the callback function to create the process, in PspInsertThread call, that is, the deep NtCreateUserProcess
相关搜索: NtCreateThread
NtCreateUserProcess
CreateProcessNotify
win7
win7
NtCreateProcessEx
createprocessnoti
NtCreateUserProcess
CreateProcessNotify
win7
win7
NtCreateProcessEx
createprocessnoti
(系统自动生成,下载前可以参看下载内容)
下载文件列表
利用CreateProcessNotify监控下一个进程的创建过程\bin\Example.dll
...............................................\...\Loader.exe
...............................................\dll\Example.cpp
...............................................\...\Example.def
...............................................\...\Example.dsp
...............................................\...\Example.dsw
...............................................\...\Example.plg
...............................................\...\ReadMe.txt
...............................................\...\..lease\Example.exp
...............................................\...\.......\Example.lib
...............................................\...\StdAfx.cpp
...............................................\...\StdAfx.h
...............................................\down.dsw
...............................................\exe\Loader.cpp
...............................................\...\Loader.dsp
...............................................\...\Loader.dsw
...............................................\...\Loader.plg
...............................................\removejunk.bat
...............................................\dll\Release
...............................................\exe\Release
...............................................\bin
...............................................\dll
...............................................\exe
利用CreateProcessNotify监控下一个进程的创建过程
...............................................\...\Loader.exe
...............................................\dll\Example.cpp
...............................................\...\Example.def
...............................................\...\Example.dsp
...............................................\...\Example.dsw
...............................................\...\Example.plg
...............................................\...\ReadMe.txt
...............................................\...\..lease\Example.exp
...............................................\...\.......\Example.lib
...............................................\...\StdAfx.cpp
...............................................\...\StdAfx.h
...............................................\down.dsw
...............................................\exe\Loader.cpp
...............................................\...\Loader.dsp
...............................................\...\Loader.dsw
...............................................\...\Loader.plg
...............................................\removejunk.bat
...............................................\dll\Release
...............................................\exe\Release
...............................................\bin
...............................................\dll
...............................................\exe
利用CreateProcessNotify监控下一个进程的创建过程