文件名称:dmp
- 所属分类:
- Windows CE
- 资源属性:
- [Text]
- 上传时间:
- 2012-11-26
- 文件大小:
- 2kb
- 下载次数:
- 0次
- 提 供 者:
- 王*
- 相关连接:
- 无
- 下载说明:
- 别用迅雷下载,失败请重下,重下不扣分!
介绍说明--下载内容均来自于网络,请自行研究使用
KeCapturePersistentThreadState捕捉当前线程,获得_DUMP_HEADER结构内容,其中比较有趣的内容是DumpHead->PsLoadedModuleList,DumpHead->PsActiveProcessHead,DumpHead->PfnDataBase.....
接下来就是将_DUMP_HEADER结构内容写到一个dmp文件里, ZwCreateFile---->ZwWriteFile.....
-KeCapturePersistentThreadState capture the current thread, get _DUMP_HEADER structure content, which is interesting is the content of the DumpHead-> PsLoadedModuleList, DumpHead-> PsActiveProcessHead, DumpHead-> PfnDataBase...
The next step is to _DUMP_HEADER structure content wrote a DMP files, ZwCreateFile- > ZwWriteFile...
接下来就是将_DUMP_HEADER结构内容写到一个dmp文件里, ZwCreateFile---->ZwWriteFile.....
-KeCapturePersistentThreadState capture the current thread, get _DUMP_HEADER structure content, which is interesting is the content of the DumpHead-> PsLoadedModuleList, DumpHead-> PsActiveProcessHead, DumpHead-> PfnDataBase...
The next step is to _DUMP_HEADER structure content wrote a DMP files, ZwCreateFile- > ZwWriteFile...
(系统自动生成,下载前可以参看下载内容)
下载文件列表
模仿dmp文件转存.txt