文件名称:zbxi
介绍说明--下载内容均来自于网络,请自行研究使用
文件-进程关联演示程序
pjf(jfpan20000@sina.com)
1、首先使用ZwQuerySystemInformation查询所有进程句柄,
2、获取句柄所代表对象信息,查出目标文件。核心态程序相对简单,对于
用户态程序,使用ZwQueryInformationFile同时与GetFileInformationByHandle、
GetVolumeInformation二API搭配获得之(前者得文件除去卷的路径名,后二者
得卷名) 另外可用ZwQueryObject。
3、综合1,2即完成-document-related processes pjf Demonstration Program (jfpan20000@sina.com) 1, the first to use ZwQuerySystemInformation process handle all inquiries, 2, represented by the acquisition target handle information, to identify the target file. Core state procedure is relatively simple, for the user state, the use of ZwQueryInformationFile GetFileInformationByHandle with the same time, GetVolumeInformation two API gained mix (in the former Vol remove documents from the path, in the latter two volumes) Also available ZwQueryObject. 3, the completion of comprehensive 1,2
pjf(jfpan20000@sina.com)
1、首先使用ZwQuerySystemInformation查询所有进程句柄,
2、获取句柄所代表对象信息,查出目标文件。核心态程序相对简单,对于
用户态程序,使用ZwQueryInformationFile同时与GetFileInformationByHandle、
GetVolumeInformation二API搭配获得之(前者得文件除去卷的路径名,后二者
得卷名) 另外可用ZwQueryObject。
3、综合1,2即完成-document-related processes pjf Demonstration Program (jfpan20000@sina.com) 1, the first to use ZwQuerySystemInformation process handle all inquiries, 2, represented by the acquisition target handle information, to identify the target file. Core state procedure is relatively simple, for the user state, the use of ZwQueryInformationFile GetFileInformationByHandle with the same time, GetVolumeInformation two API gained mix (in the former Vol remove documents from the path, in the latter two volumes) Also available ZwQueryObject. 3, the completion of comprehensive 1,2
(系统自动生成,下载前可以参看下载内容)
下载文件列表
压缩包 : 11912895zbxi.rar 列表 新建 文本文档.txt