HanDs
管理员

[Delphi文章] ring3下调用zwopenprocess 



type
  TAccessMask = ULONG;
  ACCESS_MASK = ULONG;
  NTSTATUS    = ULONG;
 
  PUnicodeString=^TUnicodeString;
  TUnicodeString=packed record
    Length:Word;
    MaximumLength:Word;
    Buffer:PWideChar;
  end;
  UNICODE_STRING=TUnicodeString;
  PUNICODE_STRING=^UNICODE_STRING;

  PObjectAttributes=^TObjectAttributes;
  TObjectAttributes=packed record
    Length:Cardinal;
    RootDirectory:THandle;
    ObjectName:PUnicodeString;
    Attributes:Cardinal;
    SecurityDescriptor:Pointer;
    SecurityQualityOfService:Pointer;
  end;
  OBJECT_ATTRIBUTES=TObjectAttributes;
  POBJECT_ATTRIBUTES=^OBJECT_ATTRIBUTES;

  PClientId=^TClientId;
  TClientId=packed record
    UniqueProcess:Cardinal;
    UniqueThread:Cardinal;
  end;
  CLIENT_ID=TClientId;
  PCLIENT_ID=^CLIENT_ID;

function ZwOpenProcess(ProcessHandle: PHandle; DesiredAccess: TAccessMask; ObjectAttributes: PObjectAttributes; ClientId: PClientId): NTSTATUS; stdcall; external 'ntdll.dll' name 'ZwOpenProcess';

function Easy_ZwOpenProcess(PID: Integer): THandle;
var
  attr: OBJECT_ATTRIBUTES;
  cid1: CLIENT_ID;
begin
  attr.Length := SizeOf(OBJECT_ATTRIBUTES);
  attr.RootDirectory := 0;
  attr.ObjectName := nil;
  attr.Attributes := 0;
  attr.SecurityDescriptor := nil;
  attr.SecurityQualityOfService := nil;

  cid1.UniqueProcess := PID;
  cid1.UniqueThread := 0;

ZwOpenProcess(@Result, PROCESS_ALL_ACCESS, @attr, @cid1);
end;


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
ring3 下调用 zwopenprocess
#1楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组
快速回复