|
阅读:2496回复:21
有谁对内核中进程间通信了解的?
有谁对内核中进程间通信了解的?进程间用Port(此Port不同于网络间通信的端口)进行通信是其消息格式是什莫?
|
|
|
沙发#
发布于:2005-03-15 08:24
内核中没有进程,只有线程,只有内核线程
|
|
|
|
板凳#
发布于:2005-03-15 18:41
谢谢楼上兄弟,问题提法确实不对,有谁对中进程间通信了解的?进程间用Port(此Port不同于网络间通信的端口)进行通信是其消息格式是什莫?
|
|
|
地板#
发布于:2005-03-15 19:59
谢谢楼上兄弟,问题提法确实不对,有谁对中进程间通信了解的?进程间用Port(此Port不同于网络间通信的端口)进行通信是其消息格式是什莫? 应用程序间的进程间通信通常有:消息,管道,事件,共享内存,socket等等。 而驱动程序之间可以有: 共享内存,事件等等 |
|
|
|
地下室#
发布于:2005-03-15 21:37
内核对象,应用层和内核是通用的阿
|
|
|
|
5楼#
发布于:2005-03-16 08:44
谢谢楼上兄弟,问题提法确实不对,有谁对中进程间通信了解的?进程间用Port(此Port不同于网络间通信的端口)进行通信是其消息格式是什莫? 进程间通讯本机用LPC,通过网络用RPC。 具体的方法就是AllenZh大侠所说的: 应用程序间的进程间通信通常有:消息,管道,事件,共享内存,socket等等。 而驱动程序之间可以有: 共享内存,事件等等 进行通信是其消息格式一般不用去管它:系统会照顾的,只要传送你自己的数据就可以 |
|
|
|
6楼#
发布于:2005-03-16 09:24
内核中没有进程,只有线程,只有内核线程 怎么能没有进程呢?难道不能建立一个吗? |
|
|
|
7楼#
发布于:2005-03-16 09:29
[quote]内核中没有进程,只有线程,只有内核线程 怎么能没有进程呢?难道不能建立一个吗? [/quote] 嘿嘿。。。 |
|
|
|
8楼#
发布于:2005-03-16 09:35
[quote][quote]内核中没有进程,只有线程,只有内核线程 怎么能没有进程呢?难道不能建立一个吗? [/quote] 嘿嘿。。。 [/quote] 嘿嘿表示啥 |
|
|
|
9楼#
发布于:2005-03-16 09:42
内核中怎么建立进程及其环境呢?
|
|
|
|
10楼#
发布于:2005-03-16 10:10
内核中怎么建立进程及其环境呢? 说的对。 不过: Drivers that create device-dedicated threads call this routine, either when they initialize or when I/O requests begin to come in to such a driver\'s Dispatch routines. For example, a driver might create such a thread when it receives an asynchronous device control request. PsCreateSystemThread creates a kernel-mode thread that begins a separate thread of execution within the system. Such a system thread has no TEB or user-mode context and runs only in kernel mode. If the input ProcessHandle is NULL, the created thread is associated with the system process. Such a thread continues running until either the system is shut down or the thread terminates itself by calling PsTerminateSystemThread. Driver routines that run in a process context other than that of the system process should set the OBJ_KERNEL_HANDLE flag within the Attributes parameter of PsCreateSystemThread before calling it. This restricts the use of the handle returned by PsCreateSystemThread to processes running in kernel mode and thereby prevents an unintended access of this handle by the process in whose context the driver is running. Callers of this routine must be running at IRQL PASSIVE_LEVEL. |
|
|
|
11楼#
发布于:2005-03-16 10:28
[quote]内核中怎么建立进程及其环境呢? 说的对。 不过: Drivers that create device-dedicated threads call this routine, either when they initialize or when I/O requests begin to come in to such a driver\'s Dispatch routines. For example, a driver might create such a thread when it receives an asynchronous device control request. PsCreateSystemThread creates a kernel-mode thread that begins a separate thread of execution within the system. Such a system thread has no TEB or user-mode context and runs only in kernel mode. If the input ProcessHandle is NULL, the created thread is associated with the system process. Such a thread continues running until either the system is shut down or the thread terminates itself by calling PsTerminateSystemThread. Driver routines that run in a process context other than that of the system process should set the OBJ_KERNEL_HANDLE flag within the Attributes parameter of PsCreateSystemThread before calling it. This restricts the use of the handle returned by PsCreateSystemThread to processes running in kernel mode and thereby prevents an unintended access of this handle by the process in whose context the driver is running. Callers of this routine must be running at IRQL PASSIVE_LEVEL. [/quote] 这是线程不是进程 |
|
|
|
12楼#
发布于:2005-03-16 10:31
[quote][quote]内核中怎么建立进程及其环境呢? 说的对。 不过: Drivers that create device-dedicated threads call this routine, either when they initialize or when I/O requests begin to come in to such a driver\'s Dispatch routines. For example, a driver might create such a thread when it receives an asynchronous device control request. PsCreateSystemThread creates a kernel-mode thread that begins a separate thread of execution within the system. Such a system thread has no TEB or user-mode context and runs only in kernel mode. If the input ProcessHandle is NULL, the created thread is associated with the system process. Such a thread continues running until either the system is shut down or the thread terminates itself by calling PsTerminateSystemThread. Driver routines that run in a process context other than that of the system process should set the OBJ_KERNEL_HANDLE flag within the Attributes parameter of PsCreateSystemThread before calling it. This restricts the use of the handle returned by PsCreateSystemThread to processes running in kernel mode and thereby prevents an unintended access of this handle by the process in whose context the driver is running. Callers of this routine must be running at IRQL PASSIVE_LEVEL. [/quote] 这是线程不是进程 [/quote] 我知道啊,你看看 If the input ProcessHandle is NULL, the created thread is associated with the system process. 这里的“system process”如何解释?? |
|
|
|
13楼#
发布于:2005-03-16 11:09
[quote][quote][quote]内核中怎么建立进程及其环境呢? 说的对。 不过: Drivers that create device-dedicated threads call this routine, either when they initialize or when I/O requests begin to come in to such a driver\'s Dispatch routines. For example, a driver might create such a thread when it receives an asynchronous device control request. PsCreateSystemThread creates a kernel-mode thread that begins a separate thread of execution within the system. Such a system thread has no TEB or user-mode context and runs only in kernel mode. If the input ProcessHandle is NULL, the created thread is associated with the system process. Such a thread continues running until either the system is shut down or the thread terminates itself by calling PsTerminateSystemThread. Driver routines that run in a process context other than that of the system process should set the OBJ_KERNEL_HANDLE flag within the Attributes parameter of PsCreateSystemThread before calling it. This restricts the use of the handle returned by PsCreateSystemThread to processes running in kernel mode and thereby prevents an unintended access of this handle by the process in whose context the driver is running. Callers of this routine must be running at IRQL PASSIVE_LEVEL. [/quote] 这是线程不是进程 [/quote] 我知道啊,你看看 If the input ProcessHandle is NULL, the created thread is associated with the system process. 这里的“system process”如何解释?? [/quote] 确实有个system进程,而且运行在核心态,这样的话还有个核心进程Idle。 |
|
|
|
14楼#
发布于:2005-03-16 11:11
[quote]谢谢楼上兄弟,问题提法确实不对,有谁对中进程间通信了解的?进程间用Port(此Port不同于网络间通信的端口)进行通信是其消息格式是什莫? 进程间通讯本机用LPC,通过网络用RPC。 具体的方法就是AllenZh大侠所说的: 应用程序间的进程间通信通常有:消息,管道,事件,共享内存,socket等等。 而驱动程序之间可以有: 共享内存,事件等等 进行通信是其消息格式一般不用去管它:系统会照顾的,只要传送你自己的数据就可以 [/quote] 可我就是要拦截其他进程间的通信,并对其通信内容进行分析的,所以要知道其消息格式,如任务管理器中的结束任务功能就是任务管理器通知smss.exe/csrss.exe去结束任务的,我要从消息中分析出他要结束那个程序(任务、进程) |
|
|
15楼#
发布于:2005-03-16 11:11
但我们创建不了这样的进程
|
|
|
|
16楼#
发布于:2005-03-16 11:19
但我们创建不了这样的进程 :D |
|
|
|
17楼#
发布于:2005-03-16 11:24
[quote][quote]谢谢楼上兄弟,问题提法确实不对,有谁对中进程间通信了解的?进程间用Port(此Port不同于网络间通信的端口)进行通信是其消息格式是什莫? 进程间通讯本机用LPC,通过网络用RPC。 具体的方法就是AllenZh大侠所说的: 应用程序间的进程间通信通常有:消息,管道,事件,共享内存,socket等等。 而驱动程序之间可以有: 共享内存,事件等等 进行通信是其消息格式一般不用去管它:系统会照顾的,只要传送你自己的数据就可以 [/quote] 可我就是要拦截其他进程间的通信,并对其通信内容进行分析的,所以要知道其消息格式,如任务管理器中的结束任务功能就是任务管理器通知smss.exe/csrss.exe去结束任务的,我要从消息中分析出他要结束那个程序(任务、进程) [/quote] 你是做进程控制吗?拦截进程简的通信实在是太大了,有些可能实现不了的,例如2个应用程序之间数据加密通信,你拦不了。 |
|
|
|
18楼#
发布于:2005-03-16 11:28
[quote][quote]谢谢楼上兄弟,问题提法确实不对,有谁对中进程间通信了解的?进程间用Port(此Port不同于网络间通信的端口)进行通信是其消息格式是什莫? 进程间通讯本机用LPC,通过网络用RPC。 具体的方法就是AllenZh大侠所说的: 应用程序间的进程间通信通常有:消息,管道,事件,共享内存,socket等等。 而驱动程序之间可以有: 共享内存,事件等等 进行通信是其消息格式一般不用去管它:系统会照顾的,只要传送你自己的数据就可以 [/quote] 可我就是要拦截其他进程间的通信,并对其通信内容进行分析的,所以要知道其消息格式,如任务管理器中的结束任务功能就是任务管理器通知smss.exe/csrss.exe去结束任务的,我要从消息中分析出他要结束那个程序(任务、进程) [/quote] 你去拦截ntdll中的NtTerminateProcess吧 |
|
|
|
19楼#
发布于:2005-03-16 13:39
要是你对两个程序一无所知,不知道他们之间是通过什么机制进行通信的,就没法拦截!
|
|
上一页
下一页