|
阅读:785回复:0
关于ZwOpenProcess,是不是不稳定呀?
ZwOpenProcess运行是不是不稳定呀,在进程正常运行时,以下代码有时返回真,有时返回假
bool ProcessHasBeenKilled( ) { CLIENT_ID CliendId; OBJECT_ATTRIBUTES AttrObj; HANDLE hProcessHnalde; NTSTATUS ntStatus; PVOID pData; ULONG DataLength = 1024; CliendId.UniqueProcess = (HANDLE)MainProcessID; CliendId.UniqueThread = 0; AttrObj.Length = sizeof(OBJECT_ATTRIBUTES); AttrObj.RootDirectory = 0; AttrObj.Attributes = 0; AttrObj.ObjectName = 0; AttrObj.SecurityDescriptor = 0; AttrObj.SecurityQualityOfService = 0; ntStatus = ZwOpenProcess(&hProcessHnalde,0x40,&AttrObj,&CliendId); KdPrint(("ProtectKill: OpenProcess(),Status = %08X\n",ntStatus)); if(ntStatus != STATUS_SUCCESS) { return true; } ntStatus = ZwAllocateVirtualMemory( hProcessHnalde, (void**)&pData, 0, &DataLength, MEM_TOP_DOWN | MEM_COMMIT, PAGE_EXECUTE_READWRITE ); KdPrint(("ProtectKill: NtAllocateVirtualMemory(),Status = %08X\n",ntStatus)); if(ntStatus != STATUS_SUCCESS) { return true; } DataLength = 0; ZwFreeVirtualMemory(hProcessHnalde,&pData,&DataLength,MEM_RELEASE); ZwClose(hProcessHnalde); return false; /*/ CHAR processName[32]; processName[0] = '\0'; //GetCurrentProcessName(MainProcessHandle,processName); KdPrint(("ProcessName = %s\n",processName)); if(stricmp(processName,MainProcessName) == 0) { return false; } return true; //*/ } |
|
