阅读:1232回复:6
问题已经解决
问题已经解决
|
|
沙发#
发布于:2007-11-23 12:19
GetModuleFileName其实是 ReadProcessMemory去读peb~
|
|
|
板凳#
发布于:2007-11-23 12:40
顶顶顶
|
|
地板#
发布于:2007-11-23 13:05
The LDR_DATA_TABLE_ENTRY structure is defined as follows:
typedef struct _LDR_DATA_TABLE_ENTRY { BYTE Reserved1[2]; LIST_ENTRY InMemoryOrderLinks; PVOID Reserved2[2]; PVOID DllBase; PVOID Reserved3[2]; UNICODE_STRING FullDllName; BYTE Reserved4[8]; PVOID Reserved5[3]; union { ULONG CheckSum; PVOID Reserved6; }; ULONG TimeDateStamp; } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY; FullDllName |
|
|
地下室#
发布于:2007-11-23 13:12
顶顶顶
|
|
5楼#
发布于:2007-11-23 13:57
ObReferenceObjectByHandle 然后 ObQueryNameString ?
|
|
6楼#
发布于:2007-11-23 14:50
为节省资源,老问题修改为新问题。
|
|