OpenProcess的内核模式版本
[英]kernel mode version of OpenProcess
问题描述
Is there a kernel mode version of OpenProcess function? 
有OpenProcess函数的内核模式版本吗?
Basically I want to get a process HANDLE from process ID. 基本上,我想从进程ID获取进程HANDLE。 Specifically, I want to get the HANDLE of System Process ID. 具体来说,我想获取系统进程ID的HANDLE。
Thanks! 谢谢!
1 个解决方案
解决方案1
0 已采纳 2017-12-05 07:56:14
If you are in an arbitrary system thread you can use ZwCurrentProcess(), otherwise you will need to figure out the ID of a system thread somehow and use ZwOpenProcess. 如果您位于任意系统线程中,则可以使用ZwCurrentProcess(),否则,您将需要以某种方式找出系统线程的ID并使用ZwOpenProcess。
You might also look to see if there is a way to convert the result of PsInitialSystemProcess to a process handle (or maybe PsInitialSystemProcess is what you are really after). 您可能还会想看看是否有一种方法可以将PsInitialSystemProcess的结果转换为进程句柄(或者也许您真正追求的是PsInitialSystemProcess)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.