-
与pssetcreateprocessnotifyroutine,pssetcreatethreadnotifyroutine线程问题。
用PsSetCreateProcessNotifyRoutine,PsSetCreateThreadNotifyRoutine来进行进程线程监控我想大家已经都非常熟练了.sinister在一文中已经实现得很好了.前一段时间看到网上有人在研究监视远线程的文章,比较有意思.就写代码玩一玩.这之中就出现了一些问题.比方说直接用sinister的代码的话,是不能动态卸载的,因为他在安装了进线程监视函数后没有进行清除动作,造成在动态卸载时蓝屏,BUGCHECK为0x000000ce,错误码为:DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS.很显然,在驱动退出后,一些进线程操作仍然在访问原来的地址,造成出错.在XP后,微软给出了一个函数PsRemoveCreateThreadNotifyRoutine用来清除线程监视函数(清除进程监视的就是PsSetCreateProcessNotifyRoutine).我一直奇怪ICESWORD在2000中是怎么做到进线程监视的.后来才发现,在运行icesword后释放出一个detport.sys文件,然后一直在系统中存在着没有卸载掉.只是把它隐藏了而已^_^.这不是个好消息,难道我为了测试一个驱动,测试一次就得重启一次吗?呵呵,肯定不是啊,所以想办法搞定它.-with PsSetCreateProcessNotifyRoutine, PsSetCreateThreadNotifyRoutine thread to process control, I think we had a very skilled. Sinister In "" A text has been achieved in very good. Some time ago the Internet was seen in the surveillance study of the threads from article more interesting. Write playing with a code to play. on this issue, there have been some proble
- 2023-06-28 21:35:02下载
- 积分:1
-
This example describes the synchronization between multiple threads and run to a...
本例介绍了多线程之间的同步和运行,实现两个小球交替运动-This example describes the synchronization between multiple threads and run to achieve two ball alternating movement
- 2023-06-22 14:05:05下载
- 积分:1
-
程序主要功能是查看进程下线程和堆栈的信息。
程序主要功能是查看进程下线程和堆栈的信息。-procedures main function is to process View Thread and stack information.
- 2022-02-03 18:15:17下载
- 积分:1
-
发送消息给某个只知道进程句柄的程序的主窗口的程序
发送消息给某个只知道进程句柄的程序的主窗口的程序- The transmission news only knows the advancement sentence
handle for some the procedure main window procedure
- 2022-06-26 16:40:37下载
- 积分:1
-
1.ListCtrl控件中罗列所有进程及线程详细信息,进程处理 2.ListCtrl控件内容排序...
1.ListCtrl控件中罗列所有进程及线程详细信息,进程处理 2.ListCtrl控件内容排序-1.ListCtrl controls were to list all processes and threads detailed information, process control content processing 2.ListCtrl Ranking
- 2022-10-28 21:35:03下载
- 积分:1
-
在MFC下创建一个进程的例子
在MFC下创建一个进程的例子-MFC in the process of creating an example
- 2022-04-09 07:43:11下载
- 积分:1
-
一个用C做得存储管理,很好用的,是操作系统的实验
一个用C做得存储管理,很好用的,是操作系统的实验-doing a C storage management, good use, the operating system is experimental
- 2022-03-24 23:02:36下载
- 积分:1
-
vc environment, mfc multi
vc++环境,mfc实现多线程,适用初学者学习之用-vc environment, mfc multi-threaded, applicable with beginners learning
- 2022-02-20 10:54:27下载
- 积分:1
-
一个查看系统进程和杀死系统进程的工具,效果很好,功能强大。...
一个查看系统进程和杀死系统进程的工具,效果很好,功能强大。-a systematic process and the process of killing system tools and the results very good, powerful.
- 2023-05-30 22:45:02下载
- 积分:1
-
多线程串口通信,开发环境VC6.0,适合初学着阅读,对线程有一定了解,在win2000调试通过...
多线程串口通信,开发环境VC6.0,适合初学着阅读,对线程有一定了解,在win2000调试通过-Multi-threaded serial communications, development environment VC6.0, suitable for a beginner to read, have a certain understanding of the threads in the debugger through win2000
- 2023-07-24 04:30:03下载
- 积分:1
