16,467
社区成员
发帖
与我相关
我的任务
分享
ULONG pid = 0;
NTSTATUS status = 0;
NTSTATUS rc = 0;
PEPROCESS EProcess;
LPTSTR lpCurProc;
//调用ZwQueryInformationProcess得到PID
ULONG Rlen;
PVOID pBuffer;
PROCESS_BASIC_INFORMATION *pbi;
pBuffer = ExAllocatePoolWithTag(PagedPool, sizeof(PROCESS_BASIC_INFORMATION),0x123456);
status = ZwQueryInformationProcess(ProcessHandle,
ProcessBasicInformation,
pBuffer,
sizeof(PROCESS_BASIC_INFORMATION),
&Rlen);
if(!NT_SUCCESS(status))
{
ExFreePool(pBuffer);//释放分配的内存
//DbgPrint("ZwQueryInformationProcess() wrong!\n");
//return -1;
rc = (NTSTATUS)(REALZwTerminateProcess)RealZwTerminateProcess(ProcessHandle,ExitStatus);
return rc;
}
pbi = (struct _PROCESS_BASIC_INFORMATION *)pBuffer;
//DbgPrint("ProcessHandle代表进程%d!",pbi->UniqueProcessId);
pid = (ULONG)pbi->UniqueProcessId;