拡張カーネルにGetProcessIdOfThread を実装してみた。
GetProcessIdOfThread() on Windows XP
拡張カーネルに GetProcessIdOfThread を実装してみた。
参考にしたサイト
GetProcessIdOfThread: push ebp mov ebp,esp push ebx push esi push edi push ebp mov ebp,esp sub esp,00000024h mov eax,[ebp+08h] push edi push eax push 00000000h push 00000040h call OpenThread mov edi,eax test edi,edi jz L77EA93AD xor eax,eax mov dword ptr [ebp-08h],00000000h push esi mov [ebp-24h],eax mov [ebp-20h],eax mov [ebp-1Ch],eax mov [ebp-18h],eax mov [ebp-14h],eax mov [ebp-10h],eax mov [ebp-0Ch],eax lea eax,[ebp-08h] push eax push 0000001Ch lea eax,[ebp-24h] push eax push 00000000h push edi call [ntdll.dll!NtQueryInformationThread] push edi mov esi,eax call CloseHandle test esi,esi pop esi js L77EA93AD mov eax,[ebp-1Ch] pop edi mov esp,ebp pop ebp retn ;------------------------------------------------------------------------------ L77EA93AD: xor eax,eax pop edi mov esp,ebp pop ebp retn |
Translate
Comments