ZwCreateProcess和ZwCreateProcessEx的区别
答案:2 悬赏:10
解决时间 2021-03-14 10:46
- 提问者网友:曖昧情执
- 2021-03-14 03:26
RT,什么时候该调用哪一个?
最佳答案
- 二级知识专家网友:错过的是遗憾
- 2021-03-14 04:10
typedef NTSTATUS (NTAPI * ZWCREATEPROCESS)(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE Inherit,
IN BOOLEAN IngeritHandle,
IN HANDLE sectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL
);
typedef NTSTATUS (* ZWCREATEPROCESSEX)(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ParentProcess,
IN BOOLEAN InheritObjectTable,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL,
IN HANDLE UnknownHandle //------------->多了一个参数
);
xp下,在内核,ZwCreateProcess->SSDT->NtCreateProcess->NtCreateProcessEx;
在应用层CreateProcess,WinExec,ShellExecute调用ZwCreateProcessEx进入内核,也就是说ZwCreateProcess没有用到,ZwCreateProcess应该是xp以前的系统遗留下来的API,现在似乎没用了。
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE Inherit,
IN BOOLEAN IngeritHandle,
IN HANDLE sectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL
);
typedef NTSTATUS (* ZWCREATEPROCESSEX)(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN HANDLE ParentProcess,
IN BOOLEAN InheritObjectTable,
IN HANDLE SectionHandle OPTIONAL,
IN HANDLE DebugPort OPTIONAL,
IN HANDLE ExceptionPort OPTIONAL,
IN HANDLE UnknownHandle //------------->多了一个参数
);
xp下,在内核,ZwCreateProcess->SSDT->NtCreateProcess->NtCreateProcessEx;
在应用层CreateProcess,WinExec,ShellExecute调用ZwCreateProcessEx进入内核,也就是说ZwCreateProcess没有用到,ZwCreateProcess应该是xp以前的系统遗留下来的API,现在似乎没用了。
全部回答
- 1楼网友:滚出爷的世界
- 2021-03-14 04:32
搜一下:ZwCreateProcess和ZwCreateProcessEx的区别
我要举报
如以上问答内容为低俗、色情、不良、暴力、侵权、涉及违法等信息,可以点下面链接进行举报!
大家都在看
推荐资讯