约有 112 项符合查询结果, 以下是第 7 - 12项。
费时 < 1 秒。
2楼说的并不完全正确,父进程中只有标志为OBJ_INHERIT的句柄才能被子进程继承
CreateProcessW中的bInheritHandles为TRUE,会在NtCreateProcess->PspCreateProcess->ObInitProcess->ExDupHandleTable中体现
其中ObDupHandleProcedure中存在判断:
//
// If the object table should not inherited then return false
//
if (!(ObjectTableEntry->ObAttributes & OBJ_INHERIT)) ...
Posted in Windows内核调试
by
MJ0011
on 2009-03-02
关于论坛的问题怎么我的反馈就一直没人理呢,,,难道是发错版了
http://advdbg.org/forums/1792/ShowPost.aspx#1792
Posted in Windows内核调试
by
MJ0011
on 2009-02-25
你应该取了非I386的NTLDR_DBG文件
参考WINDOWS的BOOT代码:
if ((FileHeader->Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE) == 0) {
puts(SU_NTLDR_CORRUPT);
WAITFOREVER;
}
if (FileHeader->Machine != IMAGE_FILE_MACHINE_I386) {
puts(SU_NTLDR_CORRUPT);
WAITFOREVER;
}
Posted in Windows内核调试
by
MJ0011
on 2009-02-25
可能需要ifs ddk
http://bbs.driverdevelop.com/read.php?tid-96460.html这里有下载
Posted in Windows内核调试
by
MJ0011
on 2009-02-25
1.从BIN上闭功能逐步逼近
2.用SOFTICE看能否从死机状态下得到控制,一般可以看到什么东西导致死机~
3.用i8042 bsod法
Posted in Windows内核调试
by
MJ0011
on 2009-02-23
iopageread实际是发到了fileobject的filter上即FSD上
其fileobject是ntcreatepagingfile时存入mmpagefile链表内的
Posted in Windows内核
by
MJ0011
on 2009-02-19