标签: windows hook driver kernel
NTSTATUS fakeZwCreateProcess(HANDLE ProcessHandle , NTSTATUS ExitStatus ) { }
ProcessHandle是句柄(内核句柄)处理它将终止,如何从中查找PID
我需要
if(mypid==pid_from_handle) {
答案 0 :(得分:1)
ZwQueryInformationProcess(ProcessBasicInformation)