如何解决32位进程无法在Windows10 x64系统上获得另一个32位进程的PEB
代码:
STARTUPINFO si = { 0 };
PROCESS_informatION pi = { 0 };
WCHAR lpCmdline[] = L"ad.exe";
if (!CreateProcess(
NULL,lpCmdline,NULL,TRUE,CREATE_SUSPENDED,&si,&pi)) {
wprintf(L"Create process fail: %d\n",GetLastError());
return -1;
}
PROCESS_BASIC_informatION pbi = { 0 };
NtQueryinformationProcessFn pNtQueryinformationProcess = (NtQueryinformationProcessFn) \
GetProcAddress(LoadLibrary(L"ntdll"),"NtQueryinformationProcess");
ULONG dwRead;
if (NT_ERROR(pNtQueryinformationProcess(
pi.hProcess,ProcessBasicinformation,&pbi,sizeof pbi,&dwRead))) {
wprintf(L"Call NtQueryinformationProcess error: %d\n",GetLastError());
return -1;
}
PEB peb = { 0 };
SIZE_T stRead;
if (!ReadProcessMemory(pi.hProcess,pbi.PebBaseAddress,&peb,sizeof PEB,NULL)) {
wprintf(L"Call ReadProcessMemory fail: %d\n",GetLastError());
return -1;
}
return 0;
编译为x86二进制,ad.exe也是x86二进制。系统是Windows10 64位
PS C:\> .\t.exe
Call ReadProcessMemory fail: 6
PS C:\> file .\t.exe
.\t.exe: PE32 executable (console) Intel 80386,for MS Windows
PS C:\> file .\ad.exe
.\ad.exe: PE32 executable (console) Intel 80386,for MS Windows
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
