如何从EXTERN进程的进程环境块

如何从EXTERN进程的进程环境块

本文介绍了如何从EXTERN进程的进程环境块(PEB)?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

所以...我需要得到从的notepad.exe的过程中PEB,有人知道如何做呢?

So... I need get the peb from the "notepad.exe" process, someone knows how to make it?

我是用的GetModuleHandleAPI努力,但是......不返回我的指针(每次返回我零),因为我必须在该模块的调用者的过程。

I was trying with the "GetModuleHandle" API, but... doesn't returns me the pointer (everytime returns me zero) because I have to be the caller process of that module.

出于这个原因,我想知道如何与EnumProcessModules或CreateToolhelp32Snapshot。

For that reason, I want to know how to get it with the "EnumProcessModules" or "CreateToolhelp32Snapshot".

如果有人知道的请告诉我如何提前,感谢!

If someone know please tell me how, thanks in advance!.

推荐答案

马特Pietrek在描述了如何做一个的。它是关于如何获得另一方法,其中第一步骤是获得一个指针到PEB的环境变量。为了做到这一点,他说,叫。它填补了 PROCESS_BASIC_INFORMATION 结构包含PEB结构的基址。 (您需要使用 ReadProcessMemory 来读它,因为该地址将在外部进程的地址空间的背景下,不是你的。)

Matt Pietrek described how to do that in a 1994 Under the Hood column. It was about how to get the environment variables of another process, where the first step is to get a pointer to the PEB. To do that, he says, call NtQueryInformationProcess. The PROCESS_BASIC_INFORMATION structure it fills contains the base address of the PEB structure. (You'll need to use ReadProcessMemory to read it since the address will be in the context of the external process's address space, not yours.)

要叫 NtQueryInformationProcess ,你需要一个句柄的过程。如果你开始自己的过程(通过调用的CreateProcess ),那么你已经有了一个句柄。否则,你需要找到进程ID,然后调用调用OpenProcess 。要获取进程ID,搜索你想与 EnumProcesses Process32First / Process32Next进程。 (我preFER,因为它提供了较少的工作更多信息后者。)

To call NtQueryInformationProcess, you'll need a handle to the process. If you started the process yourself (by calling CreateProcess), then you already have a handle. Otherwise, you'll need to find the process ID and then call OpenProcess. To get the process ID, search for the process you want with EnumProcesses or Process32First/Process32Next. (I prefer the latter because it provides more information with less work.)

这篇关于如何从EXTERN进程的进程环境块(PEB)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-22 15:30