科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>windows - Unable to set instrumentation callback on other processes - Stack Overflow

    windows - Unable to set instrumentation callback on other processes - Stack Overflow

    programmeradmin1浏览0评论

    Im trying to set a instrumentation callback on another process but it gives me 0xc000000d (STATUS_INVALID_PARAMETER) but if I set it on the current process then it succeeds.

    Does anyone know what I am doing wrong.

    #define ProcessInstrumentationCallback 0x28

typedef struct _ProcessInstrumentationCallback
{
    ULONG version;
    ULONG reserved;
    PVOID callback;
};

extern "C"
{
    NTSTATUS NtSetInformationProcess(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength);
}

const auto process_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_id);
if (!is_handle_valid(process_handle))
{
    printf("Unable to open handle: 0x%x\n", process_handle);
    return 0;
}
printf("Handle: 0x%x\n", process_handle);

_ProcessInstrumentationCallback info;
info.callback = nullptr;
info.reserved = 0;
info.version = 0;

NTSTATUS status = NtSetInformationProcess(process_handle, (PROCESSINFOCLASS)ProcessInstrumentationCallback, &info, sizeof(info));
printf("0x%x\n", status);

    Im trying to set a instrumentation callback on another process but it gives me 0xc000000d (STATUS_INVALID_PARAMETER) but if I set it on the current process then it succeeds.

    Does anyone know what I am doing wrong.

    #define ProcessInstrumentationCallback 0x28

typedef struct _ProcessInstrumentationCallback
{
    ULONG version;
    ULONG reserved;
    PVOID callback;
};

extern "C"
{
    NTSTATUS NtSetInformationProcess(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength);
}

const auto process_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_id);
if (!is_handle_valid(process_handle))
{
    printf("Unable to open handle: 0x%x\n", process_handle);
    return 0;
}
printf("Handle: 0x%x\n", process_handle);

_ProcessInstrumentationCallback info;
info.callback = nullptr;
info.reserved = 0;
info.version = 0;

NTSTATUS status = NtSetInformationProcess(process_handle, (PROCESSINFOCLASS)ProcessInstrumentationCallback, &info, sizeof(info));
printf("0x%x\n", status);
    • windows
    • kernel
    • 64-bit
    • ntdll
    Share Improve this question asked Nov 18, 2024 at 20:46 user24684540user24684540 335 bronze badges
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    I fixed it by allocating a buffer in the target process and writing the structure to the buffer then changing the ProcessInformation argument to a pointer to the buffer and changing ProcessInformationLength to the size of the buffer

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论