<acronym id="qkcuo"></acronym>
posted on 2007-09-24 15:08 葉子 閱讀(4823) 評論(2) 編輯 收藏 引用 所屬分類: 技術研究
這是ring0的代碼么? 回復 更多評論
NtUnmapViewOfSection可以再Ring3下使用。 我用VB做給你看 Private Declare Function NtUnmapViewOfSection Lib "ntdll.dll" (ByVal ProcessHandle As Long ,ByVal BaseAddress As Long)As Long Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long ,ByVal bInheritHandle As Boolean, ByVal dwProcessId As Long)As Long Private Declare Function GetModuleHandleA Lib "kernel32" (ByVal lpModuleFileName As String) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Private Sub UnloadNtdll(ByVal PID As Long) Dim hProc As Long hProc = OpenProcess(&h8 Or &H400, False, PID) If hProc = 0 Then Exit Sub NtUnmapViewOfSection hProc, GetModuleHandleA("ntdll.dll") CloseHandle hProc End Sub 回復 更多評論
Powered by: C++博客 Copyright © 葉子
<code id="uywck"></code>