rk_exec.h

来自「能够在windows 2000以上操作系统下隐藏特定的进程」· C头文件代码 · 共 99 行

99 行

#ifndef _EXEC_H_
#define _EXEC_H_

#define SEC_IMAGE         0x1000000     

typedef enum _SECTION_INFORMATION_CLASS{
	SectionBasicInformation,
	SectionImageInformation
}SECTION_INFORMATION_CLASS;

typedef struct _SECTION_IMAGE_INFORMATION{
	PVOID	EntryPoint;
	ULONG	Unknown1;
	ULONG	StackReserve;
	ULONG	StackCommit;
	ULONG	SubSystem;
	USHORT	MinorSubSystemVersion;
	USHORT	MajorSubSystemVersion;
	ULONG	Unknown2;
	ULONG	Characteristics;
	USHORT	ImageNumber;
	BOOLEAN	Executable;
	UCHAR	Unknown3;
	ULONG	Unknown4[3];
}SECTION_IMAGE_INFORMATION,*PSECTION_IMAGE_INFORMATION;

typedef struct _USER_STACK{
	PVOID	FixedStackBase;
	PVOID	FixedStackLimit;
	PVOID	ExpandableStackBase;
	PVOID	ExpandableStackLimit;
	PVOID	ExpandableStackBottom;
}USER_STACK,*PUSER_STACK;


typedef struct _PROCESS_PARAMETERS{
	ULONG	AllocationSize;
	ULONG	Size;
	ULONG	Flags;
	ULONG	Reserved;
	LONG	Console;
	ULONG	ProcessGroup;
	HANDLE	hStdInput;
	HANDLE	hStdOutput;
	HANDLE	hStdError;
	UNICODE_STRING	CurrentDirectoryName;
	HANDLE			CurrentDirectoryHandle;
	UNICODE_STRING	DllPath;
	UNICODE_STRING	ImageFile;
	UNICODE_STRING	CommandLine;
	PWSTR	Environment;
	ULONG	dwX;
	ULONG	dwY;
	ULONG	dwXSize;
	ULONG	dwYSize;
	ULONG	dwXCountChars;
	ULONG	dwYCountChars;
	ULONG	dwFillAttribute;
	ULONG	dwFlags;
	ULONG	wShowWindow;
	UNICODE_STRING	WindowTitle;
	UNICODE_STRING	Desktop;
	UNICODE_STRING	Reserved2;
	UNICODE_STRING	Reserved3;
}PROCESS_PARAMETERS,*PPROCESS_PARAMETERS;


typedef struct _PORT_MESSAGE{
	USHORT	DataSize;
	USHORT	MessageSize;
	USHORT	MessageType;
	USHORT	VirtualRangesOffset;
	CLIENT_ID	ClientId;
	ULONG	MessageId;
	ULONG	SectionSize;
}PORT_MESSAGE,*PPORT_MESSAGE;


typedef struct _CSRSS_MESSAGE{
	ULONG	Unknwon1;
	ULONG	Opcode;
	ULONG	Status;
	ULONG	Unknwon2;
}CSRSS_MESSAGE,*PCSRSS_MESSAGE;

typedef struct _PROCESS_INFORMATION {
    HANDLE	hProcess;
    HANDLE	hThread;
    ULONG	dwProcessId;
    ULONG	dwThreadId;
} PROCESS_INFORMATION, *PPROCESS_INFORMATION, *LPPROCESS_INFORMATION;


// The promise function...
int exec(PUNICODE_STRING ImageName);

extern int ObOpenObjectByPointer();

#endif

rk_exec.h - 源码说明

本页面展示了「能够在windows 2000以上操作系统下隐藏特定的进程」中的 rk_exec.h 源码文件，采用 C头文件编程语言编写，共 99 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与windows相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C

搜索代码Ctrl + F

全屏模式F11

增大字号Ctrl + =

减小字号Ctrl + -

显示快捷键?