Welcome![Sign In][Sign Up]
Location:
Downloads SourceCode OS program
Title: qwe Download
 Description: Procedures with the way the kernel driver into the ring0, then visit EPROCESS structure, the structure found in EPROCESS process chain, which can realize the process of enumeration, but because the system process PID to 0 in the Idle and no chain. So by this method naturally can not find it to. process output can softice or DebugView tool to view. This program only under XP through debugging.
 To Search:
File list (Check if you may need any files):
通过进程链枚举进程_asm.txt
    

CodeBus www.codebus.net