Python
Java
PHP
IOS
Android
Nodejs
JavaScript
Html5
Windows
Ubuntu
Linux
遍历_EPROCESS->ObjectTable->HandleTableList链表枚举进程
include lt ntifs h gt include lt ntddk h gt UCHAR PsGetProcessImageFileName in PEPROCESS Process HANDLE PsGetProcessInhe
eprocess
ObjectTable
HandleTableList
链表枚举进程
通过遍历系统句柄信息(SystemHandleInformation),获取系统进程和当前进程的eprocess
实验环境 xff1a win10 1909 64 2022 03 24 在 win11 10 0 2200 318上 xff0c 调用ZwQuerySystemInformation获取句柄信息 xff0c 返回错误 0xc0000005
SystemHandleInformation
eprocess
通过遍历系统句柄信息
获取系统进程和当前进程