admin管理员组

文章数量:1434794

Im trying to set a instrumentation callback on another process but it gives me 0xc000000d (STATUS_INVALID_PARAMETER) but if I set it on the current process then it succeeds.

Does anyone know what I am doing wrong.

#define ProcessInstrumentationCallback 0x28

typedef struct _ProcessInstrumentationCallback
{
    ULONG version;
    ULONG reserved;
    PVOID callback;
};

extern "C"
{
    NTSTATUS NtSetInformationProcess(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength);
}

const auto process_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_id);
if (!is_handle_valid(process_handle))
{
    printf("Unable to open handle: 0x%x\n", process_handle);
    return 0;
}
printf("Handle: 0x%x\n", process_handle);

_ProcessInstrumentationCallback info;
info.callback = nullptr;
info.reserved = 0;
info.version = 0;

NTSTATUS status = NtSetInformationProcess(process_handle, (PROCESSINFOCLASS)ProcessInstrumentationCallback, &info, sizeof(info));
printf("0x%x\n", status);

Im trying to set a instrumentation callback on another process but it gives me 0xc000000d (STATUS_INVALID_PARAMETER) but if I set it on the current process then it succeeds.

Does anyone know what I am doing wrong.

#define ProcessInstrumentationCallback 0x28

typedef struct _ProcessInstrumentationCallback
{
    ULONG version;
    ULONG reserved;
    PVOID callback;
};

extern "C"
{
    NTSTATUS NtSetInformationProcess(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength);
}

const auto process_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_id);
if (!is_handle_valid(process_handle))
{
    printf("Unable to open handle: 0x%x\n", process_handle);
    return 0;
}
printf("Handle: 0x%x\n", process_handle);

_ProcessInstrumentationCallback info;
info.callback = nullptr;
info.reserved = 0;
info.version = 0;

NTSTATUS status = NtSetInformationProcess(process_handle, (PROCESSINFOCLASS)ProcessInstrumentationCallback, &info, sizeof(info));
printf("0x%x\n", status);
  • windows
  • kernel
  • 64-bit
  • ntdll
Share Improve this question asked Nov 18, 2024 at 20:46 user24684540user24684540 335 bronze badges
Add a comment  | 

1 Answer 1

Reset to default 0

I fixed it by allocating a buffer in the target process and writing the structure to the buffer then changing the ProcessInformation argument to a pointer to the buffer and changing ProcessInformationLength to the size of the buffer

本文标签: windowsUnable to set instrumentation callback on other processesStack Overflow

版权声明:本文标题:windows - Unable to set instrumentation callback on other processes - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745595381a2665447.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。