当前位置:网站首页>Record the process of reverse task manager
Record the process of reverse task manager
2022-07-06 03:22:00 【Yulong_】
keyword :
Task manager , reverse ,WdcSafeOpenProcess,ResolveImagePath_Desktop,OpenProcess
Preface
Record the process of this reverse task manager , The whole process is relatively pleasant and easy .
There is no detailed analysis of the function implementation of the task manager , In this reverse , only Focus on a function point —— How does the task manager get the process id by 4 Of system Of relevant information ? Because I've done Windows The process related programming is clear , Microsoft offers API Function except to get System Process name and pid Outside , Other information ( Such as path 、 Command line, etc ) It's impossible to get .
Text
Let's take a look at the display of the task manager :
Where did the description information of this process come from ? We can even right-click to open the location of the file ...
First , open IDA, Let's start with a wave of Static analysis :
From the import table , See how the task manager gets the process handle ( Guess there is special treatment here ?)
We see OpenProcess function , Take a look at how it is called in the task manager , View the of this function Cross reference
边栏推荐
猜你喜欢
![[risc-v] external interrupt](/img/9d/eb1c27e14045d9f1f690f4a7f5c596.jpg)
随机推荐
Modeling specifications: naming conventions
教你用Pytorch搭建一个自己的简单的BP神经网络( 以iris数据集为例 )
Item 10: Prefer scoped enums to unscoped enums.
Analyze menu analysis
BUUCTF刷题笔记——[极客大挑战 2019]EasySQL 1
深入探究指针及指针类型
SWC introduction
Four logs of MySQL server layer
MySQL advanced notes
[rust notes] 18 macro
Python implementation of maddpg - (1) openai maddpg environment configuration
[pointer training - eight questions]
Remote Sensing Image Super-resolution and Object Detection: Benchmark and State of the Art
pytorch加载数据
Yyds dry inventory what is test driven development
ERA5再分析资料下载攻略
Who is the winner of PTA
Problems encountered in 2022 work IV
Redis SDS principle
手写数据库客户端