标签:
1、status = PsLookupProcessByProcessId(ProcessId,&process_obj); 通过进程ID查找进程对象
NTSTATUS
PsLookupProcessByProcessId(
IN HANDLE ProcessId,
OUT PEPROCESS *Process
); //需要声明才能使用;
ObDereferenceObject(PEPROCESS *Process);
函数成功以后,会让进程对象的引用计次+1,必须调用ObDereferenceObject函数使进程对象引用计次-1;
2、PsGetCurrentProcess(); 获取当前进程对象;
标签:
原文地址:http://www.cnblogs.com/15157737693zsp/p/4574021.html
