UnknownObject
/
NTV02_CriticalProcess
mirror of https://github.com/UnknownObject000/NTV02_CriticalProcess.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
1.0.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '804cf47429'
${ noResults }
NTV02_CriticalProcess/README.md

138 lines
4.3 KiB
Markdown
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# NTV02_CriticalProcess
NTAPI系统关键进程视频源代码用于演示未公开的API
- RtlSetProcessIsCritical
- RtlSetThreadIsCritical
- NtQueryInformationProcess
## 关于RtlSetProcessIsCritical
### 函数原型
```c++
VOID RtlSetProcessIsCritical(BOOLEAN NewValue, PBOOLEAN OldValue, BOOLEAN IsWinlogon);
```
## 关于RtlSetThreadIsCritical
### 函数原型
```c++
VOID RtlSetThreadIsCritical(BOOLEAN NewValue, PBOOLEAN OldValue, BOOLEAN IsWinlogon);
```
## 关于NtQueryInformationProcess
### 函数原型
```c++
NTSTATUS NtQueryInformationProcess(IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength);
```
### 未导出类型
```c++
enum PROCESSINFOCLASS
{
ProcessBasicInformation = 0x00,
ProcessQuotaLimits = 0x01,
ProcessIoCounters = 0x02,
ProcessVmCounters = 0x03,
ProcessTimes = 0x04,
ProcessBasePriority = 0x05,
ProcessRaisePriority = 0x06,
ProcessDebugPort = 0x07,
ProcessExceptionPort = 0x08,
ProcessAccessToken = 0x09,
ProcessLdtInformation = 0x0A,
ProcessLdtSize = 0x0B,
ProcessDefaultHardErrorMode = 0x0C,
ProcessIoPortHandlers = 0x0D,
ProcessPooledUsageAndLimits = 0x0E,
ProcessWorkingSetWatch = 0x0F,
ProcessUserModeIOPL = 0x10,
ProcessEnableAlignmentFaultFixup = 0x11,
ProcessPriorityClass = 0x12,
ProcessWx86Information = 0x13,
ProcessHandleCount = 0x14,
ProcessAffinityMask = 0x15,
ProcessPriorityBoost = 0x16,
ProcessDeviceMap = 0x17,
ProcessSessionInformation = 0x18,
ProcessForegroundInformation = 0x19,
ProcessWow64Information = 0x1A,
ProcessImageFileName = 0x1B,
ProcessLUIDDeviceMapsEnabled = 0x1C,
ProcessBreakOnTermination = 0x1D,
ProcessDebugObjectHandle = 0x1E,
ProcessDebugFlags = 0x1F,
ProcessHandleTracing = 0x20,
ProcessIoPriority = 0x21,
ProcessExecuteFlags = 0x22,
ProcessResourceManagement = 0x23,
ProcessCookie = 0x24,
ProcessImageInformation = 0x25,
ProcessCycleTime = 0x26,
ProcessPagePriority = 0x27,
ProcessInstrumentationCallback = 0x28,
ProcessThreadStackAllocation = 0x29,
ProcessWorkingSetWatchEx = 0x2A,
ProcessImageFileNameWin32 = 0x2B,
ProcessImageFileMapping = 0x2C,
ProcessAffinityUpdateMode = 0x2D,
ProcessMemoryAllocationMode = 0x2E,
ProcessGroupInformation = 0x2F,
ProcessTokenVirtualizationEnabled = 0x30,
ProcessConsoleHostProcess = 0x31,
ProcessWindowInformation = 0x32,
ProcessHandleInformation = 0x33,
ProcessMitigationPolicy = 0x34,
ProcessDynamicFunctionTableInformation = 0x35,
ProcessHandleCheckingMode = 0x36,
ProcessKeepAliveCount = 0x37,
ProcessRevokeFileHandles = 0x38,
ProcessWorkingSetControl = 0x39,
ProcessHandleTable = 0x3A,
ProcessCheckStackExtentsMode = 0x3B,
ProcessCommandLineInformation = 0x3C,
ProcessProtectionInformation = 0x3D,
ProcessMemoryExhaustion = 0x3E,
ProcessFaultInformation = 0x3F,
ProcessTelemetryIdInformation = 0x40,
ProcessCommitReleaseInformation = 0x41,
ProcessDefaultCpuSetsInformation = 0x42,
ProcessAllowedCpuSetsInformation = 0x43,
ProcessSubsystemProcess = 0x44,
ProcessJobMemoryInformation = 0x45,
ProcessInPrivate = 0x46,
ProcessRaiseUMExceptionOnInvalidHandleClose = 0x47,
ProcessIumChallengeResponse = 0x48,
ProcessChildProcessInformation = 0x49,
ProcessHighGraphicsPriorityInformation = 0x4A,
ProcessSubsystemInformation = 0x4B,
ProcessEnergyValues = 0x4C,
ProcessActivityThrottleState = 0x4D,
ProcessActivityThrottlePolicy = 0x4E,
ProcessWin32kSyscallFilterInformation = 0x4F,
ProcessDisableSystemAllowedCpuSets = 0x50,
ProcessWakeInformation = 0x51,
ProcessEnergyTrackingState = 0x52,
ProcessManageWritesToExecutableMemory = 0x53,
ProcessCaptureTrustletLiveDump = 0x54,
ProcessTelemetryCoverage = 0x55,
ProcessEnclaveInformation = 0x56,
ProcessEnableReadWriteVmLogging = 0x57,
ProcessUptimeInformation = 0x58,
ProcessImageSection = 0x59,
ProcessDebugAuthInformation = 0x5A,
ProcessSystemResourceManagement = 0x5B,
ProcessSequenceNumber = 0x5C,
ProcessLoaderDetour = 0x5D,
ProcessSecurityDomainInformation = 0x5E,
ProcessCombineSecurityDomainsInformation = 0x5F,
ProcessEnableLogging = 0x60,
ProcessLeapSecondInformation = 0x61,
ProcessFiberShadowStackAllocation = 0x62,
ProcessFreeFiberShadowStackAllocation = 0x63,
MaxProcessInfoClass = 0x64
};
```
### 特殊说明
```NtQueryInformationProcess```函数及其未导出类型也可在```winternl.h```中找到。
Reference in New Issue View Git Blame Copy Permalink