因此,为了监视和控制进程创建,我们所有要做的就是钩住这些API函数-它们无法旁路掉要创建一新进程所要执行的代码。
Therefore, in order to monitor and control process creation, all we have to do is to hook those API functions that cannot be bypassed by the code that is about to launch a new process.
这个函数在调用进程的地址空间创建一个线程。
This function creates a thread to execute within the address space of the calling process.
此函数由从托管的可执行程序集创建的进程中的加载程序调用。
This function is called by the loader in processes created from managed executable assemblies.
此函数由从托管的可执行程序集创建的进程中的加载程序调用。
This function is called by the loader in processes created from managed executable assemblies.
应用推荐