因此,为了监视和控制进程创建,我们所有要做的就是钩住这些API函数-它们无法旁路掉要创建一新进程所要执行的代码。
Therefore, in order to monitor and control process creation, all we have to do is to hook those API functions that cannot be bypassed by the code that is about to launch a new process.
尽管我们可以在创建进程时指定环境,不过也有特定函数可以在进程创建后设置和获得环境变量。
Even though we can specify the environment when we create the process, there are also specific functions to set and obtain environment variables after the process is created.
这个函数在调用进程的地址空间创建一个线程。
This function creates a thread to execute within the address space of the calling process.
此函数由从托管的可执行程序集创建的进程中的加载程序调用。
This function is called by the loader in processes created from managed executable assemblies.
此函数由从托管的可执行程序集创建的进程中的加载程序调用。
This function is called by the loader in processes created from managed executable assemblies.
应用推荐