提问人:used to be young 提问时间:11/12/2023 最后编辑:used to be young 更新时间:11/15/2023 访问量:128
如何使用 NtCreateUserProcess() 设置和读取进程的 StandardOutput/StandardError?[关闭]
How can I setup and read from a process's StandardOutput/StandardError using NtCreateUserProcess()? [closed]
问:
根据评论中的要求,我使用 Win32 函数制作了管道:
SECURITY_ATTRIBUTES saAttr;
saAttr.nLength = sizeof(SECURITY_ATTRIBUTES);
saAttr.bInheritHandle = TRUE;
saAttr.lpSecurityDescriptor = NULL;
HANDLE hRead, hWrite;
if (!CreatePipe(&hRead, &hWrite, &saAttr, 0)) {
throw std::runtime_error("CreatePipe failed!");
}
我想创建一个进程,并有一个管道用于从其 和 读取。NtCreateUserProcess()StandardOutputStandardError
我尝试了两种方法:
首先,我更改了 和 :StandardErrorStandardOutputProcessParameters
ProcessParameters->StandardError = hWrite;
ProcessParameters->StandardOutput = hWrite;
然后我创建了这个过程:NtCreateUserProcess()
Status = NtCreateUserProcess(&hProcess, &hThread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS, NULL, NULL, NULL, NULL, ProcessParameters, &CreateInfo, AttributeList);
这段代码是我从管道中读取的方式:
CloseHandle(hWrite);
char buffer[4096];
DWORD bytesRead;
while (ReadFile(hRead, buffer, sizeof(buffer), &bytesRead, NULL) && bytesRead != 0) {
output.append(buffer, bytesRead);
}
CloseHandle(hRead);
不幸的是,我无法从管道中读取,输出是空的!
在第二种方式中,我创建了一个处于挂起模式的进程,然后通过更改进程进行更改:StandardErrorStandardOutputPEB
Status = NtQueryInformationProcess(hProcess,
ProcessBasicInformation,
&ProcessBasicInfo,
sizeof(ProcessBasicInfo),
NULL);
PPEB OurPeb = NtCurrentPeb();
PPEB RemotePeb;
RemotePeb = ProcessBasicInfo.PebBaseAddress;
PRTL_USER_PROCESS_PARAMETERS RemoteParameters;
Status = NtReadVirtualMemory(hProcess,
&RemotePeb->ProcessParameters,
&RemoteParameters,
sizeof(PVOID),
NULL);
SIZE_T Dummy = 0 ;
NtWriteVirtualMemory(hProcess,
&RemoteParameters->StandardOutput,
&hWrite,
sizeof(HANDLE),
&Dummy);
NtWriteVirtualMemory(hProcess,
&RemoteParameters->StandardError,
&hWrite,
sizeof(HANDLE),
&Dummy);
在此之后,我检查了它并在 中进行了更改,但仍然不起作用。StandardErrorStandardOutputPEB
答: 暂无答案
评论