发表新帖
发表新帖

Create a process from a driver

后端 未结
关注
3 1324
被撕碎了的回忆
被撕碎了的回忆 2021-01-13 09:11

Is there a way to create a user-mode process from kernel-mode on Windows NT platform (XP-W7)?

EDIT: I must install only the driver. This is a specific of the project

3条回答
  • 感情败类
    感情败类 (楼主)
    2021-01-13 09:33

    To create a valid win32 process the driver must communicate with CSRSS (what is completely undocumented). So I ended up by queuing a user-mode APC and allocating virtual memory for the APC code in the context of the existing win32 process (that code will call CreateProcess and do the job).

    It is a tricky way but it works.

    0 讨论(0)
 看不清?
提交回复
热议问题