NtGetThreadContext
NtSetThreadContext
需要处理一下
概念性代码:
NTSTATUS MyNtGetThreadContext(HANDLE hThread, PCONTEXT pContext)
{
PEPROCESS p = IoGetCurrentProcess();
NTSTATUS status ;
if ( strncmp((char*)p + 0x174, "DNF.exe",6) == 0)
{
if (MmIsAddressValid(pContext))
{
pContext->Dr0 = 0;
pContext->Dr1 = 0;
pContext->Dr2 = 0;
pContext->Dr3 = 0;
pContext->Dr7 = 0;
}
}else{
status = RealNtGetContextThread(hThread,pContext);
}
return status;
}
NTSTATUS MyNtSetThreadContext(HANDLE hThread, PCONTEXT pContext)
{
PEPROCESS p = IoGetCurrentProcess();
NTSTATUS status ;
if ( strncmp((char*)p + 0x174, "DNF.exe",6) == 0)
{
if (pContext->Dr7==0x101)
{
status = RealNtSetContextThread(hThread,pContext);
}
}else{
status = RealNtSetContextThread(hThread,pContext);
}
return status;
}