PID & PEPROCESS & HANDLE 相互间转换
from \ to | PID | PEPROCESS | HANDLE |
---|---|---|---|
PID | PsLookupProcessByProcessId | ||
PEPROCESS | PsGetProcessId | ObOpenObjectByPointer | |
HANDLE | ObReferenceObjectByHandle |
from \ to | PID | PEPROCESS | HANDLE |
---|---|---|---|
PID | PsLookupProcessByProcessId | ||
PEPROCESS | PsGetProcessId | ObOpenObjectByPointer | |
HANDLE | ObReferenceObjectByHandle |