Windows 10 对SHIm的限

Windows 10 对SHIm的限制名称必须在下列列表中

经过IDA 分析 ，对使用自定义模块的SDB，在Win10不能注入进程，经过分析发现SdbIsKnownShimDll种会判断文件名

                         ;NtApphelpCacheControl(x,x)

.text:78C810DC off_78C810DC    dd offset aAcgenral_dll ; DATA XREF:SdbIsKnownShimDll(x):loc_78CB08C5r

.text:78C810DC                                         ;"AcGenral.dll"

.text:78C810E0                 dd offset aAclayers_dll ;"AcLayers.dll"

.text:78C810E4                 dd offset aAcres_dll    ; "AcRes.dll"

.text:78C810E8                 dd offset aAcspecfc_dll ;"AcSpecfc.dll"

.text:78C810EC                 dd offset aAcwinrt_dll  ; "AcWinRT.dll"

.text:78C810F0                 dd offset aAcwow64_dll  ; "acwow64.dll"

.text:78C810F4                 dd offset aAcxtrnal_dll ;"AcXtrnal.dll"

.text:78C810F8                 dd offset aKeyboardfilter ;"KeyboardFilterShim.dll"

.text:78C810FC                 dd offset aMastershim_dll ;"MasterShim.dll"

.text:78C81100                 dd offset aDepdetct     ; "depdetct"

.text:78C81104                 dd offset aUacdetct     ; "uacdetct"

.text:78C81108                 dd offset aLuadgmgt_dll ;"luadgmgt.dll"

.text:78C8110C                 dd offset aLuapriv_dll  ; "luapriv.dll"

.text:78C81110                 dd offset aEmet_dll     ; "EMET.dll"

.text:78C81114                 dd offset aEmet64_dll   ; "EMET64.dll"