typedef NTSTATUS(*fnZwSetInformationThread)(HANDLE ThreadHandle, THREADINFOCLASS ThreadInformationClass, PVOID ThreadInformation, ULONG ThreadInformationLength);
fnZwSetInformationThread ZwSetInformationThread;
ZwSetInformationThread = (fnZwSetInformationThread)GetProcAddress(GetModuleHandleA("ntdll.dll"), "ZwSetInformationThread");
if (ZwSetInformationThread)
{
int r = ZwSetInformationThread(GetCurrentThread(), ThreadHideFromDebugger, NULL, 0);
if (r != 0)
{
OutputDebugStringA("No debug safety");
}
}
防止调试事件被发往调试器
最新推荐文章于 2024-02-06 17:54:12 发布