https://stackoverflow.com/questions/15900845
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianZwDebugActiveProcess isn't an export from ntoskrnl - you can verify that using dumpbin. The Win32 DebugActiveProcess is a call over OpenProcess, with the debug flags set. A better approach would be to just keep on with ZwOpenProcess, and check if the flags are PROCESS_ALL_ACCESS - which are required for DebugActiveProcess() to work.
ZwDebugActiveProcess Hooking
Question
I am trying to create antivirus software shield for windows 7 32 bit .For that I need to hook ZwDebugActiveProcess.When i try to specify the ZwDebugActiveProcess in my driver i got an error "undeclared identifier" while compile in WDK. I have use same procedure to hook ZwOpenProcess .Its successfully hooked.Any mistake in specify the name of that api.How to solve this?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
