Programmer puzzle solving

    最新消息:Welcome to the puzzle paradise for programmers! Here, a well-designed puzzle awaits you. From code logic puzzles to algorithmic challenges, each level is closely centered on the programmer's expertise and skills. Whether you're a novice programmer or an experienced tech guru, you'll find your own challenges on this site. In the process of solving puzzles, you can not only exercise your thinking skills, but also deepen your understanding and application of programming knowledge. Come to start this puzzle journey full of wisdom and challenges, with many programmers to compete with each other and show your programming wisdom! Translated with DeepL.com (free version)
    你的位置: HOME>matter>windows - Unable to set instrumentation callback on other processes - Stack Overflow

    windows - Unable to set instrumentation callback on other processes - Stack Overflow

    matteradmin8PV0评论

    Im trying to set a instrumentation callback on another process but it gives me 0xc000000d (STATUS_INVALID_PARAMETER) but if I set it on the current process then it succeeds.

    Does anyone know what I am doing wrong.

    #define ProcessInstrumentationCallback 0x28

typedef struct _ProcessInstrumentationCallback
{
    ULONG version;
    ULONG reserved;
    PVOID callback;
};

extern "C"
{
    NTSTATUS NtSetInformationProcess(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength);
}

const auto process_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_id);
if (!is_handle_valid(process_handle))
{
    printf("Unable to open handle: 0x%x\n", process_handle);
    return 0;
}
printf("Handle: 0x%x\n", process_handle);

_ProcessInstrumentationCallback info;
info.callback = nullptr;
info.reserved = 0;
info.version = 0;

NTSTATUS status = NtSetInformationProcess(process_handle, (PROCESSINFOCLASS)ProcessInstrumentationCallback, &info, sizeof(info));
printf("0x%x\n", status);

    Im trying to set a instrumentation callback on another process but it gives me 0xc000000d (STATUS_INVALID_PARAMETER) but if I set it on the current process then it succeeds.

    Does anyone know what I am doing wrong.

    #define ProcessInstrumentationCallback 0x28

typedef struct _ProcessInstrumentationCallback
{
    ULONG version;
    ULONG reserved;
    PVOID callback;
};

extern "C"
{
    NTSTATUS NtSetInformationProcess(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength);
}

const auto process_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_id);
if (!is_handle_valid(process_handle))
{
    printf("Unable to open handle: 0x%x\n", process_handle);
    return 0;
}
printf("Handle: 0x%x\n", process_handle);

_ProcessInstrumentationCallback info;
info.callback = nullptr;
info.reserved = 0;
info.version = 0;

NTSTATUS status = NtSetInformationProcess(process_handle, (PROCESSINFOCLASS)ProcessInstrumentationCallback, &info, sizeof(info));
printf("0x%x\n", status);
    • windows
    • kernel
    • 64-bit
    • ntdll
    Share Improve this question asked Nov 18, 2024 at 20:46 user24684540user24684540 335 bronze badges
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    I fixed it by allocating a buffer in the target process and writing the structure to the buffer then changing the ProcessInformation argument to a pointer to the buffer and changing ProcessInformationLength to the size of the buffer

    Articles related to this article

    Post a comment

    comment list (0)

    1. No comments so far