求助大佬,求问关于ntdll.dll里的函数是什么作用的?
ntdll.dll里的函数是什么作用的?有什么特殊含义?
呼如林浏览 703回答 2
2回答
-
沧海一幻觉
1.先将NTDLL.DLL读入 LoadLibrary(TEXT(\"NTDLL.dll\"))2.利用GetProcAddress 获取其函数入口地址3.利用得到的函数指针调用但是可以大致的分为几类吧1 PropertyLengthAsVariant 它被排在了第一号,但是我就是不明白它是做什么的2 Csr(configuration status register? Command and Status Register?)系列CsrAllocateCaptureBuffer CsrAllocateMessagePointer CsrCaptureMessageBuffer CsrCaptureMessageMultiUnicodeStringsInPlace CsrCaptureMessageString CsrCaptureTimeout CsrClientCallServer CsrClientConnectToServer CsrFreeCaptureBuffer CsrGetProcessId CsrIdentifyAlertableThread CsrNewThread CsrProbeForRead CsrProbeForWrite CsrSetPriorityClass3 Dbg系列 调试函数DbgBreakPoint DbgPrint DbgPrintEx DbgPrintReturnControlC DbgPrompt DbgQueryDebugFilterState DbgSetDebugFilterState DbgUiConnectToDbg DbgUiContinue DbgUiConvertStateChangeStructure DbgUiDebugActiveProcess DbgUiGetThreadDebugObject DbgUiIssueRemoteBreakin DbgUiRemoteBreakin DbgUiSetThreadDebugObject DbgUiStopDebugging DbgUiWaitStateChange DbgUserBreakPoint4 ki系列KiRaiseUserExceptionDispatcherKiUserApcDispatcherKiUserCallbackDispatcherKiUserExceptionDispatcher5 Ldr系列 Loader APIs,共34个APINTDLL APIsLoadResourceLdrAccessResourceLdr*****nateResourcesEnabledDisableThreadLibraryCallsLdrDisableThreadCalloutsForDllLdrEnumResourcesLdrFindAppCompatVariableInfoLdrFindEntryForAddressEnumResourceTypesWLdrFindResourceDirectory_UFindResourceExALdrFindResource_ULdrFlush*****nateResourceModulesLdrGet*****nateResourceModuleHandleGetModuleHandleForUnicodeStringLdrGetDllHandleGetProcAddressLdrGetProcedureAddressLdrInitializeThunkLoadLibraryEx (LOAD_LIBRARY_AS_DATAFILE)LdrLoad*****nateResourceModuleLoadLibraryLdrLoadDllLdrProcessRelocationBlockLdrQueryApplicationCompatibilityGooLdrQueryImageFileExecutionOptionsLdrQueryProcessModuleInformationLdrRelocateImageExitProcessLdrShutdownProcessExitThreadLdrShutdownThreadLdrUnload*****nateResourceModuleFreeLibraryLdrUnloadDllLdrVerifyImageMatchesChecksumLdrVerifyMappedImageMatchesChecksum6 Nls(National Language Support)系列 代码页管理NlsAnsiCodePageNlsMbCodePageTagNlsMbOemCodePageTag
随时随地看视频慕课网APP
Java
Git