设置关键进程 Ruby FFI
Set critical process Ruby FFI
我是 Windows API 编程的新手,正在玩 Ruby FFI gem。
我对创建关键过程很好奇,这是我的代码。
问题是,我不断收到 Nope 消息,这意味着进程未设置为关键。不知道这里出了什么问题
提前致谢
require 'ffi'
module Win
extend FFI::Library
ffi_lib 'C:\Windows\System32\ntdll.dll'
ffi_convention :stdcall
attach_function :RtlSetProcessIsCritical, [:int, :int, :int], :void
end
module Kernel
extend FFI::Library
ffi_lib 'kernel32'
ffi_convention :stdcall
attach_function :GetCurrentProcess, [], :pointer
attach_function :IsProcessCritical, [:pointer, :pointer], :int
end
begin
ptr = FFI::MemoryPointer.new :bool, 1
Win.RtlSetProcessIsCritical(1, 0, 0)
cprcs = Kernel.GetCurrentProcess()
Win.IsProcessCritical(cprcs, ptr)
if ptr.get(:bool, 0) then
puts "Critical"
else
puts "Nope."
end
rescue => e
puts e
ensure
Win.RtlSetProcessIsCritical(0, 0, 0)
end
来自"Protecting" Your Process with RtlSetProcessIsCritical:
Note: The use of this function requires the SE_DEBUG_NAME privilege in the calling process. This can easily be obtained using AdjustTokenPrivileges
我是 Windows API 编程的新手,正在玩 Ruby FFI gem。 我对创建关键过程很好奇,这是我的代码。 问题是,我不断收到 Nope 消息,这意味着进程未设置为关键。不知道这里出了什么问题 提前致谢
require 'ffi'
module Win
extend FFI::Library
ffi_lib 'C:\Windows\System32\ntdll.dll'
ffi_convention :stdcall
attach_function :RtlSetProcessIsCritical, [:int, :int, :int], :void
end
module Kernel
extend FFI::Library
ffi_lib 'kernel32'
ffi_convention :stdcall
attach_function :GetCurrentProcess, [], :pointer
attach_function :IsProcessCritical, [:pointer, :pointer], :int
end
begin
ptr = FFI::MemoryPointer.new :bool, 1
Win.RtlSetProcessIsCritical(1, 0, 0)
cprcs = Kernel.GetCurrentProcess()
Win.IsProcessCritical(cprcs, ptr)
if ptr.get(:bool, 0) then
puts "Critical"
else
puts "Nope."
end
rescue => e
puts e
ensure
Win.RtlSetProcessIsCritical(0, 0, 0)
end
来自"Protecting" Your Process with RtlSetProcessIsCritical:
Note: The use of this function requires the
SE_DEBUG_NAMEprivilege in the calling process. This can easily be obtained using AdjustTokenPrivileges