关于DbgUiDebugActiveProcess这个API »

« 电视剧妇产科(张瑞希)插曲

这些个微软未文档化的API，找点相关资料还真费劲，留着备查！网上有个专门讲这些，有兴趣可以down下来看看……

ZwDuplicateObject
ZwDuplicateObject duplicates the handle to an object.

NTSYSAPI
NTSTATUS
NTAPI
ZwDuplicateObject(
 IN HANDLE SourceProcessHandle,
 IN HANDLE SourceHandle,
 IN HANDLE TargetProcessHandle,
 OUT PHANDLE TargetHandle OPTIONAL,
 IN ACCESS_MASK DesiredAccess,
 IN ULONG Attributes,
 IN ULONG Options
 );

Parameters

SourceProcessHandle
Identifies the process containing the handle to duplicate.The handle must grant PROCESS_DUP_HANDLE access.

SourceHandle
Identifies the handle to duplicate.The handle need not grant any specific access.

TargetProcessHandle
Identifies the process that is to receive the duplicated handle.The handle must grant PROCESS_DUP_HANDLE access.

TargetHandle
Points to a caller-allocated buffer or variable that receives the value of the duplicate handle. If TargetHandle is a null pointer, the handle is duplicated, but its value is not returned to the caller.

DesiredAccess
Specifies the access requested for the new handle.This parameter is ignored if the Options parameter specifies the DUPLICATE_SAME_ACCESS flag.

Attributes
Specifies the set of attributes for the new handle.The valid values include HANDLE_FLAG_INHERIT and HANDLE_FLAG_PROTECT_FROM_CLOSE.This parameter is
ignored if the Options parameter specifies the DUPLICATE_SAME_ATTRIBUTES flag.

Options
Specifies optional actions.This parameter can be zero, or any combination of the following flags:

 DUPLICATE_CLOSE_SOURCE     Closes the source handle. This occurs
 DUPLICATE_SAME_ACCESS      Ignores the DesiredAccess parameter. The duplicate handle has the same access as the source handle. 
 DUPLICATE_SAME_ATTRIBUTES  Ignores the Attributes parameter. The duplicate handle has the same attributes as the source handle. 

Return Value
Returns STATUS_SUCCESS or an error status, such as STATUS_INVALID_HANDLE, STATUS_ACCESS_DENIED, or STATUS_PROCESS_IS_TERMINATING.

Related Win32 Functions
DuplicateHandle.

Remarks
The Win32 function DuplicateHandle exposes the full functionality of ZwDuplicateObject.