NtCreateThreadEx 64位下 返回值NULL

NtCreateThreadEx是个未公开API,前几天调试它的时候有个特别奇怪的现象,Win7 sp1 64位下测试成功,但是到了Win10下一直失败GetLastError返回值为0!google 20多页一点线索都没有,后来发现win10下64位和wow64的原型要分开写,DWORD和DWORD64.

/* NtCreateThreadEx32 */
		typedef DWORD(NTAPI *fNtCreateThreadEx32)
			(
			PHANDLE                 ThreadHandle,
			ACCESS_MASK             DesiredAccess,
			LPVOID                  ObjectAttributes,
			HANDLE                  ProcessHandle,
			LPTHREAD_START_ROUTINE  lpStartAddress,
			LPVOID                  lpParameter,
			BOOL                    CreateSuspended,
			DWORD                   dwStackSize,
			DWORD                   Unknown1,
			DWORD                   Unknown2,
			LPVOID                  Unknown3
			);
		/* NtCreateThreadEx64 */
		typedef DWORD64(NTAPI *fNtCreateThreadEx64)
			(
				PHANDLE                 ThreadHandle,
				ACCESS_MASK             DesiredAccess,
				LPVOID                  ObjectAttributes,
				HANDLE                  ProcessHandle,
				LPTHREAD_START_ROUTINE  lpStartAddress,
				LPVOID                  lpParameter,
				BOOL                    CreateSuspended,
				DWORD64					dwStackSize,
				DWORD64					Unknown1,
				DWORD64					Unknown2,
				LPVOID                  Unknown3
				);

发表评论