是否有 call_usermodehelper 的 Windows 替代品? 目的是从 NT Native 应用程序运行批处理文件。尝试使用 NtCreateUserProcess。但一启动就崩溃。
此代码对我有用:
UNICODE_STRING ImagePathName = { 0 };
UNICODE_STRING CommandLine = { 0 };
UNICODE_STRING NtImagePathName = { 0 };
RtlInitUnicodeString(&ImagePathName, L"C:\\Windows\\System32\\cmd.exe");
RtlInitUnicodeString(&CommandLine, L"\"C:\\Windows\\System32\\cmd.exe\" /k echo Hello world!");
RtlInitUnicodeString(&NtImagePathName, L"\\??\\C:\\Windows\\System32\\cmd.exe");
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = NULL;
NTSTATUS Status = RtlCreateProcessParametersEx(&ProcessParameters, &ImagePathName, NULL, NULL, &CommandLine, NULL, NULL, NULL, NULL, NULL, RTL_USER_PROCESS_PARAMETERS_NORMALIZED);
if (Status == STATUS_SUCCESS)
{
PS_CREATE_INFO CreateInfo = { sizeof(CreateInfo) };
CreateInfo.State = PsCreateInitialState;
PS_ATTRIBUTE_LIST AttributeList = { sizeof(AttributeList) };
AttributeList.Attributes[0].Attribute = PS_ATTRIBUTE_IMAGE_NAME;
AttributeList.Attributes[0].Size = NtImagePathName.Length;
AttributeList.Attributes[0].ValuePtr = NtImagePathName.Buffer;
HANDLE ProcessHandle = NULL;
HANDLE ThreadHandle = NULL;
Status = NtCreateUserProcess(&ProcessHandle, &ThreadHandle, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS, NULL, NULL, 0, 0, ProcessParameters, &CreateInfo, &AttributeList);
if (Status == STATUS_SUCCESS)
{
NtClose(ThreadHandle);
ThreadHandle = NULL;
NtClose(ProcessHandle);
ProcessHandle = NULL;
}
RtlDestroyProcessParameters(ProcessParameters);
ProcessParameters = NULL;
}