\n LOAD_DLL_DEBUG_EVENT(我一直无法获得这个 DLL 的名称,但这在 MSDN 中有记录)\n CREATE_THREAD_DEBUG_EVENT(我怀疑这是调试器注入的线程)\n LOAD_DLL_DEBUG_EVENT[\xe2\x80\xa6] \xe2\x80\x94 之后,许多 DLL 被加载到目标进程中,一切看起来都很好,进程按预期工作\n...
https://msdn.microsoft.com/en-us/library/dn195769.aspx -scott OSR @OSRDriversLeon_Ber December 21, 2017, 6:17pm 9 If NotifyType is PsCreateThreadNotifyNonSystem, the PsSetCreateThreadNotifyRoutineEx routine differs from PsSetCreateThreadNotifyRoutine in the context in which the callback is ex...