双进程, 父进程负责处理子进程的异常(除0异常, 访问异常, int3, 单步异常)

子进程:单步异常

.text:0040102C                 pushf
.text:0040102D                 or      dword ptr [esp], 100h
.text:00401034                 popf

id=0x12
.text:00401814                 pushf
.text:00401815                 or      dword ptr [esp], 100h
.text:0040181C                 popf

id=0x10
.text:0040197B                 pushf
.text:0040197C                 or      dword ptr [esp], 100h
.text:00401983                 popf

.text:00401AF3                 push    ecx             ; lpNumberOfBytesWritten
.text:00401AF4                 push    24h             ; nSize
.text:00401AF6                 push    offset fns      ; lpBuffer
.text:00401AFB                 push    edx             ; lpBaseAddress
.text:00401AFC                 push    ebx             ; hProcess
.text:00401AFD                 call    ds:WriteProcessMemory
.text:00401B03                 mov     eax, [esi+0A0h]
.text:00401B09                 pop     ebp
.text:00401B0A                 mov     g_child_4050ED, eax
.text:00401B0F                 mov     ecx, [esi+9Ch]
.text:00401B15                 pop     edi
.text:00401B16                 pop     esi
.text:00401B17                 mov     g_child_40407A, ecx

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课