进程的主线程是在创建后立即开始执行,还是在回调例程完成后开始执行?
最佳答案
这似乎没有记录,这意味着不能保证线程不会在回调例程返回之前开始执行。
但是,CreateProcessNotifyEx 的文档常规说:
For a new process, the CreateProcessNotifyEx routine is called after the initial thread is created, but before the thread begins running. The driver can cause the process-creation operation to fail by changing the CreateInfo->CreationStatus member to an NTSTATUS error code.
因此,如果您需要在初始线程开始运行之前完成通知例程,请使用 PsSetCreateProcessNotifyRoutineEx而不是 PsSetCreateProcessNotifyRoutine .
关于c - PsSetCreateProcessNotifyRoutine 回调,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22586006/