在运行时更改进程名称
问题描述:
对于 A.EXE PE 文件,如果程序以测试模式运行,我想将进程名称更改为A_TEST.exe".
如果程序以安全模式运行,我想更改为A_SAFE.exe"
For A.EXE PE file, if the program runs as test mode, I would like to change the process name to "A_TEST.exe".
And if the program runs as safe mode, I want to change to "A_SAFE.exe"
文件名必须相同(A.EXE).
The file name must be same(A.EXE).
有可能吗?
答
如果进程名称"是显示任务管理器的名称 - 您只能从 ring0 更改它.
If "process name" is a name which shows Task Manager - you can change it only from ring0.
从 ring3 您只能更改默认窗口标题.
From ring3 you can only change a default window title.
#include <intrin.h>
PEB* peb = (PEB*)__readfsdword(0x30);
wchar_t newTitle[] = L"NewTitle";
UNICODE_STRING newTitleUStr = {sizeof(newTitle), sizeof(newTitle), newTitle};
peb->ProcessParameters->WindowTitle = newTitleUStr;