PsSetCreateProcessNotifyRoutineEx 返回 STATUS_ACCESS_DENIED(0xC0000022L,即-1073741790)
需要设置pe文件的 DllCharacteristics 字段为IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
PE结构如下:
微软文档:https://technet.microsoft.com/zh-tw/sysinternals/ff559953(v=vs.110)
VS解决方案:
The documentation for PsSetCreateProcessNotifyRoutineEx states that the module containing the callback must have the IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY flag set in the PE header. Not having that flag will cause the API to return STATUS_ACCESS_DENIED.
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY:
Code integrity checks are forced. If you set this flag and a section contains only uninitialized data, set the PointerToRawData member of IMAGE_SECTION_HEADER for that section to zero; otherwise, the image will fail to load because the digital signature cannot be verified.
Use the linker's /INTEGRITYCHECK switch to enable.
