| 文章备注:atapi dispatch地址和SSDT列表的地址是通过Ring3动态获取然后写入驱动再重新校验,这里我加了自己的代码,改了下,Ring0下实现
#include
#include
ULONG * realssdt;
#define SEC_IMAGE 0x01000000
#pragma pack(1)
typedef struct ServiceDescriptorEntry {
unsigned int *ServiceTableBase;
unsigned int *ServiceCounterTableBase;
unsigned int NumberOfServices;
unsigned char *ParamTableBase;
} SDT, *PSDT;
extern PSDT KeServiceDescriptorTable;
#pragma pack()
extern POBJECT_TYPE* IoDriverObjectType;
#define DWORD unsigned long
PDEVICE_OBJECT dr0attach;
PDEVICE_OBJECT dr0dev;
ULONG devctrl,scsi,power,sysctrl,pnp;
ULONG retaddr;
NTSYSAPI
NTSTATUS
NTAPI
ZwAccessCheckAndAudITAlarm(
PUNICODE_STRING SubsystemName,
PVOID HandleId,
PUNICODE_STRING ObjectTypeName,
PUNICODE_STRING ObjectName,
PSECURITY_DESCRIPTOR SecurITyDescriptor,
ACCESS_MASK DesiredAccess,
&nbs [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] ... 下一页 >>
|
