資源簡介
64位環境下已簽名驅動中實現加載未簽名驅動,程序是源代碼,可修改編譯
代碼片段和文件信息
#include?“precomp.h“
#include?“main.h“
#include?“MemLoadDriver.h“
//卸載例程
VOID?DriverUnload(PDRIVER_object?pDriverobject)
{
KdPrint((“-->%s?%d\n“?__FUNCTION__?__LINE__));
KdPrint((“<--%s?%d\n“?__FUNCTION__?__LINE__));
}
//入口點函數
NTSTATUS?DriverEntry(PDRIVER_object?pDriverobject?PUNICODE_STRING?pRegistryPath)
{
UNICODE_STRING?ustr?=?{?0?};
KdPrint((“-->%s?%d\n“?__FUNCTION__?__LINE__));
//設置卸載函數
pDriverobject->DriverUnload?=?DriverUnload;
//獲取函數地址RtlImageDirectoryEntryToData
RtlInitUnicodeString(&ustr?L“RtlImageDirectoryEntryToData“);
fun_RtlImageDirectoryEntryToData?=?(Fun_RtlImageDirectoryEntryToData)MmGetSystemRoutineAddress(&ustr);
if?(fun_RtlImageDirectoryEntryToData?==?NULL)
{
KdPrint((“%s?%d:?MmGetSystemRoutineAddress?RtlImageDirectoryEntryToData?failed\n“?__FUNCTION__?__LINE__));
goto?End;
}
//獲取函數地址IoCreateDriver
RtlInitUnicodeString(&ustr?L“IoCreateDriver“);
fun_IoCreateDriver?=?(Fun_IoCreateDriver)MmGetSystemRoutineAddress(&ustr);
if?(fun_IoCreateDriver?==?NULL)
{
KdPrint((“%s?%d:?MmGetSystemRoutineAddress?IoCreateDriver?failed\n“?__FUNCTION__?__LINE__));
goto?End;
}
//獲取函數地址RtlQueryModuleInformation
RtlInitUnicodeString(&ustr?L“RtlQueryModuleInformation“);
fun_RtlQueryModuleInformation?=?(Fun_RtlQueryModuleInformation)MmGetSystemRoutineAddress(&ustr);
if?(fun_RtlQueryModuleInformation?==?NULL)
{
KdPrint((“%s?%d:?MmGetSystemRoutineAddress?RtlQueryModuleInformation?failed\n“?__FUNCTION__?__LINE__));
goto?End;
}
//內存加載驅動模塊,文件路徑為DRIVER_TO_MEMLOAD,驅動名為DRIVER_NAME
if?(!MemLoadDriverByFilePath(DRIVER_TO_MEMLOAD?DRIVER_NAME))
{
KdPrint((“%s?%d:?MemLoadDriverByFilePath?failed\n“?__FUNCTION__?__LINE__));
}
else
{
KdPrint((“MemLoadDriverByFilePath?Success!\n“));
}
End:
KdPrint((“<--%s?%d\n“?__FUNCTION__?__LINE__));
return?STATUS_SUCCESS;
} - 上一篇:音樂簡譜識別與演奏系統
- 下一篇:數據結構程序設計通訊錄課程設計
評論
共有 條評論
川公網安備 51152502000135號