資源簡(jiǎn)介
網(wǎng)絡(luò)上大多數(shù)的 Windows內(nèi)核安全編程從入門(mén)到實(shí)踐 的資源下載都是不完整,起碼我下的都是不完整的,連第四章的進(jìn)程部分的代碼都沒(méi)有,后來(lái)我找了很久,想聯(lián)系作者,發(fā)現(xiàn)郵箱都注銷(xiāo)了。偶然間,我還是成功下載了一份相對(duì)來(lái)說(shuō)較為完整的資源,一開(kāi)始看它才不到2M,有些小,但確是挺完整的。包含了3、4、5、6、7、8章,還有第四章的勘誤。因?yàn)橘Y源難找,所以下載的分?jǐn)?shù)提高些^_^
代碼片段和文件信息
//
//Description:
// 本程序用于展示回調(diào)對(duì)象的簡(jiǎn)單使用方法。在XP?SP3平臺(tái)上測(cè)試通過(guò)。
// 使用vs2008+visualDDK+WDK7100編譯
//
//Writen?By:?寧妖?2011/4/17
//
//Last?Write?Time:?2011/4/18
//
#include?“stdafx.h“
PCALLBACK_object?pCallback?=?NULL;
void?CallbackUnload(IN?PDRIVER_object?Driverobject);
NTSTATUS?CallbackCreateClose(IN?PDEVICE_object?Deviceobject?IN?PIRP?Irp);
NTSTATUS?CallbackDefaultHandler(IN?PDEVICE_object?Deviceobject?IN?PIRP?Irp);
#ifdef?__cplusplus
extern?“C“?NTSTATUS?DriverEntry(IN?PDRIVER_object?Driverobject?IN?PUNICODE_STRING??RegistryPath);
#endif
NTSTATUS?DriverEntry(IN?PDRIVER_object?Driverobject?IN?PUNICODE_STRING??RegistryPath)
{
UNICODE_STRING?DeviceNameWin32Device;
PDEVICE_object?Deviceobject?=?NULL;
NTSTATUS?status;
unsigned?i;
UNICODE_STRING?DemoCallback;
object_ATTRIBUTES??oa;
RtlInitUnicodeString(&DeviceNameL“\\Device\\Callback0“);
RtlInitUnicodeString(&Win32DeviceL“\\DosDevices\\Callback0“);
for?(i?=?0;?i?<=?IRP_MJ_MAXIMUM_FUNCTION;?i++)
Driverobject->MajorFunction[i]?=?CallbackDefaultHandler;
Driverobject->MajorFunction[IRP_MJ_CREATE]?=?CallbackCreateClose;
Driverobject->MajorFunction[IRP_MJ_CLOSE]?=?CallbackCreateClose;
Driverobject->DriverUnload?=?CallbackUnload;
status?=?IoCreateDevice(Driverobject
0
&DeviceName
FILE_DEVICE_UNKNOWN
0
FALSE
&Deviceobject);
if?(!NT_SUCCESS(status))
return?status;
if?(!Deviceobject)
return?STATUS_UNEXPECTED_IO_ERROR;
Deviceobject->Flags?|=?DO_DIRECT_IO;
status?=?IoCreateSymboliclink(&Win32Device?&DeviceName);
Deviceobject->Flags?&=?~DO_DEVICE_INITIALIZING;
//
//創(chuàng)建一個(gè)回調(diào)對(duì)象
// 注意回調(diào)對(duì)象都是放在\Callback目錄中
//
RtlInitUnicodeString(&DemoCallbackL“\\Callback\\DemoCallback“);
//注意一定要指定OBJ_PERMANENT,否則ExCreateCallback無(wú)法成功創(chuàng)建一個(gè)帶有名字的回調(diào)函數(shù)
InitializeobjectAttributes(&oa&DemoCallbackOBJ_CASE_INSENSITIVE|OBJ_PERMANENT?NULLNULL);
status?=?ExCreateCallback(&pCallback&oaTRUETRUE);
if?(!NT_SUCCESS(status))
KdPrint((“Callback?ExCreateCallback?Failure!status:?0x%08x\n“status));
KdPrint((“Callback?——pCallback:?0x%08x\n“pCallback));
return?STATUS_SUCCESS;
}
void?CallbackUnload(IN?PDRIVER_object?Driverobject)
{
UNICODE_STRING?Win32Device;
RtlInitUnicodeString(&Win32DeviceL“\\DosDevices\\Callback0“);
IoDeleteSymboliclink(&Win32Device);
IoDeleteDevice(Driverobject->Deviceobject);
//創(chuàng)建的回調(diào)對(duì)象需要調(diào)用ObDereferenceobject減少一次引用次數(shù)(引用次數(shù)為0則刪除)。
if?(pCallback)
ObDereferenceobject(pCallback);
}
//
//當(dāng)有程序打開(kāi)或者關(guān)閉本驅(qū)動(dòng)的時(shí)候,將通知所有向回調(diào)對(duì)象注冊(cè)的函數(shù)。
//
NTSTATUS?CallbackCreateClose(IN?PDEVICE_object?Deviceobject?IN?PIRP?Irp)
{
PIO_STACK_LOCATION?pSP?=?IoGetCurrentIrpStackLocation(Irp);
char*?pImageName?=?NULL;
if?(pCallback)
{
//獲取進(jìn)程名使用硬編碼:0x174
pImageName?=?(char*)((ULONG)PsGetCurrentProcess()+0x174);
//
//通知注冊(cè)函數(shù)
//arg1:主功能碼(IRP_MJ_READ或者IRP_MJ_WRITE)
//arg2:當(dāng)前進(jìn)程的進(jìn)程名
//
ExNotifyCallback(pCallback(PVOID)pSP->MajorFunction ?屬性????????????大小?????日期????時(shí)間???名稱(chēng)
-----------?---------??----------?-----??----
?????文件???????3587??2012-08-29?11:50??Projects\chapter?3\Callback\Callback\Callback.cpp
?????文件???????1817??2012-08-29?11:50??Projects\chapter?3\Callback\Callback\Callback.sln
?????文件???????3669??2012-08-29?11:50??Projects\chapter?3\Callback\Callback\Callback.vcproj
?????文件???????1411??2012-08-29?11:50??Projects\chapter?3\Callback\Callback\Callback.vcproj.寧妖-PC.寧妖.user
?????文件????????389??2012-08-29?11:50??Projects\chapter?3\Callback\Callback\Callback.Win32.vddklaunch
?????文件?????????79??2012-08-29?11:50??Projects\chapter?3\Callback\Callback\sources
?????文件?????????70??2012-08-29?11:50??Projects\chapter?3\Callback\Callback\stdafx.cpp
?????文件????????424??2012-08-29?11:50??Projects\chapter?3\Callback\Callback\stdafx.h
?????文件???????1055??2012-08-29?11:50??Projects\chapter?3\Callback\Callback\VisualDDKHelpers.h
?????文件???????1813??2012-08-29?11:50??Projects\chapter?3\Callback\CallbackUser\CallbackUser.sln
?????文件???????3926??2012-08-29?11:50??Projects\chapter?3\Callback\CallbackUser\CallbackUser.vcproj
?????文件???????1411??2012-08-29?11:50??Projects\chapter?3\Callback\CallbackUser\CallbackUser.vcproj.寧妖-PC.寧妖.user
?????文件????????402??2012-08-29?11:50??Projects\chapter?3\Callback\CallbackUser\main.cpp
?????文件???????2339??2012-08-29?11:50??Projects\chapter?3\Callback\Client\Client.cpp
?????文件????????877??2012-08-29?11:50??Projects\chapter?3\Callback\Client\Client.sln
?????文件???????3661??2012-08-29?11:50??Projects\chapter?3\Callback\Client\Client.vcproj
?????文件???????1411??2012-08-29?11:50??Projects\chapter?3\Callback\Client\Client.vcproj.寧妖-PC.寧妖.user
?????文件????????383??2012-08-29?11:50??Projects\chapter?3\Callback\Client\Client.Win32.vddklaunch
?????文件?????????75??2012-08-29?11:50??Projects\chapter?3\Callback\Client\sources
?????文件?????????70??2012-08-29?11:50??Projects\chapter?3\Callback\Client\stdafx.cpp
?????文件????????424??2012-08-29?11:50??Projects\chapter?3\Callback\Client\stdafx.h
?????文件???????1055??2012-08-29?11:50??Projects\chapter?3\Callback\Client\VisualDDKHelpers.h
?????文件???????8587??2012-08-29?11:50??Projects\chapter?3\Demo?3.2\Demo\Demo.c
?????文件???????1338??2012-08-29?11:50??Projects\chapter?3\Demo?3.2\Demo\Demo.sln
?????文件???????2787??2012-08-29?11:50??Projects\chapter?3\Demo?3.2\Demo\Demo.vcproj
?????文件???????1411??2012-08-29?11:50??Projects\chapter?3\Demo?3.2\Demo\Demo.vcproj.寧妖-PC.寧妖.user
?????文件????????377??2012-08-29?11:50??Projects\chapter?3\Demo?3.2\Demo\Demo.Win32.vddklaunch
?????文件????????244??2012-08-29?11:50??Projects\chapter?3\Demo?3.2\Demo\MAKEFILE
?????文件?????????73??2012-08-29?11:50??Projects\chapter?3\Demo?3.2\Demo\sources
?????文件???????3918??2012-08-29?11:50??Projects\chapter?3\Demo?3.2\DemoUser\DemoUser.vcproj
............此處省略343個(gè)文件信息
評(píng)論
共有 條評(píng)論
川公網(wǎng)安備 51152502000135號(hào)