資源簡介
以前韓國np反外掛代碼以前韓國np反外掛代碼以前韓國np反外掛代碼
代碼片段和文件信息
#include
#include“wmimmc.h“
#include“Process.h“
#include“hook.h“
/*
文件:wmimmc.c
作者:墮落天才
時間:2007.4.28
*/
///////////////////////////////////////////////////////////
/*
函數:DriverEntry
說明:驅動入口
作者:墮落天才
時間:2007.4.28
*/
NTSTATUS?DriverEntry(IN?PDRIVER_object?DriverobjectIN?PUNICODE_STRING?RegistryPath)
{
NTSTATUS?????????status;
UNICODE_STRING???SymboliclinkName;
UNICODE_STRING???DeviceName;
PDEVICE_object???pDeviceobject;
PEPROCESS?CurrentProc;
RtlInitUnicodeString(&DeviceNameNT_DEVICE_NAME);
RtlInitUnicodeString(&SymboliclinkNameDOS_DEVICE_NAME);
status?=?IoCreateDevice(Driverobject
????????????????????0x444//sizeof(DEVICE_EXTENSION)??
&DeviceName
0x8402
0x100
FALSE
&pDeviceobject);
if(NT_SUCCESS(status)){
status?=?IoCreateSymboliclink(&SymboliclinkName&DeviceName);
Driverobject->MajorFunction[IRP_MJ_SHUTDOWN]???????=
Driverobject->MajorFunction[IRP_MJ_CREATE]?????????=
????????Driverobject->MajorFunction[IRP_MJ_CLOSE]??????????=
Driverobject->MajorFunction[IRP_MJ_DEVICE_CONTROL]?=?OnDispatch;
Driverobject->DriverUnload?????????????????????????=?onunload;
}
if(!NT_SUCCESS(status)){
if(pDeviceobject!=NULL){
IoDeleteDevice(pDeviceobject);
}
IoDeleteSymboliclink(&SymboliclinkName);
return?status;
}
pIopm?=?MmAllocateNonCachedMemory(IOPM_SIZE);
if(pIopm!=NULL){
//未知代碼
}
//未知代碼
return?0x9A;
}
//////////////////////////////////////////////////////////////
/*
函數:DispatchIoControl
說明:
作者:墮落天才
時間:2007.4.28
*/
NTSTATUS?DispatchIoControl(ULONG?unknown
???BOOLEAN?IsMyRequest
???PVOID?inputBuffer
???ULONG?inputBufferLength
???PVOID?outputBuffer
???ULONG?outputBufferLength
???ULONG?IoControlCode
???PIO_STATUS_BLOCK?pIrpStatus
???PDEVICE_object?Deviceobject)
{
????pIrpStatus->Status??????=?STATUS_SUCCESS;
pIrpStatus->Information?=?0;
ExAcquireFastMutex(&ControlMutex);
//未知代碼
return?STATUS_SUCCESS;
}
///////////////////////////////////////////////////////////////////////
/*
函數:OnDispatch
說明:
作者:墮落天才
時間:2007.4.28
*/
NTSTATUS?OnDispatch(IN?PDEVICE_object?DeviceobjectIN?PIRP?pIrp)
{
ULONG???????????????outputBufferLength;
ULONG???????????????IoControlCode;
PIO_STACK_LOCATION??IrpStack;
PVOID???????????????outputBuffer;
PVOID???????????????inputBuffer;
ULONG???????????????inputBufferLength;
ULONG???????????????unknown;
IrpStack???????????=?IoGetCurrentIrpStackLocation(pIrp);
inputBuffer????????=?pIrp->AssociatedIrp.SystemBuffer;
outputBuffer???????=?pIrp->AssociatedIrp.SystemBuffer;
inputBufferLength??=?IrpStack->Parameters.DeviceIoControl.InputBufferLength;
outputBufferLength?=?IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
IoControlCode??????=?IrpStack->Parameters.DeviceIoControl.IoControlCode;
pIrp->IoStatus.Status??????=?STATUS_SUCCESS;
pIrp->IoStatus.Information?= ?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????文件??????20163??2007-04-27?09:23??NP?Source\dump_wmimmc\ddkbuild.bat
?????文件???????2161??2007-04-30?18:43??NP?Source\dump_wmimmc\hook.h
?????文件????????247??2007-04-27?09:23??NP?Source\dump_wmimmc\makefile
?????文件????????959??2007-04-30?14:02??NP?Source\dump_wmimmc\myFunction.h
?????文件??????10916??2007-04-30?14:02??NP?Source\dump_wmimmc\myNativeAPIs.h
?????文件???????5823??2007-04-30?18:16??NP?Source\dump_wmimmc\myNtoskrnlAPIs.h
?????文件???????2565??2007-04-30?18:43??NP?Source\dump_wmimmc\myWin32kAPIs.h
?????文件???????5728??2007-04-30?18:16??NP?Source\dump_wmimmc\Process.h
?????文件?????????91??2007-04-27?09:23??NP?Source\dump_wmimmc\sources
?????文件???????6385??2007-04-30?18:44??NP?Source\dump_wmimmc\wmimmc.c
?????文件???????2688??2007-04-30?18:45??NP?Source\dump_wmimmc\wmimmc.dsp
?????文件????????428??2007-04-27?09:23??NP?Source\dump_wmimmc\wmimmc.dsw
?????文件???????1889??2007-04-30?15:18??NP?Source\dump_wmimmc\wmimmc.h
?????文件?????155648??2007-04-25?09:07??NP?Source\dump_wmimmc\原驅動文件\dump_wmmimc.sys
?????目錄??????????0??2007-05-10?17:09??NP?Source\dump_wmimmc\原驅動文件
?????目錄??????????0??2007-05-12?02:28??NP?Source\dump_wmimmc
?????目錄??????????0??2007-05-09?21:54??NP?Source
-----------?---------??----------?-----??----
???????????????215691????????????????????17
- 上一篇:810米隧道火災FDS模型文件
- 下一篇:牛B硬件信息修改大師(綠色版)
評論
共有 條評論
川公網安備 51152502000135號