发新话题
打印

[分享] 比较少见到的 一段创建 DriverObject 的代码.

比较少见到的 一段创建 DriverObject 的代码.

复制内容到剪贴板
代码:
extern POBJECT_TYPE * IoDriverObjectType
......
NTSTATUS
XxxCreateDriverObject(
                PUNICODE_STRING DriverName,
                PVOID * pObjectBody,
                PVOID DriverStart,
                ULONG DriverSize,
                PVOID DrvEntry)//DriverEntry函数地址.
{
  OBJECT_ATTRIBUTES Attributes;
  NTSTATUS ntstatus;  
  PDRIVER_OBJECT DrvObject;
  ULONG ObjBodySize = 0x1BC;
  ULONG DrvSectionSize = 0x100;
/*
  NTSTATUS ObCreateObject (
          KPROCESSOR_MODE bMode,
          POBJECT_TYPE Type,
          POBJECT_ATTRIBUTES Attributes,
          BOOLEAN bObjectMode,
          DWORD Reserved,
          DWORD BodySize,
          DWORD PagedPoolQuota OPTIONAL,
          DWORD NonPagedPoolQuota OPTIONAL,
          PVOID* pObjectBody );
  */
  InitializeObjectAttributes(&Attributes,DriverName,OBJ_PERMANENT,NULL,NULL);
  ntstatus = ObCreateObject(ExGetPreviousMode(), IoDriverObjectType, &Attributes, 0, 0, ObjBodySize, 0, 0, pObjectBody);
       
  if(!NT_SUCCESS(ntstatus))
  {
          * pObjectBody = NULL;
          return ntstatus;
  }

  DrvObject = * pObjectBody;
  memset(DrvObject,0,ObjBodySize);

  DrvObject->Type = 4;
  DrvObject->Size = sizeof(DRIVER_OBJECT);
  DrvObject->DriverInit = DrvEntry;
  DrvObject->DriverStart = DriverStart;
  DrvObject->DriverSize = DriverSize;

  PCHAR pExt = DrvObject;
  pExt += sizeof(DRIVER_OBJECT);
  DrvObject->DriverExtension = pExt;
  DrvObject->DriverExtension->DriverObject = DrvObject;

  DrvObject->DriverSection = ExAllocatePoolWithTag(0,DrvSectionSize,'abcd');

  if(NULL == DrvObject->DriverSection)
  {  
        ntstatus = STATUS_INSUFFICIENT_RESOURCES;
        if(DrvObject->DriverName.Buffer) ExFreePoolWithTag(DrvObject->DriverName.Buffer,'abcd');
        if(DrvObject->DriverSection)  ExFreePoolWithTag(DrvObject->DriverSection,'abcd');  
        * pObjectBody = NULL;
        return ntstatus;
  }
  
  memset(DrvObject->DriverSection,0,DrvSectionSize);
  DrvObject->DriverName.Buffer = ExAllocatePoolWithTag(PagedPool,DriverName->MaximumLength,'abcd');
  if(NULL == DrvObject->DriverName.Buffer)
  {  
          ntstatus = STATUS_INSUFFICIENT_RESOURCES;
          if(DrvObject->DriverName.Buffer) ExFreePoolWithTag(DrvObject->DriverName.Buffer,'abcd');
          if(DrvObject->DriverSection)  ExFreePoolWithTag(DrvObject->DriverSection,'abcd');  
          * pObjectBody = NULL;
          return ntstatus;
  }

  DrvObject->DriverName.Length = DriverName.Length;
  DrvObject->DriverName.MaximumLength = DriverName.MaximumLength;
  memcpy(DrvObject->DriverName.Buffer,DriverName.Buffer,DriverName.MaximumLength);
  return ntstatus;
}
chinacrackinggroup@qq.com
update ccg_members set groupid = 28 where groupid = 8

TOP

顶一个.
我新手,确实没见过.

TOP

发新话题
版块跳转 ...