|
|
|
|
|
|
|
[求助]请问如何在驱动里得到硬盘的数量?
谢谢,回得太及 时了 |
|
[求助]关于发送一个IRP怎样计算StackSize的问题,请指点一下啊!
楼上的大牛,能不能举个例子 |
|
[原创][公开源代码]集合了无数大牛们的代码,打造自己的山寨版IceSword(KsBinSword)
所有贴看完,不留言不厚道,学习了 |
|
[求助]驱动中的U盘读写问题
大虾们给点意见啊 |
|
[求助]DELPHI中怎么得到硬盘的温度?
发了哦,你查收一下 |
|
[求助]DELPHI中怎么得到硬盘的温度?
给e_mail,晕 |
|
[求助]关于DEVICEIOCONTROL死机的问题
VOID HookRegistry( void ) { if( !RegHooked ) { MUTEX_WAIT( FilterMutex ); if (FilterDef.ChooseexcludeOpertions ==0 ||(FilterDef.ChooseexcludeOpertions & 1)==1){ RealRegOpenKey = SYSCALL( ZwOpenKey );//保存地址,以便恢复 SYSCALL( ZwOpenKey ) = (PVOID) HookRegOpenKey; } if ( FilterDef.ChooseexcludeOpertions ==0 || (FilterDef.ChooseexcludeOpertions & 2)==2){ RealRegQueryKey = SYSCALL( ZwQueryKey ); SYSCALL( ZwQueryKey ) = (PVOID) HookRegQueryKey; } if ( FilterDef.ChooseexcludeOpertions ==0 || (FilterDef.ChooseexcludeOpertions & 4)==4){ RealRegQueryValueKey = SYSCALL( ZwQueryValueKey ); SYSCALL( ZwQueryValueKey ) = (PVOID) HookRegQueryValueKey; } if ( FilterDef.ChooseexcludeOpertions ==0 || (FilterDef.ChooseexcludeOpertions & 8)==8){ RealRegEnumerateValueKey = SYSCALL( ZwEnumerateValueKey ); SYSCALL( ZwEnumerateValueKey ) = (PVOID) HookRegEnumerateValueKey; } if ( FilterDef.ChooseexcludeOpertions ==0 || (FilterDef.ChooseexcludeOpertions & 16)==16){ RealRegEnumerateKey = SYSCALL( ZwEnumerateKey ); SYSCALL( ZwEnumerateKey ) = (PVOID) HookRegEnumerateKey; } if (FilterDef.ChooseexcludeOpertions ==0 || (FilterDef.ChooseexcludeOpertions & 32)==32){ RealRegDeleteKey = SYSCALL( ZwDeleteKey ); SYSCALL( ZwDeleteKey ) = (PVOID) HookRegDeleteKey; } if ( FilterDef.ChooseexcludeOpertions ==0 || (FilterDef.ChooseexcludeOpertions & 64)==64){ RealRegFlushKey = SYSCALL( ZwFlushKey ); SYSCALL( ZwFlushKey ) = (PVOID) HookRegFlushKey; } if ( FilterDef.ChooseexcludeOpertions ==0 || (FilterDef.ChooseexcludeOpertions & 128)==128){ RealRegSetValueKey = SYSCALL( ZwSetValueKey ); SYSCALL( ZwSetValueKey ) = (PVOID) HookRegSetValueKey; } if ( FilterDef.ChooseexcludeOpertions ==0 || (FilterDef.ChooseexcludeOpertions & 256)==256){ RealRegCreateKey = SYSCALL( ZwCreateKey ); #if defined(_ALPHA_) SYSCALL( ZwCreateKey ) = (PVOID) ((ULONG) HookRegCreateKey + ((ULONG) RealRegCreateKey & 0x00000003)); #else SYSCALL( ZwCreateKey ) = (PVOID) HookRegCreateKey; #endif } if ( FilterDef.ChooseexcludeOpertions ==0 || (FilterDef.ChooseexcludeOpertions & 512)==512){ RealRegDeleteValueKey = SYSCALL( ZwDeleteValueKey ); SYSCALL( ZwDeleteValueKey ) = (PVOID) HookRegDeleteValueKey; } if ( FilterDef.ChooseexcludeOpertions ==0 || (FilterDef.ChooseexcludeOpertions & 1024)==1024){ RealRegCloseKey = SYSCALL( ZwClose ); SYSCALL( ZwClose ) = (PVOID) HookRegCloseKey; } MUTEX_RELEASE( FilterMutex ); RegHooked = TRUE; } } |
|
[求助]关于DEVICEIOCONTROL死机的问题
BOOLEAN RegmonDeviceControl( IN PFILE_OBJECT FileObject, IN BOOLEAN Wait, IN PVOID InputBuffer, IN ULONG InputBufferLength, OUT PVOID OutputBuffer, IN ULONG OutputBufferLength, IN ULONG IoControlCode, OUT PIO_STATUS_BLOCK IoStatus, IN PDEVICE_OBJECT DeviceObject ) { BOOLEAN retval = FALSE; PSTORE_BUF old; ULONG Context; IoStatus->Status = STATUS_SUCCESS; IoStatus->Information = 0; switch ( IoControlCode ) { case REGMON_hook: //就是在这里 DbgPrint ("Regmon: hook\n"); HookRegistry(); DbgPrint ("Regmon: hook over\n"); break; case REGMON_unhook: DbgPrint("Regmon: unhook\n"); UnhookRegistry(); break; case REGMON_zerostats://缓冲区清零 DbgPrint ("Regmon: zero stats\n"); MUTEX_WAIT( StoreMutex ); while ( Store->Next ) { old = Store->Next; Store->Next = old->Next; MUTEX_WAIT( StoreMutex ); ExFreePool( old ); NumStore--; MUTEX_RELEASE( StoreMutex ); } Store->Len = 0; Sequence = 0; MUTEX_RELEASE( StoreMutex ); break; case REGMON_getstats: //信息复制到应用程序 DbgPrint ("Regmon: get stats\n"); MUTEX_WAIT( StoreMutex ); if ( MAX_STORE > OutputBufferLength ) { // 输出内存不够 MUTEX_RELEASE( StoreMutex ); IoStatus->Status = STATUS_INVALID_PARAMETER; DbgPrint ("Regmon: STATUS_INVALID_PARAMETER\n"); return FALSE; } else if ( Store->Len || Store->Next ) { RegmonNewStore(); DbgPrint("saved"); // 把最老的先传出去 old = RegmonOldestStore(); MUTEX_RELEASE( StoreMutex ); memcpy( OutputBuffer, old->Data, old->Len ); //返回长度 IoStatus->Information = old->Len; DbgPrint ("old->Len:%d\n",old->Len); ExFreePool( old ); } else { MUTEX_RELEASE( StoreMutex ); DbgPrint ("Store->Len:%d\n",Store->Len); IoStatus->Information = 0; return FALSE; } break; case REGMON_setfilter: DbgPrint("Regmon: set filter\n"); MUTEX_WAIT( FilterMutex ); FilterDef = *(PFILTER) InputBuffer; DbgPrint("FilterDef.processfilter:%s\n\r",FilterDef.processfilter); DbgPrint("FilterDef.processexclude:%s\n\r",FilterDef.processexclude); DbgPrint("FilterDef.pathfilter:%s\n\r",FilterDef.pathfilter); DbgPrint("FilterDef.excludefilter:%s\n\r",FilterDef.excludefilter); DbgPrint("FilterDef.excludeallprocess:%d\n\r",FilterDef.excludeallprocess); DbgPrint("FilterDef.excludeallkey:%d\n\r",FilterDef.excludeallkey); DbgPrint("FilterDef.ChooseexcludeOpertions:%d\n\r",FilterDef.ChooseexcludeOpertions); MUTEX_WAIT( FilterMutex ); RegmonUpdateFilters(); break; default: DbgPrint ("Regmon: unknown IRP_MJ_DEVICE_CONTROL\n"); IoStatus->Status = STATUS_INVALID_DEVICE_REQUEST; break; } DbgPrint("ctrl:return\n\r"); return TRUE; } |
|
|
|
[求助]DELPHI中怎么得到硬盘的温度?
http://www.ciker.net/ciker/ciker.asp?ciker=316,不知道这个对你有没有帮助,我看完用DELPHI实现了 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值