|
|
|
|
|
|
|
[求助][求助]木马是如何自己变大的??
看看 <<windows PE 权威指南>> 就知道了 |
|
[求助]WriteFile写设备失败
汗 发现问题了 没设置overlap 结构 |
|
[求助]WriteFile写设备失败
#pragma code_seg("PAGE") NTSTATUS MyWdmWrite(PDEVICE_OBJECT DeviceObject,PIRP Irp) { KdPrint(("enter MyWdmWrite")); PMY_DEVICE_EXTENSION pDevExt =(PMY_DEVICE_EXTENSION)DeviceObject->DeviceExtension; IoMarkIrpPending(Irp); IoSetCancelRoutine(Irp,OnCancelIrpWrite); KIRQL oldirql; KeRaiseIrql(DISPATCH_LEVEL,&oldirql); if(! KeInsertDeviceQueue(&pDevExt->WriteIrpQueue,&Irp->Tail.Overlay.DeviceQueueEntry)) //将 这个Irp挂入ReadIrpQueue队列后返回的结果为不忙 忙的话就只挂入队列 { MyStartIoWrite(DeviceObject,Irp);// 会将队列中所有的IRP都处理掉 } KeLowerIrql(oldirql); KdPrint(("leave myWdm Write file")); return STATUS_PENDING; } VOID MyStartIoWrite(IN PDEVICE_OBJECT DeviceObject,IN PIRP pStartIoIrp) { KdPrint(("Enter MyStartIoWrite")); PMY_DEVICE_EXTENSION pDevExt=(PMY_DEVICE_EXTENSION)DeviceObject->DeviceExtension; PKDEVICE_QUEUE_ENTRY Device_Entry; PIRP Irp=pStartIoIrp; do { PIO_STACK_LOCATION stack= IoGetCurrentIrpStackLocation(Irp); ULONG ulWriteLength= stack->Parameters.Write.Length; //得到要写的长度 ULONG ulWriteOffset= (ULONG)stack->Parameters.Write.ByteOffset.QuadPart; OBJECT_ATTRIBUTES objectAttributes; HANDLE myfile; NTSTATUS Status=STATUS_SUCCESS; IO_STATUS_BLOCK iostatus; UNICODE_STRING file_name_path; RtlInitUnicodeString( &file_name_path, L"\\??\\c:\\1.log" ); Status=ZwCreateFile( &myfile, GENERIC_WRITE, &objectAttributes, &iostatus, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, FILE_OPEN_IF, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0 ); if (!NT_SUCCESS(Status)) { Status=STATUS_UNSUCCESSFUL; } LARGE_INTEGER LGINOffset; LGINOffset.QuadPart=ulWriteLength; Status=ZwWriteFile(myfile,0,0,0,&iostatus,Irp->AssociatedIrp.SystemBuffer,ulWriteLength,&LGINOffset,0); if(NT_SUCCESS(Status)) { KdPrint(("Write file failed")); Status=STATUS_UNSUCCESSFUL; } ZwClose(myfile); Irp->IoStatus.Status=Status; Irp->IoStatus.Information=ulWriteLength; IoCompleteRequest(Irp,IO_NO_INCREMENT); //完成这个IRP //以下代码用来得到下一次循环中要处理的IRP Device_Entry=KeRemoveDeviceQueue(&pDevExt->WriteIrpQueue);//从队列中移除一个IRP //得到IRP中的List_ENTRY if(Device_Entry==NULL) //如果队列已经为空 { break; //退出 do while 循换 } Irp=CONTAINING_RECORD(Device_Entry,IRP,Tail.Overlay.DeviceQueueEntry); //通过LIST_ENTRY得到Irp 这个Irp是下次循环中要处理的 } while (1); KdPrint(("leave Mu startIoWrite function")); } #pragma code_seg("PAGE") NTSTATUS MyWdmDispatch(PDEVICE_OBJECT DeviceObject,PIRP Irp) { KdPrint(("Enter my_wdm_diapatch_function")); NTSTATUS Status=NULL; PIO_STACK_LOCATION irpsp=IoGetCurrentIrpStackLocation(Irp); switch (irpsp->MajorFunction) { case IRP_MJ_CREATE: Status=MyWdmCreate(DeviceObject,Irp); break; case IRP_MJ_WRITE: Status=MyWdmWrite(DeviceObject,Irp); break; case IRP_MJ_READ: Status=MyWdmRead(DeviceObject,Irp); break; case IRP_MJ_DEVICE_CONTROL: Status=MyWdmDeviceIoControl(DeviceObject,Irp); break; case IRP_MJ_CLOSE: Status=MyWdmDeviceClose(DeviceObject,Irp); break; default: Irp->IoStatus.Status=STATUS_SUCCESS; Irp->IoStatus.Information=0L; IoCompleteRequest(Irp,IO_NO_INCREMENT); } KdPrint(("leave my wdm dispatch")); return Status; } #pragma code_seg("INIT") extern "C" NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,PUNICODE_STRING RegistryPath) { KdPrint(("EnterDriverEntry\n")); //pDriverObject->DriverExtension->AddDevice=MyWdmAddDevice; //pDriverObject->MajorFunction[IRP_MJ_PNP]=MyWdmPnp; pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=MyWdmDispatch; pDriverObject->MajorFunction[IRP_MJ_CREATE]=MyWdmDispatch; pDriverObject->MajorFunction[IRP_MJ_READ]=MyWdmDispatch; pDriverObject->MajorFunction[IRP_MJ_CLOSE]=MyWdmDispatch; pDriverObject->MajorFunction[IRP_MJ_WRITE]=MyWdmDispatch; pDriverObject->DriverUnload = MyWdmUnload; PMY_PDRIVER_EXTENSION MyDriverExtension; NTSTATUS Status; Status=IoAllocateDriverObjectExtension(pDriverObject,pDriverObject,sizeof(MY_DRIVER_EXTENSION),(PVOID*)&MyDriverExtension); if(!NT_SUCCESS(Status)) { KdPrint(("allocate for DriverExtension faild")); return Status; } IoRegisterDriverReinitialization(pDriverObject,SearchForLegacyDrivers,MyDriverExtension); KdPrint(("leave DriverEntry")); return STATUS_SUCCESS; DbgPrint("leave enter driver entry "); } #pragma code_seg("PAGE") static VOID SearchForLegacyDrivers(IN PDRIVER_OBJECT pDriverObject,IN PVOID Context, IN ULONG Count) { NTSTATUS Status; UNICODE_STRING DevName; PDEVICE_OBJECT pDevObj; PMY_DEVICE_EXTENSION pDevExt; DbgPrint("print enter SearchForLegacyDrivers "); KdPrint(("enter SearchForLegacyDrivers")); RtlInitUnicodeString(&DevName,L"\\Device\\MyWdmDevice"); PMY_PDRIVER_EXTENSION pDriverExtension=(PMY_PDRIVER_EXTENSION)Context; Status=IoCreateDevice(pDriverObject,sizeof(MY_DEVICE_EXTENSION),&DevName,FILE_DEVICE_UNKNOWN,0,FALSE,&pDevObj); if (!NT_SUCCESS(Status)) { IoDeleteDevice(pDevObj); KdPrint((" create device faild ")); return ; } KdPrint(("Create Device Success")); pDevObj->Flags &= ~DO_DEVICE_INITIALIZING; pDevObj->Flags|=DO_BUFFERED_IO; //决定了设备的访问类型 pDevExt=(PMY_DEVICE_EXTENSION)pDevObj->DeviceExtension; pDevExt->pDevbj=pDevObj; pDevExt->DeviceName=DevName; KeInitializeDeviceQueue(&pDevExt->ReadIrpQueue); KeInitializeDeviceQueue(&pDevExt->IoControlIrpQueue); KeInitializeDeviceQueue(&pDevExt->WriteIrpQueue); UNICODE_STRING SymLinkName; if(IoIsWdmVersionAvailable(1,0x10)) { RtlInitUnicodeString(&SymLinkName,L"\\DosDevices\\Global\\MyLegacyDriver"); KdPrint(("\\DosDevices\\Global\\MyLegacyDriver")); } else { RtlInitUnicodeString(&SymLinkName,L"\\DosDevices\\MyLegacyDriver"); KdPrint(("\\DosDevices\\MyLegacyDriver")); } pDevExt->UserSymbolicName=SymLinkName; Status=IoCreateSymbolicLink(&SymLinkName,&DevName); if (!NT_SUCCESS(Status)) { IoDeleteDevice(pDevObj); KdPrint((" create symbolic faild ")); return; } KdPrint(("Create symbolic success")); return; } 我又调试了下 把GetLastErrorCoce放到WriteFile 最近处 现在错误是 参数错误 还是没进入分发函数 |
|
[求助]WriteFile写设备失败
void CuserMyWdmMfcDlg::OnBnClickedButton1() { hDevice=CreateFile(_T("\\\\.\\Global\\MyLegacyDriver"),GENERIC_READ|GENERIC_WRITE,0,NULL, OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL| FILE_FLAG_OVERLAPPED,NULL);//异步方式打开设备要加上 if(hDevice==INVALID_HANDLE_VALUE) { LPVOID lpMsgBuf; int error = GetLastError(); FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, error, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */ (LPTSTR) &lpMsgBuf, 0, NULL); /* Display the string. */ ::MessageBox( NULL, (LPCTSTR)lpMsgBuf, L"Error", MB_OK | MB_ICONERROR ); return ; } MessageBox(L"Open Device success",L"box!",MB_OK); return ; } 是GENERIC_READ|GENERIC_WRITE 啊 而且IRP_MJ_Read和 DeviceIoControl 都有反应 |
|
[求助]通过符号连接打开设备失败
问题已解决 确实是驱动没写好 |
|
[求助]打开设备返回INVALLID_HANDLE_VALUE errorcode是 操作已成功完成是怎么回事啊
哈哈哈哈哈哈哈哈:) 好了 \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ |
|
[求助]通过符号连接打开设备失败
没试过打开别的符号链接… 也没有别的自己写的驱动啊 |
|
[求助]打开设备返回INVALLID_HANDLE_VALUE errorcode是 操作已成功完成是怎么回事啊
看了好久没看出来 哪里多出个字母。。 |
|
|
|
[求助]打开设备返回INVALLID_HANDLE_VALUE errorcode是 操作已成功完成是怎么回事啊
UNICODE_STRING SymLinkName; if(IoIsWdmVersionAvailable(1,0x10)) { RtlInitUnicodeString(&SymLinkName,L"\\DosDevices\\Global\\MyLegacyDriver"); KdPrint(("\\DosDevices\\Global\\MyLegacyDriver")); } else { RtlInitUnicodeString(&SymLinkName,L"\\DosDevices\\MyLegacyDriver"); KdPrint(("\\DosDevices\\MyLegacyDriver")); } pDevExt->UserSymbolicName=SymLinkName; Status=IoCreateSymbolicLink(&SymLinkName,&DevName); DebugView里显示是 \\DosDevices\\Global\\MyLegacyDriver 就是说确实是用户相关 然后我在用户模式下用 L"\\\\.\\MyLegacyDriver"打不开啊 错误是找不到指定文件 因为winobj显示符号链接在 Global目录里 然后又尝试 L"\\\\.\\Global??\\MyLegacyDriver" 还是打不开 错误是找不到指定路径 然后又尝试 L"\\\\.\\Global\\MyLegacyDriver" 还是打不开 错误是找不到指定文件 吐血 用winobj 都看到符号链接了………………就在 \ 目录下的 Global?? 目录里 到底该如何打开它 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值