|
|
|
|
|
[求助]蓝屏,好喝的钙~
不会吧,检查好几遍了帮我看看还有什么其他的原因,蓝屏蓝怕了 |
|
[求助]蓝屏,好喝的钙~
大家帮帮我啊 |
|
[求助]蓝屏,好喝的钙~
#include "ntddk.h" #define INITCODE code_seg("INIT") typedef struct _SERVICE_DESCRIPTOR_TABLE { PVOID ServiceTableBase; PULONG ServiceCounterTableBase; ULONG NumberOfService; ULONG ParamTableBase; }SERVICE_DESCRIPTOR_TABLE,*PSERVICE_DESCRIPTOR_TABLE; extern PSERVICE_DESCRIPTOR_TABLE KeServiceDescriptorTable; ULONG Address,OldAddress; ULONG MySsdt[284]; void hook(); void unhook(); void OnUnload(PDRIVER_OBJECT DriverObject); #pragma INITCODE NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject,PUNICODE_STRING RegistryPath) { DriverObject->DriverUnload=OnUnload; hook(); return STATUS_SUCCESS; } void OnUnload(PDRIVER_OBJECT DriverObject) { unhook(); } void hook() { MySsdt[0]=0x805a5630; MySsdt[1]=0x805f240e; MySsdt[2]=0x805f5c04; .............. MySsdt[281]=0x806196ae; MySsdt[282]=0x8061990a; MySsdt[283]=0x805cc942;//我从kernel detective上抄来的 Address=(ULONG)KeServiceDescriptorTable; OldAddress=*(ULONG*)Address; __asm { cli mov eax,cr0 and eax,not 10000h mov cr0,eax } *(ULONG*)Address=(ULONG)&MySsdt[0]; __asm { mov eax,cr0 or eax,10000h mov cr0,eax sti } } void unhook() { __asm { cli mov eax,cr0 and eax,not 10000h mov cr0,eax } *(ULONG*)Address=OldAddress; __asm { mov eax,cr0 or eax,10000h mov cr0,eax sti } } |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值