看过一下正常的,其它的好像基本没显示?
.h文件
#include <ntddk.h>
typedef struct _MY_EXTENDEVICE{ //extend device
PDEVICE_OBJECT PDevice;//point to device
UNICODE_STRING DeviceName;//device name
UNICODE_STRING DeviceSymbolic;//device symbolic
UNICODE_STRING PServiceRegPath;//reg path
// size_t DeviceNumber;//device number
}MY_EXTENDEVICE,*PMY_EXTENDEVICE;//var
VOID MyUnload(PDRIVER_OBJECT mydriver);
NTSTATUS MyDispatch(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);
NTSTATUS IoCreate(IN PDRIVER_OBJECT mydriver,IN PUNICODE_STRING myregpath);
.c文件
#include "head.h"
NTSTATUS DriverEntry(IN PDRIVER_OBJECT mydriver,IN PUNICODE_STRING myregpath)
{
NTSTATUS stauts;
mydriver->DriverUnload=MyUnload;
mydriver->MajorFunction[IRP_MJ_CREATE]=MyDispatch;
mydriver->MajorFunction[IRP_MJ_CLOSE]=MyDispatch;
stauts= IoCreate(mydriver,myregpath);
if (!NT_SUCCESS(stauts))
{
KdPrint(("Error\n"));
}
KdPrint(("Start\n"));
return STATUS_SUCCESS;
}
VOID MyUnload(PDRIVER_OBJECT mydriver)
{
PDEVICE_OBJECT punobj;
UNICODE_STRING deviname;
UNICODE_STRING desmbolic;
PMY_EXTENDEVICE pdeobj;
punobj=mydriver->DeviceObject;//
if (punobj!=NULL)
{
pdeobj=(PMY_EXTENDEVICE)punobj->DeviceExtension;
KdPrint(("%wZ",&pdeobj->DeviceName)) ;
KdPrint(("%wZ",&pdeobj->PServiceRegPath)) ;
KdPrint(("%wZ",&pdeobj->DeviceSymbolic)) ;
deviname=pdeobj->DeviceName;
desmbolic=pdeobj->DeviceSymbolic;
IoDeleteSymbolicLink(&desmbolic);
IoDeleteDevice(punobj);
}
KdPrint(("End\n"));
}
NTSTATUS MyDispatch(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp)
{
PMY_EXTENDEVICE pdeobj;
pdeobj=(PMY_EXTENDEVICE)pDevObj->DeviceExtension;
KdPrint(("Dispatch Start")) ;
KdPrint(("%wZ",&pdeobj->DeviceName)) ;
pIrp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest( pIrp, IO_NO_INCREMENT );
KdPrint(("Dispatch End")) ;
return STATUS_SUCCESS;
}
NTSTATUS IoCreate(IN PDRIVER_OBJECT mydriver,IN PUNICODE_STRING myregpath)
{
NTSTATUS status;
UNICODE_STRING dname;
UNICODE_STRING dsymbolic;
UNICODE_STRING dregpath;
PDEVICE_OBJECT deviceobj;
PMY_EXTENDEVICE pdeextobj;
RtlInitUnicodeString(&dname,L"\\Device\\MyDevice");
RtlInitUnicodeString(&dsymbolic,L"\\??\\MyDevice");
status=IoCreateDevice(mydriver,sizeof(MY_EXTENDEVICE),&dname,FILE_DEVICE_UNKNOWN,0,TRUE,&deviceobj);
if (!NT_SUCCESS(status))
{
KdPrint(("CreateDevice Error\n"));
return status;
}
pdeextobj=(PMY_EXTENDEVICE)deviceobj->DeviceExtension;
memset(pdeextobj,0,sizeof(MY_EXTENDEVICE));
// deviceobj->Flags |=DO_BUFFERED_IO;
pdeextobj->PDevice=deviceobj;
pdeextobj->DeviceName=dname;
pdeextobj->DeviceSymbolic=dsymbolic;
pdeextobj->PServiceRegPath=*myregpath;
status=IoCreateSymbolicLink(&dsymbolic,&dname);
if (!NT_SUCCESS(status))
{
KdPrint(("CreateSymbolic Error\n"));
IoDeleteDevice(deviceobj);
return status;
}
return STATUS_SUCCESS;
}
调用:
.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
;include gdi32.inc ;图形
includelib user32.lib
includelib kernel32.lib
;includelib gde32.lib
include macro.asm ;ctxt("")
.data
szAddr db '\\.\MyDevice',0
szFmat db '%d',0
.data?
hInstance dd ?
hFile dd ?
szBuffer db 50 dup (?)
.code
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke CreateFile,addr szAddr,GENERIC_READ or GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
.if eax==INVALID_HANDLE_VALUE
;invoke MessageBox,NULL,CTXT("打开出错"),CTXT("ERROR"),MB_ICONERROR
invoke GetLastError
invoke wsprintf,addr szBuffer,addr szFmat,eax
invoke MessageBox,NULL,addr szBuffer,addr szBuffer,0
jmp eee
.endif
mov hFile,eax
invoke Sleep,5000
invoke CloseHandle,hFile
eee:
invoke ExitProcess,NULL
end start
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法