-
-
[旧帖]
求批 win32asm 代码 ZwOpenSection相关问题
0.00雪花
-
发表于:
2010-8-12 21:09
4887
-
[旧帖] 求批 win32asm 代码 ZwOpenSection相关问题
0.00雪花
问题:
ZwOpenSection 没能返回正常 总是返回 C000003A
#define STATUS_OBJECT_PATH_NOT_FOUND ((NTSTATUS)0xC000003A)
不知道如何解决
环境:
win xp sp2
masm
代码:
.386
.model flat, stdcall
option casemap:none
include ..\Macro\strings.mac
include w2k\Ntdll.inc
include w2k\Ntdef.inc
includelib E:\RadASM\Masm\Lib\w2k\ntdll.lib
;======================================
.data?
hSection dd ?
objName UNICODE_STRING <?>
objAttributes OBJECT_ATTRIBUTES <?>
.code
start:
invoke RtlInitUnicodeString, addr objName, $CTW0("\\Devices\\PhysicalMemory")
mov objAttributes._Length, sizeof OBJECT_ATTRIBUTES
mov objAttributes.RootDirectory, NULL
mov objAttributes.ObjectName, offset objName
mov objAttributes.Attributes, 00000200h ;OBJ_CASE_INSENSITIVE or OBJ_KERNEL_HANDLE
mov objAttributes.SecurityDescriptor, NULL
mov objAttributes.SecurityQualityOfService, NULL
invoke ZwOpenSection, addr hSection, 6, addr objAttributes
mov ecx,eax
end start
[课程]FART 脱壳王!加量不加价!FART作者讲授!