如题;
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xBE
PROCESS_NAME: csrss.exe
TRAP_FRAME: aeb8bb7c -- (.trap 0xffffffffaeb8bb7c)
ErrCode = 00000003
eax=000000e9 ebx=898d6690 ecx=0000000a edx=ffffffff esi=bf8c322e edi=b860f8a4
eip=b860e6ba esp=aeb8bbf0 ebp=aeb8bc10 iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010283
hookdev+0x6ba:
b860e6ba 8806 mov byte ptr [esi],al ds:0023:bf8c322e=e9
Resetting default scope
LAST_CONTROL_TRANSFER: from 8052136a to 804faf33
STACK_TEXT:
aeb8bafc 8052136a 000000be bf8c322e 109a5061 nt!KeBugCheckEx+0x1b
aeb8bb64 80545578 00000001 bf8c322e 00000000 nt!MmAccessFault+0x9a8
aeb8bb64 b860e6ba 00000001 bf8c322e 00000000 nt!KiTrap0E+0xd0
WARNING: Stack unwind information not available. Following frames may be wrong.
aeb8bc10 b860eebb b860f8a4 bf8c322e 0000000a hookdev+0x6ba
aeb8bc64 805817f7 8944e170 898d6690 898da510 hookdev+0xebb
aeb8bd00 8057a274 0000022c 00000000 00000000 nt!IopXxxControlFile+0x5c5
aeb8bd34 8054261c 0000022c 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
aeb8bd34 0047a56b 0000022c 00000000 00000000 nt!KiFastCallEntry+0xfc
0012cb18 00000000 00000000 00000000 00000000 0x47a56b
我已经attch到csrss.exe的进程里面去了。读就没什么问题。可一写就蓝了.
有什么办法。能让win32k.sys的内存不能写。
求大侠门给点见意
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)