-
-
[旧帖] [求助]驱动HOOKring0 编译失败 0.00雪花
-
发表于: 2011-3-7 22:37
-
如题,大家帮我看看,错误好多啊。。。
#include <ntddk.h>
void Hook();
NTSTATUS ZwQueryInformationProcess
(
HANDLE ProcessHandle,
PROCESSINFOCLASS ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength,
PULONG ReturnLength
);
NTSTATUS MyZwQueryInformationProcess
(
HANDLE ProcessHandle,
PROCESSINFOCLASS ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength,
PULONG ReturnLength
)
{
return 1;
}
//MyNtUserSendInput(UINT nInput,LPINPUT pInput,INT cbSize)
UINT MyNtUserSendInput(
IN UINT cInputs,
IN CONST INPUT *pInputs,
IN int cbSize)
{
_asm
{
push 18
push BF98F8D0
jmp [0xBF8C3297]
}
}
//MyNtUserReadVirtualMemory(HANDLE hProcess,LPCVOID lpBaseAddress,LPVOID lpBuffer,DWORD nSize,LPDWORD lpNumberOfBytesRead)
BOOL MyNtReadVirtualMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, DWORD nSize, LPDWORD lpNumberOfBytesRead)
{
_asm
{
push 1C
push 804DAEF0
jmp [0x805B52C9]
}
}
//MyNtUserWriteVirtualMemory(HANDLE hProcess,LPVOID lpBaseAddress,LPVOID lpBuffer,DWORD nSize,LPDWORD lpNumberOfBytesWritten)
BOOL MyNtWriteVirtualMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, DWORD nSize, LPDWORD lpNumberOfBytesWritten)
{
_asm
{
push 1C
push 804DAF08
jmp [0x805B53D3]
}
}
//MyNtOpenProcess(DWORD dwDesiredAccess,BOOL bInheritHandle,DWORD dwProcessId)
HANDLE MyNtOpenProcess(DWORD dwDesiredAccess,BOOL bInheritHandle,DWORD dwProcessId)
{
_asm
{
push C4
push 804DB4C0
jmp [0x805CC44A]
}
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,PUNICODE_STRING RegistryPath)
{
Hook();
return STATUS_SUCCESS;
}
void Hook()
{
_asm
{
cli
mov eax,cr0
and eax,not 10000h
mov cr0,eax
}
ULONG a;
ULONG b;
ULONG c;
ULONG d;
ULONG e;
(ULONG*)a=(ULONG*)ZwQueryInformationProcess;
(ULONG*)*a=(ULONG*)MyZwQueryInformationProcess;
(ULONG*)b=(ULONG*)0xBF8C3290;
(ULONG*)*b=(ULONG*)MyNtUserSendInput;
(ULONG*)c=(ULONG*)0x805B52C2;
(ULONG*)*c=(ULONG*)MyNtReadVirtualMemory;
(ULONG*)d=(ULONG*)0x805B53CC;
(ULONG*)*d=(ULONG*)MyNtWriteVirtualMemory;
(ULONG*)e=(ULONG*)0x805CC440
(ULONG*)*e=(ULONG*)MyNtOpenProcess;
_asm
{
mov eax,cr0
or eax,10000h
mov cr0,eax
sti
}
}
#include <ntddk.h>
void Hook();
NTSTATUS ZwQueryInformationProcess
(
HANDLE ProcessHandle,
PROCESSINFOCLASS ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength,
PULONG ReturnLength
);
NTSTATUS MyZwQueryInformationProcess
(
HANDLE ProcessHandle,
PROCESSINFOCLASS ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength,
PULONG ReturnLength
)
{
return 1;
}
//MyNtUserSendInput(UINT nInput,LPINPUT pInput,INT cbSize)
UINT MyNtUserSendInput(
IN UINT cInputs,
IN CONST INPUT *pInputs,
IN int cbSize)
{
_asm
{
push 18
push BF98F8D0
jmp [0xBF8C3297]
}
}
//MyNtUserReadVirtualMemory(HANDLE hProcess,LPCVOID lpBaseAddress,LPVOID lpBuffer,DWORD nSize,LPDWORD lpNumberOfBytesRead)
BOOL MyNtReadVirtualMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, DWORD nSize, LPDWORD lpNumberOfBytesRead)
{
_asm
{
push 1C
push 804DAEF0
jmp [0x805B52C9]
}
}
//MyNtUserWriteVirtualMemory(HANDLE hProcess,LPVOID lpBaseAddress,LPVOID lpBuffer,DWORD nSize,LPDWORD lpNumberOfBytesWritten)
BOOL MyNtWriteVirtualMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, DWORD nSize, LPDWORD lpNumberOfBytesWritten)
{
_asm
{
push 1C
push 804DAF08
jmp [0x805B53D3]
}
}
//MyNtOpenProcess(DWORD dwDesiredAccess,BOOL bInheritHandle,DWORD dwProcessId)
HANDLE MyNtOpenProcess(DWORD dwDesiredAccess,BOOL bInheritHandle,DWORD dwProcessId)
{
_asm
{
push C4
push 804DB4C0
jmp [0x805CC44A]
}
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,PUNICODE_STRING RegistryPath)
{
Hook();
return STATUS_SUCCESS;
}
void Hook()
{
_asm
{
cli
mov eax,cr0
and eax,not 10000h
mov cr0,eax
}
ULONG a;
ULONG b;
ULONG c;
ULONG d;
ULONG e;
(ULONG*)a=(ULONG*)ZwQueryInformationProcess;
(ULONG*)*a=(ULONG*)MyZwQueryInformationProcess;
(ULONG*)b=(ULONG*)0xBF8C3290;
(ULONG*)*b=(ULONG*)MyNtUserSendInput;
(ULONG*)c=(ULONG*)0x805B52C2;
(ULONG*)*c=(ULONG*)MyNtReadVirtualMemory;
(ULONG*)d=(ULONG*)0x805B53CC;
(ULONG*)*d=(ULONG*)MyNtWriteVirtualMemory;
(ULONG*)e=(ULONG*)0x805CC440
(ULONG*)*e=(ULONG*)MyNtOpenProcess;
_asm
{
mov eax,cr0
or eax,10000h
mov cr0,eax
sti
}
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
