-
-
[求助]关于应用层内联的问题
-
发表于:
2011-7-19 18:05
3796
-
前提:
内联钩子已经跳转成功了。
出问题的代码:
// 自己实现的内核函数
NTSTATUS __declspec(naked) NewNtDeviceIoControlFile(
HANDLE FileHandle,
HANDLE Event OPTIONAL,
PVOID ApcRoutine OPTIONAL,
PVOID ApcContext OPTIONAL,
PVOID IoStatusBlock,
ULONG IoControlCode,
PVOID InputBuffer OPTIONAL,
ULONG InputBufferLength,
PVOID OutputBuffer OPTIONAL,
ULONG OutputBufferLength
)
{
__asm
{
push ebp
push OutputBufferLength;
push OutputBuffer;
push InputBufferLength;
push InputBuffer;
push IoControlCode;
push IoStatusBlock;
push ApcContext;
push ApcRoutine;
push Event;
push FileHandle;
call ShowPacketContent;
}
__asm
{
push ebx
mov ebx,Old_NtDeviceIoControlFile
add ebx,5
mov Old_NtDeviceIoControlFile ,ebx
pop ebx
pop ebp
mov esp , ebp
mov eax,42h;
jmp Old_NtDeviceIoControlFile
}
}
请问错误在哪里?大侠不吝赐教!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
