-
-
[求助]驱动加载失败 error127找不到指定的程序
-
发表于:
2011-11-7 09:06
5063
-
[求助]驱动加载失败 error127找不到指定的程序
小弟初学驱动,按照http://kssd.pediy.com/pediy10/79247.html 的ssdt hook框架写了一个ZwQueryPerformanceCounter的hook,成功编译得到sys后,用InstDrv加载缺提示找不到指定的程序。用框架自带的hook ZwSetInformationFile和NtOpenProcess能正常使用。请问各位应当为何?下面是sources文件
# $Id$
TARGETNAME=EmptyDriver1
TARGETPATH=obj
TARGETLIBS = C:\WinDDK\7600.16385.1\lib\wxp\i386\ntdll.lib
TARGETTYPE=DRIVER
# Create browse info
#BROWSER_INFO=1
#BROWSERFILE=<some path>
# Additional defines for the C/C++ preprocessor
C_DEFINES=$(C_DEFINES)
SOURCES=hook_sample.c ssdt_hook_function.c
下面是主要代码,都是参照框架原先的写的。
#include "ssdt_hook_struct.h"
// 定义HOOK的函数原型
typedef
NTSTATUS
(NTAPI *NTQUERYPREFORMANCECOUNTER)( OUT PLARGE_INTEGER PerformanceCount,
OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL
);
// 对于ntddk.h中未定义的函数
// 可以根据<<Undocument>>一书在这里给出定义
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryPerformanceCounter (
OUT PLARGE_INTEGER PerformanceCount,
OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL
);
// ==============================================================
// 用户自定义HOOK例程
NTSTATUS MyNtOpenProcess( OUT PLARGE_INTEGER PerformanceCounter,
OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL)
{
NTQUERYPREFORMANCECOUNTER OldNtOpenProcess =
(NTQUERYPREFORMANCECOUNTER)OldServiceAddressTable[SERVICE_ID(ZwQueryPerformanceCounter)];
return OldNtOpenProcess(PerformanceCounter,PerformanceFrequency);
}
// Unload例程 卸载钩子
VOID Unload(IN PDRIVER_OBJECT DriverObject)
{
KdPrint(("Unload Routine.\n"));
UnHookService((ULONG)ZwQueryPerformanceCounter);
}
// DriverEntry例程 初始化并安装钩子
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
{
DriverObject->DriverUnload = Unload;
InitServicesTable();
HookService((ULONG)ZwQueryPerformanceCounter, (ULONG)MyNtOpenProcess);
return STATUS_SUCCESS;
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
