-
-
[旧帖]
[求助]调用ObReferenceObjectByName获得不到指针
0.00雪花
-
发表于:
2013-2-22 11:02
1379
-
[旧帖] [求助]调用ObReferenceObjectByName获得不到指针
0.00雪花
求各位高手看下
#define KBD_DRIVER_NAME L"\\Driver\\Kbdclass"
//打开设备对象
NTSTATUS OpenDriverByName(PDRIVER_OBJECT DriverObject,PUNICODE_STRING Regpath){
PDRIVER_OBJECT KbdDriverObject = NULL;
NTSTATUS status;
UNICODE_STRING kbdname;
RtlInitUnicodeString(&kbdname,KBD_DRIVER_NAME);
status = ObReferenceObjectByName(
&kbdname,
OBJ_CASE_INSENSITIVE, //不区分大小写
NULL,
0,
*IoDriverObjectType,
KernelMode,
NULL,
&KbdDriverObject
);
if(NT_SUCCESS(status)){
DbgPrint("cannot get the kbd object/n");
return STATUS_UNSUCCESSFUL;
}
DbgPrint("Hook 开始");
//保留原分发函数的入口地址
OldDispatchRead = KbdDriverObject->MajorFunction[IRP_MJ_READ];
//绑定新的分发函数
InterlockedExchangePointer(&KbdDriverObject->MajorFunction[IRP_MJ_READ],newDisperseFun);
//解除引用
ObDereferenceObject(KbdDriverObject);
}
//入口函数
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject,PUNICODE_STRING RegPath){
PDRIVER_OBJECT KbdDriverObject = NULL;
UNICODE_STRING KbdName;
NTSTATUS status;
#if DBG
_asm int 3
#endif
//init string
OpenDriverByName(DriverObject,RegPath);
DriverObject->DriverUnload = DriverUnload;
return STATUS_SUCCESS;
}
在加粗的时候调用 返回的是0x000没有得到 我看驱动名字没有写错 在我写的另一个过滤驱动就可以正常得到 在这里就是得不到求高手指点下
[课程]FART 脱壳王!加量不加价!FART作者讲授!
