首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 付费问答
    3. 发新帖
[旧帖] [求助]创建IRP_MJ_WRITE写扇区,失败,求高手看代码哪里错了 0.00雪花
发表于: 2013-8-25 18:14 1621

[旧帖] [求助]创建IRP_MJ_WRITE写扇区,失败,求高手看代码哪里错了 0.00雪花

钱家琦 活跃值
2013-8-25 18:14
1621
#include "MftFilter.H"
#pragma INITCODE
extern "C" NTSTATUS DriverEntry(
        IN PDRIVER_OBJECT pDriverObject,
        IN PUNICODE_STRING pRegistryPath
        )
{
        NTSTATUS status;
        //打开PhysicalDrive0
        UNICODE_STRING DeviceName;
        RtlInitUnicodeString(&DeviceName,L"\\??\\PhysicalDrive0");
        PDEVICE_OBJECT DeviceObject = NULL;
        PFILE_OBJECT FileObject = NULL;
        status = IoGetDeviceObjectPointer(&DeviceName,FILE_ALL_ACCESS,&FileObject,&DeviceObject);
        DbgPrint("PhysicalDrive0 : FileObject:%x\n",FileObject);
        DbgPrint("PhysicalDrive0 : DeviceObject:%x\n",DeviceObject);
        if (!NT_SUCCESS(status))
        {
                DbgPrint("IoGetDeviceObjectPointer(PhysicalDrive0) Faild");
                return STATUS_UNSUCCESSFUL;
        }
        //写扇区
        PIRP Irp;
        KEVENT event;
        IO_STATUS_BLOCK IoStatusBlock;
        PIO_STACK_LOCATION IoStackLocation;

        KeInitializeEvent(&event, NotificationEvent, FALSE);
        Irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
        if (!Irp)
        {
                return STATUS_UNSUCCESSFUL;
        }
        PVOID temp;
        temp = ExAllocatePoolWithTag(NonPagedPool,0x200,'File');
        RtlZeroMemory(temp,0x200);
        Irp->AssociatedIrp.SystemBuffer = NULL;
        Irp->UserEvent = &event;
        Irp->UserIosb = &IoStatusBlock;
        Irp->Tail.Overlay.Thread = PsGetCurrentThread();
        Irp->Tail.Overlay.OriginalFileObject = FileObject;
        Irp->RequestorMode = KernelMode;
        Irp->Flags |= SL_FORCE_DIRECT_WRITE;

        LARGE_INTEGER WriteOffset;
        WriteOffset.QuadPart = 0x00;
        ULONG WriteLength;
        WriteLength = 0x200;
        IoStackLocation = IoGetNextIrpStackLocation(Irp);
        IoStackLocation->MajorFunction = IRP_MJ_WRITE;
        IoStackLocation->MinorFunction = IRP_MN_NORMAL;
        IoStackLocation->DeviceObject = DeviceObject;
        IoStackLocation->FileObject = FileObject;
        IoStackLocation->Parameters.Write.Length = WriteLength;
        IoStackLocation->Parameters.Write.ByteOffset = WriteOffset;

        IoSetCompletionRoutine(Irp,WriteCompleted,0,TRUE,TRUE,TRUE);
        IoCallDriver(DeviceObject,Irp);
        KeWaitForSingleObject(&event,Executive,KernelMode,TRUE,0);
        status = NT_SUCCESS(IoStatusBlock.Status);
        return status;
}

NTSTATUS WriteCompleted(
        PDEVICE_OBJECT DeviceObject,
        PIRP Irp,
        PVOID Context
        )
{
        *Irp->UserIosb = Irp->IoStatus;
        if(!NT_SUCCESS(Irp->IoStatus.Status))
        {
                DbgPrint("WriteCompleted  ERROR ON IRP: %x/n",Irp->IoStatus.Status);
        }
        KeSetEvent(Irp->UserEvent,0,FALSE);
        IoFreeIrp(Irp);
        return STATUS_MORE_PROCESSING_REQUIRED;
}

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 0
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//