-
-
[求助]重载内核OK 但是有个小问题
-
发表于: 2013-10-8 16:28
-
重载ZW系列函可以搞搞 一旦重载NtOpenProcess屏幕就动不了?这是为什么呢?试了论坛里各种重载都是这个问题。。DWORD FakeKiFastCallEntry(DWORD dwServiceNumber, DWORD dwServiceAddress, DWORD dwSDTBase)
{
DWORD dwRetAddr = dwServiceAddress;
if (MmIsAddressValid((PVOID)dwServiceAddress) && MmIsAddressValid(g_pNewSSDT))
{
if(dwSDTBase == (DWORD)g_pvServiceTable && dwServiceNumber == 122)
{KdPrint(("[FakeKiFastCallEntry]Service Number: %lu, Address: 0x%08X, SDT Base: 0x%08X.\n", dwServiceNumber, dwServiceAddress, dwSDTBase));
dwRetAddr = g_pNewSSDT->ServiceTable[dwServiceNumber];
}
}
return dwRetAddr;
}
但是如果改成
DWORD FakeKiFastCallEntry(DWORD dwServiceNumber, DWORD dwServiceAddress, DWORD dwSDTBase)
{
DWORD dwRetAddr = dwServiceAddress;
if (MmIsAddressValid((PVOID)dwServiceAddress) && MmIsAddressValid(g_pNewSSDT))
{
if(ExGetPreviousMode()== KernelMode)
{
if(dwSDTBase == (DWORD)g_pvServiceTable && dwServiceNumber == 122)
{
KdPrint(("[FakeKiFastCallEntry]Service Number: %lu, Address: 0x%08X, SDT Base: 0x%08X.\n", dwServiceNumber, dwServiceAddress, dwSDTBase));
dwRetAddr = g_pNewSSDT->ServiceTable[dwServiceNumber];
}
}
}
return dwRetAddr;
}
根本重载不到 ,怎么搞饿
[培训]传播安全知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
|
|
 这都没人回答吗 已解决 调用ZW
|
|
|
|
|
|
值能HOOK ZW ,游戏修改了NT里面的地址。但是HOOK NT就卡机,HOOK ZW没用 |
|
|
我说的是内核中的 不是NTDLL
|
|
|
|
