-
-
[求助]关于ObReferenceObjectByName无法解析外部符号?
-
发表于: 2013-11-13 00:39
-
我用的是 DDKWizard + VS2008 + WDK7.1
vs2008驱动开发环境配好。《寒江独钓——WINDOW内核安全编程》中 那个键盘过滤的例子。
为什么在IDE环境中会出现如下错误:
1>1>f:\myproc\keyboardfilter\keyboardfilter\keyboardfilter.cpp(682) : warning C4996: 'RtlConvertLongToLargeInteger': was declared deprecated
1>1>f:\myproc\keyboardfilter\keyboardfilter\keyboardfilter.cpp(682) : warning C4996: 'RtlConvertLongToLargeInteger': was declared deprecated
1>1>keyboardfilter.obj : error LNK2019: unresolved external symbol "long __stdcall ObReferenceObjectByName(struct _UNICODE_STRING *,unsigned long,struct _ACCESS_STATE *,unsigned long,struct _OBJECT_TYPE *,char,void *,void * *)" (?ObReferenceObjectByName@@YGJPAU_UNICODE_STRING@@KPAU_ACCESS_STATE@@KPAU_OBJECT_TYPE@@DPAXPAPAX@Z) referenced in function "long __stdcall c2pAttachDevices(struct _DRIVER_OBJECT *,struct _UNICODE_STRING *)" (?c2pAttachDevices@@YGJPAU_DRIVER_OBJECT@@PAU_UNICODE_STRING@@@Z)
1>1>f:\myproc\keyboa~1\keyboa~2\keyboardfilter.obj : error LNK2019: unresolved external symbol "long __stdcall ObReferenceObjectByName(struct _UNICODE_STRING *,unsigned long,struct _ACCESS_STATE *,unsigned long,struct _OBJECT_TYPE *,char,void *,void * *)" (?ObReferenceObjectByName@@YGJPAU_UNICODE_STRING@@KPAU_ACCESS_STATE@@KPAU_OBJECT_TYPE@@DPAXPAPAX@Z) referenced in function "long __stdcall c2pAttachDevices(struct _DRIVER_OBJECT *,struct _UNICODE_STRING *)" (?c2pAttachDevices@@YGJPAU_DRIVER_OBJECT@@PAU_UNICODE_STRING@@@Z)
1>1>keyboardfilter.obj : error LNK2001: unresolved external symbol "struct _OBJECT_TYPE * IoDriverObjectType" (?IoDriverObjectType@@3PAU_OBJECT_TYPE@@A)
1>1>f:\myproc\keyboa~1\keyboa~2\keyboardfilter.obj : error LNK2001: unresolved external symbol "struct _OBJECT_TYPE * IoDriverObjectType" (?IoDriverObjectType@@3PAU_OBJECT_TYPE@@A)
1>1>BufferOverflowK.lib(gs_support.obj) : error LNK2019: unresolved external symbol _DriverEntry@8 referenced in function _GsDriverEntry@8
1>1>f:\myproc\keyboa~1\keyboa~2\bufferoverflowk.lib(gs_support.obj) : error LNK2019: unresolved external symbol _DriverEntry@8 referenced in function _GsDriverEntry@8
1>1>f:\myproc\keyboa~1\keyboa~2\objchk_win7_x86\i386\KeyboardFilter.sys : fatal error LNK1120: 3 unresolved externals
1>1>f:\myproc\keyboa~1\keyboa~2\objchk_win7_x86\i386\keyboardfilter.sys : error LNK1120: 3 unresolved externals
上面错误有点乱,总结起来就是:ObReferenceObjectByName 无法解析外部符号之类的
但是我直接用WDK工具编的话是能通过的。
ObReferenceObjectByName 这个函数是一个未文档化的 函数书上这么说。
各位说说 还需要设置什么IDE环境才能编得过。当然这只是为了方便咯。
vs2008驱动开发环境配好。《寒江独钓——WINDOW内核安全编程》中 那个键盘过滤的例子。
为什么在IDE环境中会出现如下错误:
1>1>f:\myproc\keyboardfilter\keyboardfilter\keyboardfilter.cpp(682) : warning C4996: 'RtlConvertLongToLargeInteger': was declared deprecated
1>1>f:\myproc\keyboardfilter\keyboardfilter\keyboardfilter.cpp(682) : warning C4996: 'RtlConvertLongToLargeInteger': was declared deprecated
1>1>keyboardfilter.obj : error LNK2019: unresolved external symbol "long __stdcall ObReferenceObjectByName(struct _UNICODE_STRING *,unsigned long,struct _ACCESS_STATE *,unsigned long,struct _OBJECT_TYPE *,char,void *,void * *)" (?ObReferenceObjectByName@@YGJPAU_UNICODE_STRING@@KPAU_ACCESS_STATE@@KPAU_OBJECT_TYPE@@DPAXPAPAX@Z) referenced in function "long __stdcall c2pAttachDevices(struct _DRIVER_OBJECT *,struct _UNICODE_STRING *)" (?c2pAttachDevices@@YGJPAU_DRIVER_OBJECT@@PAU_UNICODE_STRING@@@Z)
1>1>f:\myproc\keyboa~1\keyboa~2\keyboardfilter.obj : error LNK2019: unresolved external symbol "long __stdcall ObReferenceObjectByName(struct _UNICODE_STRING *,unsigned long,struct _ACCESS_STATE *,unsigned long,struct _OBJECT_TYPE *,char,void *,void * *)" (?ObReferenceObjectByName@@YGJPAU_UNICODE_STRING@@KPAU_ACCESS_STATE@@KPAU_OBJECT_TYPE@@DPAXPAPAX@Z) referenced in function "long __stdcall c2pAttachDevices(struct _DRIVER_OBJECT *,struct _UNICODE_STRING *)" (?c2pAttachDevices@@YGJPAU_DRIVER_OBJECT@@PAU_UNICODE_STRING@@@Z)
1>1>keyboardfilter.obj : error LNK2001: unresolved external symbol "struct _OBJECT_TYPE * IoDriverObjectType" (?IoDriverObjectType@@3PAU_OBJECT_TYPE@@A)
1>1>f:\myproc\keyboa~1\keyboa~2\keyboardfilter.obj : error LNK2001: unresolved external symbol "struct _OBJECT_TYPE * IoDriverObjectType" (?IoDriverObjectType@@3PAU_OBJECT_TYPE@@A)
1>1>BufferOverflowK.lib(gs_support.obj) : error LNK2019: unresolved external symbol _DriverEntry@8 referenced in function _GsDriverEntry@8
1>1>f:\myproc\keyboa~1\keyboa~2\bufferoverflowk.lib(gs_support.obj) : error LNK2019: unresolved external symbol _DriverEntry@8 referenced in function _GsDriverEntry@8
1>1>f:\myproc\keyboa~1\keyboa~2\objchk_win7_x86\i386\KeyboardFilter.sys : fatal error LNK1120: 3 unresolved externals
1>1>f:\myproc\keyboa~1\keyboa~2\objchk_win7_x86\i386\keyboardfilter.sys : error LNK1120: 3 unresolved externals
上面错误有点乱,总结起来就是:ObReferenceObjectByName 无法解析外部符号之类的
但是我直接用WDK工具编的话是能通过的。
ObReferenceObjectByName 这个函数是一个未文档化的 函数书上这么说。
各位说说 还需要设置什么IDE环境才能编得过。当然这只是为了方便咯。
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
恩恩 已经知道了 加上 extern "C" 就不会了, 貌似是因为后缀为.cpp是用C++方式处理函数名,后缀.c是用C凡是处理函数名。
 还是谢谢楼上。
|
|
|
|
