-
-
[求助][求助] 32 位地址和 64 位地址的问题
-
发表于: 2015-3-23 23:37
-
比如32位程序在用户层调用了
POBJECT_ATTRIBUTES 结构
在64位内核. 想修改ObjectAttribute里面的ObjectName
NTSTATUS NTAPI NtOpenSection(..,..,POBJECT_ATTRIBUTES ObjectAttribute)
{
//保证 ObjectAttribute 不为0.且 ObjectName 有内容
DbgPrint("%llx",ObjectAttribute); // 为32位地址
RtlInitUnicodeString(ObjectAttribute->ObjectName,L"修改的内容"); // 这样不行
ObjectAttribute->ObjectName->Buffer[0] = L'M'; //这样直接 except
swprintf_s(ObjectAttribute->ObjectName->Buffer,ObjectAttribute->ObjectName->Length,L"%ws", "info"); //这样也不行 except
UNICODE_STRING _Path;
RtlInitUnicodeString(&_Path,L"info");
ObjectAttribute->ObjectName = &_Path ; //也不行
}
what should i do ?
ZwOpenSection( PHANDLE SectionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttribute);
POBJECT_ATTRIBUTES 结构
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
[COLOR="red"] PUNICODE_STRING ObjectName;[/COLOR]
ULONG Attributes;
PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR
PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVICE
} OBJECT_ATTRIBUTES;
typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;在64位内核. 想修改ObjectAttribute里面的ObjectName
NTSTATUS NTAPI NtOpenSection(..,..,POBJECT_ATTRIBUTES ObjectAttribute)
{
//保证 ObjectAttribute 不为0.且 ObjectName 有内容
DbgPrint("%llx",ObjectAttribute); // 为32位地址
RtlInitUnicodeString(ObjectAttribute->ObjectName,L"修改的内容"); // 这样不行
ObjectAttribute->ObjectName->Buffer[0] = L'M'; //这样直接 except
swprintf_s(ObjectAttribute->ObjectName->Buffer,ObjectAttribute->ObjectName->Length,L"%ws", "info"); //这样也不行 except
UNICODE_STRING _Path;
RtlInitUnicodeString(&_Path,L"info");
ObjectAttribute->ObjectName = &_Path ; //也不行
}
what should i do ?
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
