[求助]C0000010是啥意思啊-编程技术-看雪-安全社区|安全招聘|kanxue.com

[求助]C0000010是啥意思啊

发表于: 2016-4-28 15:29 13873

[求助]C0000010是啥意思啊

yemailu

2016-4-28 15:29

13873

.586P
.model flat, stdcall
option casemap:none

include d:\masm32\include\w2k\ntstatus.inc
include d:\masm32\include\w2k\ntddk.inc
include d:\masm32\include\w2k\ntoskrnl.inc
includelib d:\masm32\lib\w2k\ntoskrnl.lib
include d:\masm32\Macros\Strings.mac
include d:\masm32\include\w2k\native.inc
include d:\masm32\include\w2k\hal.inc
includelib d:\masm32\lib\w2k\hal.lib
includelib d:\masm32\lib\w2k\ndis.lib
include d:\KmdKit1.8\include\w2k\ntddkbd.inc
include c:\Documents and Settings\Administrator\桌面\桌面\汇编\KmdKit1.8\include\w2k\ntddtdi.inc

stContextx struct
dwCompletionAddr dd ?
dwIrp dd ?
pEventx dd ?
stContextx ends

.data?
stAnsiRing ANSI_STRING <>
stUnicodeRing UNICODE_STRING <>
stUnicodeRing1 UNICODE_STRING <>
dwDeviceObject dd ?
dwTargetDeviceObject dd ?
dwStau dd ?
lpOutputBuffer db 100 dup (?)
stKevent KEVENT <>

.const
szSymbolicLinkName db  '\DosDevices\简单驱动链接名',0
szDeviceName db '\Device\FistrTcp',0
szTcpDeviceName db '\Device\Tcp',0
szFmt db '%x',0

.code

_a1 proc _dwStringAddress,stK1
local @stAnsstring:ANSI_STRING
invoke RtlInitAnsiString,addr @stAnsstring,_dwStringAddress
invoke RtlAnsiStringToUnicodeString,stK1,addr @stAnsstring,TRUE
ret
_a1 endp

DriverUnload proc pDriverObject:PDRIVER_OBJECT
local @lDelay:LARGE_INTEGER
or dwStau,STATUS_DELETE_PENDING
mov ecx,sizeof LARGE_INTEGER
push edi
xor eax,eax
rep stosb
pop edi
invoke RtlConvertLongToLargeInteger, 6000000 * -10
lea ecx,@lDelay.QuadPart
mov DWORD ptr [ecx],eax
mov DWORD ptr [ecx+4],edx

invoke IoDetachDevice,dwTargetDeviceObject
invoke KeDelayExecutionThread,KernelMode, FALSE, addr @lDelay
invoke _a1,addr szSymbolicLinkName,addr stUnicodeRing
invoke IoDeleteSymbolicLink, addr stUnicodeRing
invoke DbgPrint, $CTA0("删除驱动成功.\n")
mov ecx,pDriverObject
mov ecx,(DRIVER_OBJECT ptr [ecx]).DeviceObject
invoke IoDeleteDevice,ecx
mov eax,0
ret
DriverUnload endp

_CompletionRoutine proc _pDeviceObject:PDEVICE_OBJECT, _pIrp:PIRP,_dwContext

assume eax:ptr _IRP
mov eax,_pIrp
movzx eax ,[eax].PendingReturned
.if eax
;IoMarkIrpPending _pIrp
.endif
invoke  KeSetEvent,_dwContext,IO_NO_INCREMENT, FALSE
mov eax,_pIrp

mov ecx,[eax].IoStatus.Status

invoke DbgPrint, $CTA0("IoStatus.Status %x\n"),ecx

assume eax:nothing

mov eax,STATUS_MORE_PROCESSING_REQUIRED

ret
_CompletionRoutine endp

_CreatComplete proc pDeviceObject:PDEVICE_OBJECT,pIrp:PIRP,dwContext
local @dwEa
local @pNextIrp
push esi
mov esi,dwContext

assume esi:ptr stContextx
mov eax,[esi].pEventx

pop esi
assume esi:nothing

invoke  KeSetEvent,eax,IO_NO_INCREMENT, FALSE

mov eax,pIrp
assume eax:ptr _IRP
movzx ecx ,[eax].PendingReturned
.if ecx
IoMarkIrpPending pIrp
.endif

mov eax,pIrp

assume eax:ptr _IRP
mov ecx,[eax].IoStatus.Status
.if !ecx
mov eax,dwContext
assume eax:ptr stContextx
mov ecx,[eax].dwIrp
assume eax:nothing
invoke IoCallDriver,dwTargetDeviceObject,ecx
invoke DbgPrint, $CTA0("999999999999999999 %x\n"),eax;返回C0000010这个错误是啥意思

.endif
mov eax,STATUS_MORE_PROCESSING_REQUIRED
assume eax:nothing
ret
_CreatComplete endp

_IrpMxaimumFunction proc pDeviceObject:PDEVICE_OBJECT, pIrp:PIRP
IoGetCurrentIrpStackLocation pIrp
IoSkipCurrentIrpStackLocation pIrp
invoke IoCallDriver,dwTargetDeviceObject,pIrp
ret
_IrpMxaimumFunction endp

szTa db 'TransportAddress',0
szCc db 'ConnectionContext',0

_CreateDispatch proc pDeviceObject:PDEVICE_OBJECT, pIrp:PIRP
local @stFileEa
local @stEvent:KEVENT
local @pFileObject
local @pDeviceObject
local @stBlock:IO_STATUS_BLOCK
local @pNextIrp
local @stCompletion:stContextx
local @n1

mov ecx,pIrp
assume ecx:ptr _IRP
mov eax,[ecx].AssociatedIrp.SystemBuffer
.if eax
mov @stFileEa,eax
assume eax:ptr FILE_FULL_EA_INFORMATION
.if [eax].EaNameLength==sizeof szTa-1
push esi
push edi
lea esi,[eax].EaName
lea edi,szTa
movzx ecx,[eax].EaNameLength
repz cmpsb
jne @sK1
invoke DbgPrint, $CTA0("EaName %s\n"),addr [eax].EaName
invoke KeInitializeEvent,addr @stEvent,NotificationEvent,FALSE
pop edi
pop esi

assume ecx:nothing
invoke _a1,addr szTcpDeviceName,addr stUnicodeRing
invoke IoGetDeviceObjectPointer,addr stUnicodeRing,FILE_ALL_ACCESS,addr @pFileObject,addr @pDeviceObject
invoke KeInitializeEvent,addr stKevent,NotificationEvent,FALSE

invoke IoBuildDeviceIoControlRequest,IOCTL_TDI_QUERY_INFORMATION,@pDeviceObject,0,0,addr lpOutputBuffer,sizeof lpOutputBuffer,TRUE,addr stKevent,addr @stBlock
mov @pNextIrp,eax
assume ecx:ptr stContextx
lea eax,stKevent
lea ecx,@stCompletion

mov [ecx].pEventx,eax
mov eax,@pNextIrp
mov [ecx].dwIrp,eax
mov [ecx].dwCompletionAddr,offset _CompletionRoutine

IoGetNextIrpStackLocation @pNextIrp
assume eax:ptr IO_STACK_LOCATION
mov ecx,@pFileObject
mov [eax].FileObject,ecx
mov [eax].MinorFunction,0ch
IoCopyCurrentIrpStackLocationToNext pIrp

IoSetCompletionRoutine pIrp,addr _CreatComplete,addr @stCompletion,TRUE,TRUE,TRUE
invoke IoCallDriver,dwTargetDeviceObject,pIrp
push eax
invoke ObDereferenceObject,@pFileObject
pop eax
ret
.endif

.endif
jmp @f
@sK1:
pop edi
pop esi

@@:
IoSkipCurrentIrpStackLocation pIrp
invoke IoCallDriver,dwTargetDeviceObject,pIrp
xor eax,eax
assume eax:nothing,ecx:nothing
ret
_CreateDispatch endp

_DriverEntry proc pDriverObject:PDRIVER_OBJECT,pusRegistryPath:PUNICODE_STRING

invoke _a1,addr szDeviceName,addr stUnicodeRing
invoke DbgPrint, $CTA0("MajorFunction地址 %wZ\n"),addr stUnicodeRing

invoke IoCreateDevice, pDriverObject,0, addr stUnicodeRing, FILE_DEVICE_UNKNOWN, 0, TRUE, addr dwDeviceObject
.if eax
invoke DbgPrint, $CTA0("建立设备失败.\n")
mov eax,STATUS_DEVICE_CONFIGURATION_ERROR
ret
.endif
invoke _a1,addr szSymbolicLinkName,addr stUnicodeRing1
invoke IoCreateSymbolicLink,addr stUnicodeRing1,addr stUnicodeRing
.if eax
push eax
invoke DbgPrint, $CTA0("建立符号名失败.\n")
invoke IoDeleteDevice,dwDeviceObject
pop eax
ret
.endif

mov eax,dwDeviceObject
or (DEVICE_OBJECT ptr [eax]).Flags,DO_BUFFERED_IO
mov ecx,DO_DEVICE_INITIALIZING

not ecx
and (DEVICE_OBJECT ptr [eax]).Flags, ecx
mov edx,pDriverObject
mov ecx,IRP_MJ_MAXIMUM_FUNCTION+1
mov eax,offset _IrpMxaimumFunction
push edi
lea edi,(DRIVER_OBJECT ptr [edx]).MajorFunction
cld
rep STOSd
pop edi
mov eax,pDriverObject
mov (DRIVER_OBJECT ptr [eax]).DriverUnload,offset DriverUnload
mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_CREATE*(sizeof PVOID)],offset _CreateDispatch

invoke _a1,addr szTcpDeviceName,addr stUnicodeRing1
invoke IoAttachDevice,dwDeviceObject,addr stUnicodeRing1,addr dwTargetDeviceObject
.if eax
invoke IoDeleteDevice,dwDeviceObject
invoke _a1,addr szSymbolicLinkName,addr stUnicodeRing
invoke IoDeleteSymbolicLink, addr stUnicodeRing
.endif

mov eax,dwTargetDeviceObject
mov ecx, (DEVICE_OBJECT ptr [eax]).Characteristics
mov edx,(DEVICE_OBJECT ptr [eax]).DeviceType
mov eax,dwDeviceObject

mov (DEVICE_OBJECT ptr [eax]).Characteristics,ecx
mov (DEVICE_OBJECT ptr [eax]).DeviceType,edx
mov eax,0
ret
_DriverEntry endp

end _DriverEntry
/SUBSYSTEM:WINDOWS /nologo\masm32\bin\link /nologo /driver /base:0x10000 /align:32 /out:%drv%.sys /subsystem:native

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

收藏・1

免费・0

支持

最新回复 (2)
syser 雪币： 3586 活跃值： (4729) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 231 粉丝 8 关注私信	syser 2 楼 // // MessageId: STATUS_INVALID_DEVICE_REQUEST // // MessageText: // // The specified request is not a valid operation for the target device. // #define STATUS_INVALID_DEVICE_REQUEST ((NTSTATUS)0xC0000010L) 2016-4-28 16:28 0
yemailu 雪币： 290 活跃值： (76) 能力值： ( LV2，RANK：10 ) 在线值：发帖 14 回帖 40 粉丝 0 关注私信	yemailu 3 楼能反译一下吗 2016-4-28 17:11 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

yemailu

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
syser 雪币： 3586 活跃值： (4729) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 231 粉丝 8 关注私信	syser 2 楼 // // MessageId: STATUS_INVALID_DEVICE_REQUEST // // MessageText: // // The specified request is not a valid operation for the target device. // #define STATUS_INVALID_DEVICE_REQUEST ((NTSTATUS)0xC0000010L) 2016-4-28 16:28 0
yemailu 雪币： 290 活跃值： (76) 能力值： ( LV2，RANK：10 ) 在线值：发帖 14 回帖 40 粉丝 0 关注私信	yemailu 3 楼能反译一下吗 2016-4-28 17:11 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复