FLT_PREOP_CALLBACK_STATUS PfltPreOperationCallbackCreate(PFLT_CALLBACK_DATA Data, PCFLT_RELATED_OBJECTS FltObjects, PVOID *CompletionContext) { PFILE_ID_BOTH_DIR_INFORMATION pSafeBuffer = Data->Iopb->Parameters.DirectoryControl.QueryDirectory.DirectoryBuffer; PWCHAR szFileName = (PWCHAR)ExAllocatePool(NonPagedPool, pSafeBuffer->FileNameLength); DbgBreakPoint(); RtlCopyMemory(szFileName, pSafeBuffer->FileName, pSafeBuffer->FileNameLength); if (wcsstr(szFileName,L"AAAA.pak")) { ExFreePool(szFileName); return STATUS_ACCESS_DENIED; } ExFreePool(szFileName); return FLT_PREOP_SUCCESS_NO_CALLBACK; }
[培训]《安卓高级研修班(网课)》月薪三万计划,掌 握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
syser +1 楼主这个ExAllocatePool 多申请个sizeof(WCHAR) 你这是准备加入吃鸡豪华套餐吧 @腾讯 你要关注下了