-
-
[求助]为什么在SSDT里面添加新的服务函数后,总是会重启呢?
-
发表于:
2007-12-10 20:55
4776
-
[求助]为什么在SSDT里面添加新的服务函数后,总是会重启呢?
// 下面在自己本机测试都是硬编码
ULONG dwKeServiceDescriptorTable = 0x8055a680;
KeServiceDescriptorTable = (PSERVICE_DEscriptOR_TABLE)dwKeServiceDescriptorTable;
dwKeServiceDescriptorTable = 0x8055a640;
KeServiceDescriptorTableShadow = (PSERVICE_DEscriptOR_TABLE)dwKeServiceDescriptorTable;
OldServiceAddressNtOpenProcess = *(ULONG*)((ULONG)KeServiceDescriptorTable->ServiceTableBase + 0x7A * 4);
JmpNtOpenProcess = OldServiceAddressNtOpenProcess + 10;
__asm
{
cli
mov eax,cr0
and eax,not 10000h
mov cr0,eax
}
KeServiceDescriptorTable->ServiceTableBase[KeServiceDescriptorTable->NumberOfService] = (ULONG)MyNtOpenProcess;
KeServiceDescriptorTable->NumberOfService++;
KeServiceDescriptorTableShadow->NumberOfService++;
__asm
{
mov eax,cr0
or eax,10000h
mov cr0,eax
sti
}
我自己用softice 检查在SSDT里面添加的函数都成功了,但是添加完后会重启
[课程]Linux pwn 探索篇!
