-
-
[求助]为什么SYSCALL_INDEX宏取不到ZwReadVirtualMemory的index值?
-
发表于:
2009-3-31 10:43
6720
-
[求助]为什么SYSCALL_INDEX宏取不到ZwReadVirtualMemory的index值?
我用SYSCALL_INDEX宏 能够 取到ZwOpenProcess的index
#define SYSCALL_INDEX(_Function) *(PULONG)((PUCHAR)_Function+1)
NTSYSAPI NTSTATUS NTAPI ZwOpenProcess (
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PCLIENT_ID ClientId OPTIONAL);
g_nOpenIndex = SYSCALL_INDEX(ZwOpenProcess);
DbgPrint("g_nOpenIndex=%X", g_nOpenIndex);
这段代码能返回 g_nOpenIndex=7A
同样的代码,我定义
NTSYSAPI NTSTATUS NTAPI ZwReadVirtualMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
OUT PVOID Buffer,
IN ULONG BufferLength,
OUT PULONG ReturnLength OPTIONAL);
g_nReadIndex = SYSCALL_INDEX(ZwReadVirtualMemory);
DbgPrint("g_nReadIndex=%X", g_nReadIndex);
代码能够正常编译,产生sys文件。
但是我在加载sys文件的时候会出错,本人新接触驱动,不知如何调试sys.
各位大大指导一下,是什么地方出现的问题? sys文件要怎么才能调试?
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法