-
-
[求助]获取不了驱动对象,有代码
-
发表于:
2009-5-12 15:07
4842
-
GetDriverObject proc
local oa:OBJECT_ATTRIBUTES
local iosb:IO_STATUS_BLOCK
local hFile:HANDLE
local lpObj:HANDLE
pushad
InitializeObjectAttributes addr oa,$CCOUNTED_UNICODE_STRING ("\\??\\xxx.sys"),OBJ_CASE_INSENSITIVE + OBJ_KERNEL_HANDLE,NULL,NULL
invoke ZwCreateFile,addr hFile,0001f01ffh,addr oa,addr iosb,0,000000080h,000000007h,000000003h,000000020h,0,0
invoke ObReferenceObjectByHandle,hFile,0,0,KernelMode,addr lpObj,0
invoke ZwClose,hFile
popad
mov eax,lpObj
ret
GetDriverObject endp
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课