-
-
[求助]获取不了驱动对象,有代码
-
发表于:
2009-5-12 15:07
4850
-
GetDriverObject proc
local oa:OBJECT_ATTRIBUTES
local iosb:IO_STATUS_BLOCK
local hFile:HANDLE
local lpObj:HANDLE
pushad
InitializeObjectAttributes addr oa,$CCOUNTED_UNICODE_STRING ("\\??\\xxx.sys"),OBJ_CASE_INSENSITIVE + OBJ_KERNEL_HANDLE,NULL,NULL
invoke ZwCreateFile,addr hFile,0001f01ffh,addr oa,addr iosb,0,000000080h,000000007h,000000003h,000000020h,0,0
invoke ObReferenceObjectByHandle,hFile,0,0,KernelMode,addr lpObj,0
invoke ZwClose,hFile
popad
mov eax,lpObj
ret
GetDriverObject endp
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!