-
-
[讨论]内核中加载驱动
-
发表于:
2009-6-24 08:35
5708
-
有一驱动程序b.sys,在ring3下编写用户态程序调用ZwSetSystemInformation加载能成功,现想在a.sys中加载b.sys,但就是不成功,实在找不到原因,请大牛们帮忙看下,功能实现部分代码如下:
int iBuffLen,ret;
char szDrvFullPath[256];
char szTmp[256]="C:\\nop.sys";
ANSI_STRING TmpBuff;
SYSTEM_LOAD_AND_CALL_IMAGE GregsImage;
iBuffLen = sprintf(szDrvFullPath, "\\??\\%s", szTmp);
szDrvFullPath[iBuffLen]=0;
TmpBuff.Buffer = (PVOID)szDrvFullPath;
TmpBuff.Length = (USHORT)iBuffLen;
TmpBuff.MaximumLength = 256;
RtlAnsiStringToUnicodeString(&(GregsImage.ModuleName),&TmpBuff,1);
ret = ZwSetSystemInformation( 0x26, &GregsImage, 8 );
if( ret == 0 )
DbgPrint("Driver: %s loaded. \n", szDrvFullPath);
else
DbgPrint("Driver: %s not loaded. %x\n", szDrvFullPath,ret);
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
