-
-
[求助]驱动跟应用层事件通信
-
发表于:
2009-10-23 17:27
4376
-
EVENT* m_Event =(EVENT*)malloc(sizeof(EVENT));
m_Event->UserEvent= CreateEvent(NULL,
false,
false,
NULL);
m_Event->KernelEvent= CreateEvent(NULL,
false,
false,
NULL);
if( (m_Event->UserEvent ==INVALID_HANDLE_VALUE )||( m_Event->KernelEvent == INVALID_HANDLE_VALUE))
{
MessageBox(NULL,"Create Event","error",MB_OK);
}
SendIrp(IOCTL_EVENT1,(void*)m_Event,sizeof(EVENT),NULL,0,driverlink);
MessageBox(NULL,"Thread1","120",MB_OK);
应用层创建事件均成功
发送到驱动IRP,ObReferenceObjectByHandle一个事件成功 一个失败
EVENT* s =(EVENT*)ExAllocatePool(NonPagedPool,sizeof(EVENT));
memcpy((void*)s,pIoBuffer,sizeof(EVENT));
ObReferenceObjectByHandle(s->UserEvent,GENERIC_ALL,NULL,KernelMode,&UserWaitEvent,NULL);
status=ObReferenceObjectByHandle(s->KernelEvent,GENERIC_ALL,NULL,KernelMode,&KernelWaitEvent,NULL);
if( !NT_SUCCESS( status ))
KdPrint(("[GetFunctionAddress] Event error2\n"));
KdPrint(("[GetFunctionAddress] ntstatus = 0x%x\n", status));
ExFreePool(s);
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法