#include "ntddk.h" VOID DriverUnload(PDRIVER_OBJECT driver) { DbgPrint("卸载成功\n\r"); } typedef struct _ServiceDescriptorTable { PVOID ServiceTableBase; PVOID ServiceCounterTable; unsigned int NumberOfServices; PVOID ParamTableBase; }*PServiceDescriptorTable; extern PServiceDescriptorTable KeServiceDescriptorTable; NTSTATUS DriverEntry(PDRIVER_OBJECT driver,PUNICODE_STRING str) { LONG *SSDT_Adr,STB_addr,SSDT_NtOpenProcess_dangqian_Addr; __asm { int 3 } DbgPrint("加载成功\n"); STB_addr=(LONG)KeServiceDescriptorTable->ServiceTableBase; DbgPrint("当前服务表基址ServiceTableBase地址为%x \n",STB_addr); SSDT_Adr=(PLONG)(STB_addr+0x7A*4); DbgPrint("当前STB_addr+0x7A*4=%x \n",SSDT_Adr); SSDT_NtOpenProcess_dangqian_Addr=*SSDT_Adr; DbgPrint("当前SSDT_NtOpenProcess_Cur_Addr地址为%x\n",SSDT_NtOpenProcess_dangqian_Addr); driver->DriverUnload=DriverUnload; return STATUS_SUCCESS; }