zoukankan html css js c++ java

读取SSDT当前函数地址

#include "ntddk.h"
VOID DriverUnload(PDRIVER_OBJECT driver)
{   
    DbgPrint("卸载成功\n\r");
}
typedef struct _ServiceDescriptorTable {
    PVOID ServiceTableBase;
    PVOID ServiceCounterTable;
    unsigned int NumberOfServices;
    PVOID ParamTableBase; 
}*PServiceDescriptorTable; 
extern PServiceDescriptorTable KeServiceDescriptorTable;

NTSTATUS DriverEntry(PDRIVER_OBJECT driver,PUNICODE_STRING str)
{

LONG *SSDT_Adr,STB_addr,SSDT_NtOpenProcess_dangqian_Addr;

    __asm
    {
        int 3
    }
DbgPrint("加载成功\n");
STB_addr=(LONG)KeServiceDescriptorTable->ServiceTableBase;
DbgPrint("当前服务表基址ServiceTableBase地址为%x \n",STB_addr);
SSDT_Adr=(PLONG)(STB_addr+0x7A*4);
DbgPrint("当前STB_addr+0x7A*4=%x \n",SSDT_Adr);
SSDT_NtOpenProcess_dangqian_Addr=*SSDT_Adr;
DbgPrint("当前SSDT_NtOpenProcess_Cur_Addr地址为%x\n",SSDT_NtOpenProcess_dangqian_Addr);
driver->DriverUnload=DriverUnload;
return STATUS_SUCCESS;
}

查看全文

相关阅读:
badblocks 检查硬盘是否有坏道
 IE兼容性开发的笔记
 Linux下设置ip和主机名进行绑定
 netty httpserver
netty websocket协议开发
 OAuth2.0和SSO授权的区别
 window.location.href跳转问题2
修改密码，验证两次输入是否相同，相同才能提交
 (2)集合遍历set集合
 （1）集合 ---遍历map集合

原文地址：https://www.cnblogs.com/blogg/p/3157921.html