使用ZwLoadDriver加载驱动
2009-09-14 15:32
471 查看
#
include <windows.h>
#
include <stdio.h>
typedef struct _LSA_UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PVOID Buffer;
} LSA_UNICODE_STRING
,
*
PLSA_UNICODE_STRING;
typedef LSA_UNICODE_STRING UNICODE_STRING
,
*
PUNICODE_STRING;
//
申明ntdll中使用的函数
typedef DWORD (
CALLBACK
*
RTLANSISTRINGTOUNICODESTRING)(PVOID
,
PVOID
,
DWORD);
RTLANSISTRINGTOUNICODESTRING RtlAnsiStringToUnicodeString;
typedef DWORD (
CALLBACK
*
RTLFREEUNICODESTRING)(PVOID);
RTLFREEUNICODESTRING RtlFreeUnicodeString;
typedef DWORD (
CALLBACK
*
ZWLOADDRIVER)(PVOID);
ZWLOADDRIVER ZwLoadDriver;
int LoadDriver(char
*
szDrvName
,
char
*
szDrvPath)
{
//
修改注册表启动驱动程序
char szSubKey[
200
]
,
szDrvFullPath[
256
];
LSA_UNICODE_STRING buf1;
LSA_UNICODE_STRING buf2;
int iBuffLen;
HKEY hkResult;
char Data[
4
];
DWORD dwOK;
iBuffLen
=
sprintf
(szSubKey
,
"
System//CurrentControlSet//Services//%s
"
,
szDrvName);
szSubKey[iBuffLen]
=
0
;
dwOK
=
RegCreateKey(HKEY_LOCAL_MACHINE
,
szSubKey
,&
hkResult);
if
(dwOK
!=
ERROR_SUCCESS)
return
false
;
Data[
0
]
=
1
;
Data[
1
]
=
0
;
Data[
2
]
=
0
;
Data[
3
]
=
0
;
dwOK
=
RegSetValueEx(hkResult
,
"
Type
"
,
0
,
4
,
(
const
unsigned char
*
)Data
,
4
);
dwOK
=
RegSetValueEx(hkResult
,
"
ErrorControl
"
,
0
,
4
,
(
const
unsigned char
*
)Data
,
4
);
dwOK
=
RegSetValueEx(hkResult
,
"
Start
"
,
0
,
4
,
(
const
unsigned char
*
)Data
,
4
);
GetFullPathName(szDrvPath
,
256
,
szDrvFullPath
,
NULL
);
printf
(
"
Loading driver: %s/r/n
"
,
szDrvFullPath);
iBuffLen
=
sprintf
(szSubKey
,
"
//??//%s
"
,
szDrvFullPath);
szSubKey[iBuffLen]
=
0
;
dwOK
=
RegSetValueEx(hkResult
,
"
ImagePath
"
,
0
,
1
,
(
const
unsigned char
*
)szSubKey
,
iBuffLen);
RegCloseKey(hkResult);
iBuffLen
=
sprintf
(szSubKey
,
"
//Registry//Machine//System//CurrentControlSet//Services//%s
"
,
szDrvName);
szSubKey[iBuffLen]
=
0
;
buf2
.
Buffer
=
(PVOID)szSubKey;
buf2
.
Length
=
iBuffLen;
RtlAnsiStringToUnicodeString(
&
buf1
,&
buf2
,
1
);
//
加载驱动程序
dwOK
=
ZwLoadDriver(
&
buf1);
RtlFreeUnicodeString(
&
buf1);
iBuffLen
=
sprintf
(szSubKey
,
"
%s%s//Enum
"
,
"
System//CurrentControlSet//Services//
"
,
szDrvName);
szSubKey[iBuffLen]
=
0
;
//
删除注册表项
RegDeleteKey(HKEY_LOCAL_MACHINE
,
szSubKey);
iBuffLen
=
sprintf
(szSubKey
,
"
%s%s//Security
"
,
"
System//CurrentControlSet//Services//
"
,
szDrvName);
szSubKey[iBuffLen]
=
0
;
RegDeleteKey(HKEY_LOCAL_MACHINE
,
szSubKey);
iBuffLen
=
sprintf
(szSubKey
,
"
%s%s
"
,
"
System//CurrentControlSet//Services//
"
,
szDrvName);
szSubKey[iBuffLen]
=
0
;
RegDeleteKey(HKEY_LOCAL_MACHINE
,
szSubKey);
iBuffLen
=
sprintf
(szSubKey
,
"
////.//%s
"
,
szDrvName);
szSubKey[iBuffLen]
=
0
;
return
true
;
}
int main(int argc
,
char
*
argv[])
{
printf
(
"
Load driver with ZwLoadDriver( )/r/n
"
);
printf
(
"
Date: 8th May 2007/r/n
"
);
printf
(
"
Modifed by: GaRY <wofeiwo_at_gmail_dot_com>/r/n/r/n
"
);
if
(argc
!=
3
)
{
printf
(
"
Usage: %s <DriverFilename> <DriverPath>/r/n
"
,
argv[
0
]);
exit
(
-
1
);
}
HMODULE hNtdll
=
NULL
;
hNtdll
=
LoadLibrary(
"
ntdll.dll
"
);
//
从ntdll.dll里获取函数
if
(
!
hNtdll )
{
printf
(
"
LoadLibrary( NTDLL.DLL ) Error:%d/n
"
,
GetLastError() );
return
false
;
}
RtlAnsiStringToUnicodeString
=
(RTLANSISTRINGTOUNICODESTRING)
GetProcAddress( hNtdll
,
"
RtlAnsiStringToUnicodeString
"
);
RtlFreeUnicodeString
=
(RTLFREEUNICODESTRING)
GetProcAddress( hNtdll
,
"
RtlFreeUnicodeString
"
);
ZwLoadDriver
=
(ZWLOADDRIVER)
GetProcAddress( hNtdll
,
"
ZwLoadDriver
"
);
//
注册驱动程序
if
(LoadDriver(argv[
1
]
,
argv[
2
])
==
false
)
return
false
;
return
true
;
}
include <windows.h>
#
include <stdio.h>
typedef struct _LSA_UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PVOID Buffer;
} LSA_UNICODE_STRING
,
*
PLSA_UNICODE_STRING;
typedef LSA_UNICODE_STRING UNICODE_STRING
,
*
PUNICODE_STRING;
//
申明ntdll中使用的函数
typedef DWORD (
CALLBACK
*
RTLANSISTRINGTOUNICODESTRING)(PVOID
,
PVOID
,
DWORD);
RTLANSISTRINGTOUNICODESTRING RtlAnsiStringToUnicodeString;
typedef DWORD (
CALLBACK
*
RTLFREEUNICODESTRING)(PVOID);
RTLFREEUNICODESTRING RtlFreeUnicodeString;
typedef DWORD (
CALLBACK
*
ZWLOADDRIVER)(PVOID);
ZWLOADDRIVER ZwLoadDriver;
int LoadDriver(char
*
szDrvName
,
char
*
szDrvPath)
{
//
修改注册表启动驱动程序
char szSubKey[
200
]
,
szDrvFullPath[
256
];
LSA_UNICODE_STRING buf1;
LSA_UNICODE_STRING buf2;
int iBuffLen;
HKEY hkResult;
char Data[
4
];
DWORD dwOK;
iBuffLen
=
sprintf
(szSubKey
,
"
System//CurrentControlSet//Services//%s
"
,
szDrvName);
szSubKey[iBuffLen]
=
0
;
dwOK
=
RegCreateKey(HKEY_LOCAL_MACHINE
,
szSubKey
,&
hkResult);
if
(dwOK
!=
ERROR_SUCCESS)
return
false
;
Data[
0
]
=
1
;
Data[
1
]
=
0
;
Data[
2
]
=
0
;
Data[
3
]
=
0
;
dwOK
=
RegSetValueEx(hkResult
,
"
Type
"
,
0
,
4
,
(
const
unsigned char
*
)Data
,
4
);
dwOK
=
RegSetValueEx(hkResult
,
"
ErrorControl
"
,
0
,
4
,
(
const
unsigned char
*
)Data
,
4
);
dwOK
=
RegSetValueEx(hkResult
,
"
Start
"
,
0
,
4
,
(
const
unsigned char
*
)Data
,
4
);
GetFullPathName(szDrvPath
,
256
,
szDrvFullPath
,
NULL
);
printf
(
"
Loading driver: %s/r/n
"
,
szDrvFullPath);
iBuffLen
=
sprintf
(szSubKey
,
"
//??//%s
"
,
szDrvFullPath);
szSubKey[iBuffLen]
=
0
;
dwOK
=
RegSetValueEx(hkResult
,
"
ImagePath
"
,
0
,
1
,
(
const
unsigned char
*
)szSubKey
,
iBuffLen);
RegCloseKey(hkResult);
iBuffLen
=
sprintf
(szSubKey
,
"
//Registry//Machine//System//CurrentControlSet//Services//%s
"
,
szDrvName);
szSubKey[iBuffLen]
=
0
;
buf2
.
Buffer
=
(PVOID)szSubKey;
buf2
.
Length
=
iBuffLen;
RtlAnsiStringToUnicodeString(
&
buf1
,&
buf2
,
1
);
//
加载驱动程序
dwOK
=
ZwLoadDriver(
&
buf1);
RtlFreeUnicodeString(
&
buf1);
iBuffLen
=
sprintf
(szSubKey
,
"
%s%s//Enum
"
,
"
System//CurrentControlSet//Services//
"
,
szDrvName);
szSubKey[iBuffLen]
=
0
;
//
删除注册表项
RegDeleteKey(HKEY_LOCAL_MACHINE
,
szSubKey);
iBuffLen
=
sprintf
(szSubKey
,
"
%s%s//Security
"
,
"
System//CurrentControlSet//Services//
"
,
szDrvName);
szSubKey[iBuffLen]
=
0
;
RegDeleteKey(HKEY_LOCAL_MACHINE
,
szSubKey);
iBuffLen
=
sprintf
(szSubKey
,
"
%s%s
"
,
"
System//CurrentControlSet//Services//
"
,
szDrvName);
szSubKey[iBuffLen]
=
0
;
RegDeleteKey(HKEY_LOCAL_MACHINE
,
szSubKey);
iBuffLen
=
sprintf
(szSubKey
,
"
////.//%s
"
,
szDrvName);
szSubKey[iBuffLen]
=
0
;
return
true
;
}
int main(int argc
,
char
*
argv[])
{
printf
(
"
Load driver with ZwLoadDriver( )/r/n
"
);
printf
(
"
Date: 8th May 2007/r/n
"
);
printf
(
"
Modifed by: GaRY <wofeiwo_at_gmail_dot_com>/r/n/r/n
"
);
if
(argc
!=
3
)
{
printf
(
"
Usage: %s <DriverFilename> <DriverPath>/r/n
"
,
argv[
0
]);
exit
(
-
1
);
}
HMODULE hNtdll
=
NULL
;
hNtdll
=
LoadLibrary(
"
ntdll.dll
"
);
//
从ntdll.dll里获取函数
if
(
!
hNtdll )
{
printf
(
"
LoadLibrary( NTDLL.DLL ) Error:%d/n
"
,
GetLastError() );
return
false
;
}
RtlAnsiStringToUnicodeString
=
(RTLANSISTRINGTOUNICODESTRING)
GetProcAddress( hNtdll
,
"
RtlAnsiStringToUnicodeString
"
);
RtlFreeUnicodeString
=
(RTLFREEUNICODESTRING)
GetProcAddress( hNtdll
,
"
RtlFreeUnicodeString
"
);
ZwLoadDriver
=
(ZWLOADDRIVER)
GetProcAddress( hNtdll
,
"
ZwLoadDriver
"
);
//
注册驱动程序
if
(LoadDriver(argv[
1
]
,
argv[
2
])
==
false
)
return
false
;
return
true
;
}
相关文章推荐
- 使用ZwLoadDriver加载驱动
- ZwLoadDriver加载驱动
- 对"ZwLoadDriver加载驱动" 的补充
- 通过ZwSetSystemInformation和ZwLoadDriver加载驱动
- ZwLoadDriver加载驱动
- 通过ZwSetSystemInformation和ZwLoadDriver加载驱动(转)
- webdriver定位页面元素时使用set_page_load_time()和JavaScript停止页面加载
- ExtJS的FormPanel中的组件使用load加载远程的JSON数据的方法
- dropload插件的使用(上拉下滑加载数据)
- Spring 加载数据库连接驱动的时候出现找不到驱动类解决办法。 com.mchange.v2.c3p0.DriverManagerDataSource ensureDriverLoaded
- Qt学习之路【5】:静态Qt库下SQLite数据库无法加载驱动(QSQLITE driver not loaded)
- 驱动中使用加载回调来监控进程加载 或者DLL加载 驱动加载
- 使用Driver_NULL驱动模拟SteamVR外围设备
- 使用jquery的load方法设计动态加载,并解决浏览器前进、后退、刷新等问题
- 为什么要使用反射加载数据库驱动
- Silverlight DataGrid使用WCF RIA Service实现Load-on-demand的数据加载
- Linux下使用modprobe加载驱动
- 缓冲加载图片的 jQuery 插件 lazyload.js 使用方法详解
- VUE图片懒加载-vue lazyload插件的简单使用
- 使用TraceView观察Windows PCIE驱动设备加载和卸载过程