您的位置:首页 > 其它

使用ZwLoadDriver加载驱动

2009-09-14 15:32 471 查看
#
include <windows.h>



#
include <stdio.h>





typedef struct _LSA_UNICODE_STRING {



USHORT Length;



USHORT MaximumLength;



PVOID Buffer;



} LSA_UNICODE_STRING
,

*
PLSA_UNICODE_STRING;





typedef LSA_UNICODE_STRING UNICODE_STRING
,

*
PUNICODE_STRING;





//
申明ntdll中使用的函数



typedef DWORD (
CALLBACK
*
RTLANSISTRINGTOUNICODESTRING)(PVOID
,
PVOID
,
DWORD);



RTLANSISTRINGTOUNICODESTRING RtlAnsiStringToUnicodeString;



typedef DWORD (
CALLBACK
*
RTLFREEUNICODESTRING)(PVOID);



RTLFREEUNICODESTRING RtlFreeUnicodeString;



typedef DWORD (
CALLBACK
*
ZWLOADDRIVER)(PVOID);



ZWLOADDRIVER ZwLoadDriver;





int LoadDriver(char
*
szDrvName
,
char
*
szDrvPath)



{



//
修改注册表启动驱动程序



char szSubKey[
200
]
,
szDrvFullPath[
256
];



LSA_UNICODE_STRING buf1;



LSA_UNICODE_STRING buf2;



int iBuffLen;



HKEY hkResult;



char Data[
4
];



DWORD dwOK;



iBuffLen
=

sprintf
(szSubKey
,
"
System//CurrentControlSet//Services//%s
"
,
szDrvName);



szSubKey[iBuffLen]
=
0
;



dwOK
=
RegCreateKey(HKEY_LOCAL_MACHINE
,
szSubKey
,&
hkResult);



if
(dwOK
!=
ERROR_SUCCESS)



return

false
;



Data[
0
]
=
1
;



Data[
1
]
=
0
;



Data[
2
]
=
0
;



Data[
3
]
=
0
;



dwOK
=
RegSetValueEx(hkResult
,
"
Type
"
,
0
,
4
,
(
const
unsigned char
*
)Data
,
4
);



dwOK
=
RegSetValueEx(hkResult
,
"
ErrorControl
"
,
0
,
4
,
(
const
unsigned char
*
)Data
,
4
);



dwOK
=
RegSetValueEx(hkResult
,
"
Start
"
,
0
,
4
,
(
const
unsigned char
*
)Data
,
4
);



GetFullPathName(szDrvPath
,

256
,
szDrvFullPath
,

NULL
);



printf
(
"
Loading driver: %s/r/n
"
,
szDrvFullPath);



iBuffLen
=

sprintf
(szSubKey
,
"
//??//%s
"
,
szDrvFullPath);



szSubKey[iBuffLen]
=
0
;



dwOK
=
RegSetValueEx(hkResult
,
"
ImagePath
"
,
0
,
1
,
(
const
unsigned char
*
)szSubKey
,
iBuffLen);



RegCloseKey(hkResult);



iBuffLen
=

sprintf
(szSubKey
,
"
//Registry//Machine//System//CurrentControlSet//Services//%s
"
,
szDrvName);



szSubKey[iBuffLen]
=
0
;



buf2
.
Buffer
=
(PVOID)szSubKey;



buf2
.
Length
=
iBuffLen;



RtlAnsiStringToUnicodeString(
&
buf1
,&
buf2
,
1
);



//
加载驱动程序



dwOK
=
ZwLoadDriver(
&
buf1);



RtlFreeUnicodeString(
&
buf1);



iBuffLen
=
sprintf
(szSubKey
,
"
%s%s//Enum
"
,
"
System//CurrentControlSet//Services//
"
,
szDrvName);



szSubKey[iBuffLen]
=
0
;



//
删除注册表项



RegDeleteKey(HKEY_LOCAL_MACHINE
,
szSubKey);



iBuffLen
=
sprintf
(szSubKey
,
"
%s%s//Security
"
,
"
System//CurrentControlSet//Services//
"
,
szDrvName);



szSubKey[iBuffLen]
=
0
;



RegDeleteKey(HKEY_LOCAL_MACHINE
,
szSubKey);



iBuffLen
=
sprintf
(szSubKey
,
"
%s%s
"
,
"
System//CurrentControlSet//Services//
"
,
szDrvName);



szSubKey[iBuffLen]
=
0
;



RegDeleteKey(HKEY_LOCAL_MACHINE
,
szSubKey);



iBuffLen
=
sprintf
(szSubKey
,
"
////.//%s
"
,
szDrvName);



szSubKey[iBuffLen]
=
0
;



return

true
;



}





int main(int argc
,
char
*
argv[])



{



printf
(
"
Load driver with ZwLoadDriver( )/r/n
"
);



printf
(
"
Date: 8th May 2007/r/n
"
);



printf
(
"
Modifed by: GaRY <wofeiwo_at_gmail_dot_com>/r/n/r/n
"
);



if
(argc
!=

3
)



{



printf
(
"
Usage: %s <DriverFilename> <DriverPath>/r/n
"
,
argv[
0
]);



exit
(
-
1
);



}



HMODULE hNtdll
=

NULL
;



hNtdll
=
LoadLibrary(
"
ntdll.dll
"
);





//
从ntdll.dll里获取函数



if
(
!
hNtdll )



{



printf
(
"
LoadLibrary( NTDLL.DLL ) Error:%d/n
"
,
GetLastError() );



return

false
;



}





RtlAnsiStringToUnicodeString
=
(RTLANSISTRINGTOUNICODESTRING)



GetProcAddress( hNtdll
,

"
RtlAnsiStringToUnicodeString
"
);



RtlFreeUnicodeString
=
(RTLFREEUNICODESTRING)



GetProcAddress( hNtdll
,

"
RtlFreeUnicodeString
"
);



ZwLoadDriver
=
(ZWLOADDRIVER)



GetProcAddress( hNtdll
,

"
ZwLoadDriver
"
);





//
注册驱动程序



if
(LoadDriver(argv[
1
]
,
argv[
2
])
==

false
)
return

false
;



return

true
;



}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航