nginx平滑升级
2015-01-26 15:25
218 查看
// 取出IOCTL请求代码
irpStack = IoGetCurrentIrpStackLocation(pIrp);
switch (irpStack->MajorFunction)
{
case IRP_MJ_CREATE :
DbgPrint(\\"Call IRP_MJ_CREATE\\\\n\\");
break;
case IRP_MJ_CLOSE:
DbgPrint(\\"Call IRP_MJ_CLOSE\\\\n\\");
break;
case IRP_MJ_DEVICE_CONTROL:
DbgPrint(\\"IRP_MJ_DEVICE_CONTROL\\\\n\\";);
inputLength=irpStack->Parameters.DeviceIoControl.InputBufferLength;
outputLength=irpStack->Parameters.DeviceIoControl.OutputBufferLength;
switch (irpStack->Parameters.DeviceIoControl.IoControlCode)
{
case IOCTL_PASSBUF:
{
RtlCopyMemory(pIrp->UserBuffer, OutBuf, 20*16);
memset(OutBuf,0,128*16);
Count = 0;
break;
}
default:
break;
}
default:
DbgPrint(\\"Call IRP_MJ_UNKNOWN\\\\n\\");
break;
}
pIrp->IoStatus.Status = status;
pIrp->IoStatus.Information = 0;
IoCompleteRequest (pIrp, IO_NO_INCREMENT);
return status;
}
////////////////////////////////
// 1.asm
////////////////////////////////
.386
.model small
.data
_OrgRet dd 0
.code
public _func@0
extrn _cfunc@0:near
extrn _HookDestFunction@0:near
extrn _OrgDestFunction:DWORD
_func@0 proc
pushad
call _cfunc@0
popad
push eax
mov eax,[esp+4]
mov ds:_OrgRet,eax
pop eax
mov [esp],retaddr
jmp _OrgDestFunction
retaddr:
pushad
call _HookDestFunction@0
popad
jmp ds:_OrgRet
_func@0 endp
END
//////////////////////////////////////////
// app.cpp
//////////////////////////////////////////
#include <windows.h>
#include <stdio.h>
#define FILE_DEVICE_EVENT 0x8000
#define CTL_CODE( DeviceType, Function, Method, Access ) ( \\\\
((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \\\\
)
#define FILE_ANY_ACCESS 0
#define METHOD_BUFFERED 0
#define FILE_DEVICE_UNKNOWN 0x00000022
#define IOCTL_PASSBUF \\\\
CTL_CODE(FILE_DEVICE_EVENT, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS)
int main()
{
HANDLE hDevice;
bool status;
ULONG dwReturn;
char outbuf[129][16];
hDevice = NULL;
m_hCommEvent = NULL;
hDevice = CreateFile( \\"\\\\\\\\\\\\\\\\.\\\\\\\\MyEvent\\";,
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(hDevice == INVALID_HANDLE_VALUE)
{
printf(\\"createfile wrong\\\\n\\");
getchar();
return 0;
}
while(1)
{
memset(outbuf,0,129*16);
status =DeviceIoControl(hDevice,
IOCTL_PASSBUF,
NULL,
0,
&outbuf,
128*16,
&dwReturn,NULL);
if( !status)
{
printf(\\"IO wrong+%d\\\\n\\", GetLastError());
getchar();
return 0;
}
int c=0;
while( *((char*)(&outbuf)+c*16) )
{
//把csrss.exe和自身进程信息跳过,因为会产生有大量的信息。
if ( strcmp((char*)(&outbuf)+c*16,\\"app.exe\\") && \\\\
strcmp((char*)(&outbuf)+c*16,\\"csrss.exe\\") )
printf(\\"%s\\\\n\\",(char*)(&outbuf)+c*16);
c++;
}
Sleep(1);
}
}本文出自 “www.zxhuuw.51.com” 博客,谢绝转载!
irpStack = IoGetCurrentIrpStackLocation(pIrp);
switch (irpStack->MajorFunction)
{
case IRP_MJ_CREATE :
DbgPrint(\\"Call IRP_MJ_CREATE\\\\n\\");
break;
case IRP_MJ_CLOSE:
DbgPrint(\\"Call IRP_MJ_CLOSE\\\\n\\");
break;
case IRP_MJ_DEVICE_CONTROL:
DbgPrint(\\"IRP_MJ_DEVICE_CONTROL\\\\n\\";);
inputLength=irpStack->Parameters.DeviceIoControl.InputBufferLength;
outputLength=irpStack->Parameters.DeviceIoControl.OutputBufferLength;
switch (irpStack->Parameters.DeviceIoControl.IoControlCode)
{
case IOCTL_PASSBUF:
{
RtlCopyMemory(pIrp->UserBuffer, OutBuf, 20*16);
memset(OutBuf,0,128*16);
Count = 0;
break;
}
default:
break;
}
default:
DbgPrint(\\"Call IRP_MJ_UNKNOWN\\\\n\\");
break;
}
pIrp->IoStatus.Status = status;
pIrp->IoStatus.Information = 0;
IoCompleteRequest (pIrp, IO_NO_INCREMENT);
return status;
}
////////////////////////////////
// 1.asm
////////////////////////////////
.386
.model small
.data
_OrgRet dd 0
.code
public _func@0
extrn _cfunc@0:near
extrn _HookDestFunction@0:near
extrn _OrgDestFunction:DWORD
_func@0 proc
pushad
call _cfunc@0
popad
push eax
mov eax,[esp+4]
mov ds:_OrgRet,eax
pop eax
mov [esp],retaddr
jmp _OrgDestFunction
retaddr:
pushad
call _HookDestFunction@0
popad
jmp ds:_OrgRet
_func@0 endp
END
//////////////////////////////////////////
// app.cpp
//////////////////////////////////////////
#include <windows.h>
#include <stdio.h>
#define FILE_DEVICE_EVENT 0x8000
#define CTL_CODE( DeviceType, Function, Method, Access ) ( \\\\
((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \\\\
)
#define FILE_ANY_ACCESS 0
#define METHOD_BUFFERED 0
#define FILE_DEVICE_UNKNOWN 0x00000022
#define IOCTL_PASSBUF \\\\
CTL_CODE(FILE_DEVICE_EVENT, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS)
int main()
{
HANDLE hDevice;
bool status;
ULONG dwReturn;
char outbuf[129][16];
hDevice = NULL;
m_hCommEvent = NULL;
hDevice = CreateFile( \\"\\\\\\\\\\\\\\\\.\\\\\\\\MyEvent\\";,
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(hDevice == INVALID_HANDLE_VALUE)
{
printf(\\"createfile wrong\\\\n\\");
getchar();
return 0;
}
while(1)
{
memset(outbuf,0,129*16);
status =DeviceIoControl(hDevice,
IOCTL_PASSBUF,
NULL,
0,
&outbuf,
128*16,
&dwReturn,NULL);
if( !status)
{
printf(\\"IO wrong+%d\\\\n\\", GetLastError());
getchar();
return 0;
}
int c=0;
while( *((char*)(&outbuf)+c*16) )
{
//把csrss.exe和自身进程信息跳过,因为会产生有大量的信息。
if ( strcmp((char*)(&outbuf)+c*16,\\"app.exe\\") && \\\\
strcmp((char*)(&outbuf)+c*16,\\"csrss.exe\\") )
printf(\\"%s\\\\n\\",(char*)(&outbuf)+c*16);
c++;
}
Sleep(1);
}
}本文出自 “www.zxhuuw.51.com” 博客,谢绝转载!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Nginx1.8.0版本平滑升级新版本1.9.7
- Nginx的平滑重启和平滑升级
- CentOS平滑升级Nginx 【转】
- Nginx 的启动、停止、平滑重启、信号控制和平滑升级
- nginx之平滑升级详解
- 高性能Web服务器Nginx的配置与部署研究(14)平滑升级你的Nginx
- nginx平滑升级
- 高性能Web服务器Nginx的配置与部署研究(14)平滑升级你的Nginx
- NGINX 的安装及平滑升级
- Nginx实用指南V1 (连载之三:启动与停止与平滑升级)
- Nginx 的启动、停止、平滑重启、信号控制和平滑升级
- Nginx的平滑重启和升级
- 平滑升级 nginx
- nginx学习总结二(nginx的启动停止以及版本平滑升级)
- nginx平滑升级,K哥
- Nginx平滑升级
- nginx总结二(nginx的启动停止以及版本平滑升级)
- Centos下nginx稳定版的平滑升级
- Nginx 的启动、停止、平滑重启、信号控制和平滑升级
- [App] Nginx 版本平滑升级