摘要：R3下的inline hook某个函数。可以通过修改函数的前5个字节实现。这种方法R0下同样也可以。声明:NTSTATUS DetourMyObReferenceObjectByHandle( IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType OPTIONAL, IN KPROCESSOR_... 阅读全文

摘要：一切从基础开始，一切从0开始。注册表的相关操作函数及实例：DriverReg.h 文件#include <ntddk.h>#define dprintf if (DBG) DbgPrint#define PAGEDCODE code_seg("PAGE")#define LOCKEDCODE code_seg()#define INITCODE codeseg("INIT")#define PAGEDDATA data_seg("PAGE")#define LOCKEDDATA data_seg()#define INIT 阅读全文

摘要：一切从基础开始，一切从0开始。基础示例：#pragma PAGEDCODEVOID FileTest(){ OBJECT_ATTRIBUTES objectAttributes; IO_STATUS_BLOCK iostatus; HANDLE hFile; UNICODE_STRING logFileUnicodeString; NTSTATUS ntStatus; PUCHAR pBuffer; LARGE_INTEGER ... 阅读全文