-
怎么编写这种驱动呢?这种驱动怎么加载呢?有点迷惑。。。。。。望高手指点一下,可以看哪些文档?
◆
◆
-
tiamo:kernel 的其实用这个MmMapIoSpace就可以了 user的可以读PhysicalMemory这个section完成...这个代码到google上搜索一片一片的(2004-11-25 22:05)
-
xcdyjx:怎么编写这种驱动呢? 这种驱动怎么加载呢? 有点迷惑。。。。。。 望高手指点一下,可以看哪些文档? 如果编写驱动的话,实际上就比较容易了,你可以直接使用相关内核函数(ntdll.dll中的ZwOpenSection,ZwMapViewofFile)来进行访问,因为驱...(2004-11-25 14:20)
-
wowocock:在驱动中用,应用层的方法可以参考我的方法,在GDT中通过CALLGATE进RING0来获得MBR的部分. .686p .model flat, stdcall option casemap :none ; case sensitive ; ##############...(2004-11-25 13:59)
-
bigbigboy:ZwMapViewOfSection 这个函数是在用户级调用还是在驱动中调用呢?(2004-11-25 13:54)
-
wowocock:ZwMapViewOfSection (2004-11-25 13:24)
-
bigbigboy:1. Read !ptov and !vtop in WinDbg help. And I knew there's a chapter in SoftIce manual to talking about physical and virtual address tr...(2004-11-25 13:11)
-
xqchen:You might also try MmGetVirtualForPhysical, which is reserved for system use. But it seems to work for the current process address space.(2004-11-25 02:44)
-
xqchen:1. Read !ptov and !vtop in WinDbg help. And I knew there's a chapter in SoftIce manual to talking about physical and virtual address tr...(2004-11-25 01:15)
-
nhchmg:这个好像有个函数有这个功能(2004-11-24 22:13)
