阅读:1384回复:1
如何用ZwOpenFile运行程序?
sys里如何调用ZwOpenFile运行一个程序呢?
BOOLEAN OpenTheFile () { HANDLE hFile; OBJECT_ATTRIBUTES oaFile; ANSI_STRING FileNameAnsi; UNICODE_STRING FileNameUnicode; IO_STATUS_BLOCK iosb; NTSTATUS nts; // Open the file RtlInitAnsiString (&FileNameAnsi, "\\??\\c:\\tmp.exe"); RtlAnsiStringToUnicodeString (&FileNameUnicode, &FileNameAnsi, TRUE); InitializeObjectAttributes (&oaFile, &FileNameUnicode,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE, NULL, NULL); nts = ZwOpenFile(&hFile, GENERIC_READ|GENERIC_EXECUTE,&oaFile, &iosb, 0,FILE_NON_DIRECTORY_FILE); if (!NT_SUCCESS (nts)) { RtlFreeUnicodeString (&FileNameUnicode); //DbgPrint(("Open failed with status %x\n", nts)); return FALSE; }else{ DbgPrint(("Open success\n")); return TRUE; } } NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { OpenTheFile(); return STATUS_SUCCESS; } |
|
|
沙发#
发布于:2007-04-11 10:31
gsdgfsd
|
|
|