请教怎么获取驱动的对象？ \Driver 目录下面的！

楼主^#

更多发布于：2007-01-31 19:06

gDiskSymbolLink        dw     '\','D','o','s','D','e','v','i','c','e','s','\','T','c','p',0,0  

_GetpDeviceObject proc uses ebx esi edi

    local    SymbolLink: UNICODE_STRING
    local    hFile: dword
    local    IoStatus: IO_STATUS_BLOCK
    local    pFileObject: dword
    local    oa:OBJECT_ATTRIBUTES


    lea    edi,SymbolLink
    lea    esi,gDiskSymbolLink
    invoke    RtlInitUnicodeString,edi,esi

    mov    [oa._Length],sizeof( OBJECT_ATTRIBUTES )
    mov    [oa.RootDirectory],NULL
    mov    [oa.ObjectName],edi
    mov    [oa.Attributes],OBJ_CASE_INSENSITIVE
    mov    [oa.SecurityDescriptor],NULL
    mov    [oa.SecurityQualityOfService],NULL

    lea    esi,oa
    lea    edi,hFile
    lea    ebx,IoStatus
    int 3

    invoke    ZwCreateFile,edi,SYNCHRONIZE or FILE_ANY_ACCESS,esi,ebx,0,0,FILE_SHARE_READ or FILE_SHARE_WRITE,FILE_OPEN,FILE_SYNCHRONOUS_IO_NONALERT or FILE_DIRECTORY_FILE,0,0
    test    eax,eax
    jnl    short _OpenFileOk
    xor    eax,eax
    jmp    short _FailExit

_OpenFileOk:
    lea    esi,pFileObject
    invoke    ObReferenceObjectByHandle,dword ptr[edi],FILE_READ_DATA,0,0,esi,0
    test    eax,eax
    jnl    short _ReferenceObjectOk
    invoke    ZwClose,dword ptr[edi]
    xor    eax,eax
    jmp    short _FailExit

_ReferenceObjectOk:
    
    invoke    IoGetRelatedDeviceObject,dword ptr [esi]
    mov    ebx,eax
    invoke    ObDereferenceObject,dword ptr[esi]
    invoke    ZwClose,dword ptr[esi]
    test    ebx,ebx
    jnz    short _GetRelatedDeviceOk
    xor    eax,eax
    jmp    short _FailExit
_GetRelatedDeviceOk:
    mov    eax,ebx
_FailExit:
    ret
_GetpDeviceObject endp

这样可以实现得到设备的对象。可是
\Driver 目录下面的就不行了！！

指点有一下。谢谢

喜欢0

发帖回复

« 返回列表

您需要登录后才可以回帖，登录或者注册

返回顶部

请教 怎么获取驱动的对象？ \Driver 目录下面的！

最新喜欢：

请教怎么获取驱动的对象？ \Driver 目录下面的！