|
阅读:1636回复:5
试问如何传递ObReferenceObjectByName的参数?
ObReferenceObjectByName的第一个参数是Driver Name,
是什么?是不是二进制文件名称呢?怪怪的。 IoGetDeviceObjectPointer的第一个参数是Device Name,那是好理解的。可是Driver Name,从来没有听说过。 |
|
|
|
沙发#
发布于:2005-03-02 15:36
:o :o :o人都到哪去了?
我看过有人分析过hooksys.sys,感觉好奇怪啊!所以才 过来问的。 |
|
|
|
板凳#
发布于:2005-03-02 15:40
在SoftIce下输入driver,其中Name项便是Driver Name。
嘿嘿。。。 |
|
|
|
地板#
发布于:2005-03-02 16:11
多谢指教!
|
|
|
|
地下室#
发布于:2005-03-02 23:11
NTSTATUS
ObReferenceObjectByName ( IN PUNICODE_STRING ObjectName, IN ULONG Attributes, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, OUT PVOID *Object ) /*++ Routine Description: Given a name of an object this routine returns a pointer to the body of the object with proper ref counts Arguments: ObjectName - Supplies the name of the object being referenced Attributes - Supplies the desired handle attributes AccessState - Supplies an optional pointer to the current access status describing already granted access types, the privileges used to get them, and any access types yet to be granted. DesiredAccess - Optionally supplies the desired access to the for the object ObjectType - Specifies the object type according to the caller AccessMode - Supplies the processor mode of the access ParseContext - Optionally supplies a context to pass down to the parse routine Object - Receives a pointer to the referenced object body Return Value: An appropriate NTSTATUS value --*/ { UNICODE_STRING CapturedObjectName; BOOLEAN DirectoryLocked; PVOID ExistingObject; ACCESS_STATE LocalAccessState; AUX_ACCESS_DATA AuxData; NTSTATUS Status; PAGED_CODE(); ObpValidateIrql(\"ObReferenceObjectByName\"); // // If the object name descriptor is not specified, or the object name // length is zero (tested after capture), then the object name is // invalid. // if (ObjectName == NULL) { return STATUS_OBJECT_NAME_INVALID; } // // Capture the object name. // Status = ObpCaptureObjectName( AccessMode, ObjectName, &CapturedObjectName, TRUE ); if (NT_SUCCESS(Status)) { // // No buffer has been allocated for a zero length name so no free // needed // if (CapturedObjectName.Length == 0) { return STATUS_OBJECT_NAME_INVALID; } // // If the access state is not specified, then create the access // state. // if (!ARGUMENT_PRESENT(AccessState)) { AccessState = &LocalAccessState; Status = SeCreateAccessState( &LocalAccessState, &AuxData, DesiredAccess, &ObjectType->TypeInfo.GenericMapping ); if (!NT_SUCCESS(Status)) { goto FreeBuffer; } } // // Lookup object by name. // Status = ObpLookupObjectName( NULL, &CapturedObjectName, Attributes, ObjectType, AccessMode, ParseContext, NULL, NULL, AccessState, &DirectoryLocked, &ExistingObject ); // // If the directory is returned locked, then unlock it. // if (DirectoryLocked) { ObpLeaveRootDirectoryMutex(); } // // If the lookup was successful, then return the existing // object if access is allowed. Otherwise, return NULL. // *Object = NULL; if (NT_SUCCESS(Status)) { if (ObpCheckObjectReference( ExistingObject, AccessState, FALSE, AccessMode, &Status )) { *Object = ExistingObject; } } // // If the access state was generated, then delete the access // state. // if (AccessState == &LocalAccessState) { SeDeleteAccessState(AccessState); } // // Free the object name buffer. // FreeBuffer: ObpFreeObjectNameBuffer(&CapturedObjectName); } return Status; } |
|
|
|
5楼#
发布于:2005-03-03 09:44
我去拷贝一下。谢谢。
|
|
|