|
阅读:1494回复:0
大家帮忙看看为什么StartService 总是返回0 失败
刚学KMD, 做了好几个练习都是这样的,StartService 总是返回0 失败
下面是其中一个sys和scp代码: ;@echo off ;goto make ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ; simplest - Simplest possible kernel-mode driver ; ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: .386 .model flat, stdcall option casemap:none ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ; I N C L U D E F I L E S ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: include \masm32\include\w2k\ntstatus.inc include \masm32\include\w2k\ntddk.inc include \masm32\include\w2k\ntoskrnl.inc includelib \masm32\lib\w2k\ntoskrnl.lib include \masm32\Macros\Strings.mac ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ; C O D E ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: .code ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ; DriverEntry ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: DriverEntry proc pDriverObject:PDRIVER_OBJECT, pusRegistryPath:PUNICODE_STRING ;;;;;;;;;;;;;;;;;;;int 1 int 3 local pIDT[6]:CHAR sidt fword ptr pIDT ; 取IDTR内容 mov eax,dword ptr [pIDT + 2] ; 获取IDT表的基地址 add eax,8 ; INT 1偏移地址放放 mov ebx, [eax] ; 取int 1的低位偏移 add eax,16 mov eax, [eax] ; 取int 3的低位偏移 and eax, 0ffffh and ebx, 0ffffh sub eax,ebx ; 计算低位偏移之差 .if eax == 1eh ; 发现跟踪,差值为0x1e invoke DbgPrint, $CTA0("SoftICE is active") .else invoke DbgPrint, $CTA0("Can't find SoftICE with this method.") .endif ret DriverEntry endp ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: end DriverEntry ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ; B U I L D I N G D R I V E R ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :make set drv=AntiTest \masm32\bin\ml /nologo /c /coff %drv%.bat \masm32\bin\link /nologo /driver /base:0x10000 /align:32 /out:%drv%.sys /subsystem:native %drv%.obj del %drv%.obj echo. pause scp 代码: ;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ; Service Control Program for beeper driver ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: .386 .model flat, stdcall option casemap:none ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ; I N C L U D E F I L E S ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: include \masm32\include\windows.inc include \masm32\include\kernel32.inc include \masm32\include\user32.inc include \masm32\include\advapi32.inc includelib \masm32\lib\kernel32.lib includelib \masm32\lib\user32.lib includelib \masm32\lib\advapi32.lib include \masm32\Macros\Strings.mac ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ; C O D E ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: .code start proc local hSCManager:HANDLE local hService:HANDLE local acDriverPath[MAX_PATH]:CHAR local acFileName[MAX_PATH]:CHAR invoke OpenSCManager, NULL, NULL, SC_MANAGER_CREATE_SERVICE .if eax != NULL mov hSCManager, eax invoke GetFullPathName, $CTA0("AntiTest.sys"),sizeof acDriverPath,addr acDriverPath,addr acFileName invoke CreateService, hSCManager, $CTA0("AntiTest"), $CTA0("Anti Int1 Int3 debug"), \ SERVICE_START + DELETE, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, \ SERVICE_ERROR_IGNORE, addr acDriverPath, NULL, NULL, NULL, NULL, NULL .if eax != NULL mov hService, eax invoke StartService, hService, 0, NULL invoke DeleteService, hService invoke CloseServiceHandle, hService .else invoke OpenService, hSCManager, $CTA0("AntiTest"), GENERIC_WRITE .if eax != NULL mov hService, eax invoke StartService, hService, 0, NULL invoke DeleteService, hService .endif .endif invoke CloseServiceHandle, hSCManager .else invoke MessageBox, NULL, $CTA0("Can't connect to Service Control Manager."), \ NULL, MB_ICONSTOP .endif invoke ExitProcess, 0 start endp ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: end start 请大家帮忙看看,错在哪里啊? 无论注册表里是否有注册都是StartService 失败, GetLastError返回5, 手工删除注册表再运行就蓝屏啦 |
|
