|
阅读:2028回复:0
MDL方式实现NtReadVirtualMemory问题NTSTATUS
NTAPI
MyReadMemory(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
OUT PVOID Buffer,
IN ULONG BufferLength,
OUT PULONG ReturnLength OPTIONAL
)
{
PEPROCESS EProcess;
KAPC_STATE ApcState;
NTSTATUS status;
PMDL pMdl;
PBYTE pMdlBuffer;
status = ObReferenceObjectByHandle(
ProcessHandle,
PROCESS_VM_WRITE|PROCESS_VM_READ,
NULL,
KernelMode,
&EProcess,
NULL
);
if(!NT_SUCCESS(status))
{
ObDereferenceObject(EProcess);
return STATUS_UNSUCCESSFUL;
}
if(MmIsAddressValid(Buffer))
{
pMdl = IoAllocateMdl(Buffer, BufferLength, FALSE, FALSE, NULL);
if(!pMdl)
{
ObDereferenceObject(EProcess);
return STATUS_INSUFFICIENT_RESOURCES;
}
MmBuildMdlForNonPagedPool(pMdl);
__try
{
MmProbeAndLockPages(pMdl, KernelMode, IoWriteAccess);
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
IoFreeMdl(pMdl);
ObDereferenceObject(EProcess);
return STATUS_INSUFFICIENT_RESOURCES;
}
pMdlBuffer = MmGetSystemAddressForMdlSafe(pMdl, NormalPagePriority);
KeStackAttachProcess (EProcess, &ApcState);
if (MmIsAddressValid(BaseAddress) && pMdlBuffer)
{
__try
{
ProbeForWrite(pMdlBuffer, BufferLength, sizeof(CHAR));
ProbeForRead ((CONST PVOID)BaseAddress, BufferLength, sizeof(CHAR));
RtlCopyMemory(pMdlBuffer, BaseAddress, BufferLength);
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
status = STATUS_UNSUCCESSFUL;
}
__try
{
*ReturnLength = BufferLength;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
DbgPrint("ReturnLength error!");
}
}
KeUnstackDetachProcess (&ApcState);
MmUnlockPages(pMdl);
IoFreeMdl(pMdl);
}
ObDereferenceObject(EProcess);
return status;
}请各位看看,为什么在ProbeForWrite(pMdlBuffer, BufferLength, sizeof(CHAR))处,大部分时候抛出异常? |
|
