|
阅读:2015回复:1
关于使用LoadDriver动态加载驱动的问题
程序如下:
int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
int nRetCode = 0;
// initialize MFC and print and error on failure
if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0))
{
// TODO: change error code to suit your needs
cerr << _T("Fatal Error: MFC initialization failed") << endl;
nRetCode = 1;
}
else
{
// TODO: code your application's behavior here.
TOKEN_PRIVILEGES tp;
HANDLE hToken;
LUID Luid;
char szDriverName[32] = {0};
char szDriverPath[256] = {0};
//
// adjust token priviledge
//
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &hToken) )
{
return -1;
}
if (!LookupPrivilegeValue(NULL, SE_LOAD_DRIVER_NAME, &Luid) )
{
return -1;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
tp.Privileges[0].Luid = Luid;
if (!AdjustTokenPrivileges(hToken, 0, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL) )
{
return -1;
}
printf("Load driver with ZwLoadDriver()\r\n");
printf("Date: 14th May 2009\r\n");
printf("Modifed by: zhongweilin<zhongweilin256@126.com>\r\n\r\n");
/*
if (argc != 3)
{
printf("Usage: %s <DriverFilename> <DriverPath>\r\n", argv[0]);
exit(-1);
}*/
// ·½±ãµ÷ÊÔ
strcpy(szDriverPath, "F:\\hidedriver.sys");
printf("Input driver name:\n");
scanf("%s", szDriverName);
//printf("Input driver path:\n");
//scanf("%s", szDriverPath);
// Load ntdll
HMODULE hNtdll = NULL;
hNtdll = LoadLibrary( "ntdll.dll" );
// ´Óntdll.dllÀï»ñÈ¡º¯Êý
if ( !hNtdll )
{
printf( "LoadLibrary( NTDLL.DLL ) Error:%d\n", GetLastError() );
return false;
}
RtlAnsiStringToUnicodeString = (RTLANSISTRINGTOUNICODESTRING)\
GetProcAddress( hNtdll, "RtlAnsiStringToUnicodeString");
RtlFreeUnicodeString = (RTLFREEUNICODESTRING)\
GetProcAddress( hNtdll, "RtlFreeUnicodeString");
ZwLoadDriver = (ZWLOADDRIVER)\
GetProcAddress( hNtdll, "ZwLoadDriver");
printf("ZwLoadDriver address: 0x%x\n", ZwLoadDriver);
if (!RtlAnsiStringToUnicodeString | !RtlFreeUnicodeString | !ZwLoadDriver)
{
printf("Error to get procedure address...\n");
}
// ×¢²áÇý¶¯³ÌÐò
if (-1 == LoadDriver(szDriverName, szDriverPath) )
{
printf("Error to load driver!\nProgramme will quit...\n");
return -1;
}
//return 0;
}
return nRetCode;
}
int LoadDriver(char *szDrvName, char *szDrvPath)
{
// ÐÞ¸Ä×¢²á±íÆô¶¯Çý¶¯³ÌÐò
char szSubKey[200] = {0}, szDrvFullPath[256] = {0};
LSA_UNICODE_STRING buf1;
LSA_UNICODE_STRING buf2;
int iBuffLen;
HKEY hkResult;
//char Data[4] = {0};
ULONG Data;
DWORD dwOK;
iBuffLen = sprintf(szSubKey, "System\\CurrentControlSet\\Services\\%s", szDrvName);
szSubKey[iBuffLen] = 0;
dwOK = RegCreateKey(HKEY_LOCAL_MACHINE, szSubKey, &hkResult);
if (dwOK != ERROR_SUCCESS)
return -1;
Data = 1;
dwOK = RegSetValueEx(hkResult, "Type", 0, 4, (const unsigned char *)&Data, 4);
Data = 0;
dwOK = RegSetValueEx(hkResult, "ErrorControl", 0, 4, (const unsigned char *)&Data, 4);
Data = 3;
dwOK = RegSetValueEx(hkResult, "Start", 0, 4, (const unsigned char *)Data, 4);
//GetFullPathName(szDrvPath, 256, szDrvFullPath, NULL);
//printf("Loading driver: %s\r\n", szDrvPath);
memset(szSubKey, 0, sizeof(szSubKey) );
iBuffLen = sprintf(szSubKey, "\\??\\%s", szDrvPath);
printf("Loading driver: %s\r\n", szSubKey);
szSubKey[iBuffLen] = 0;
dwOK = RegSetValueEx(hkResult, "ImagePath", 0, 1, (const unsigned char *)szSubKey, iBuffLen);
RegCloseKey(hkResult);
iBuffLen = sprintf(szSubKey, "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\%s", szDrvName);
szSubKey[iBuffLen] = 0;
buf2.Buffer = (PVOID)szSubKey;
buf2.Length = iBuffLen;
RtlAnsiStringToUnicodeString(&buf1, &buf2, 1);
// ¼ÓÔØÇý¶¯³ÌÐò
dwOK = ZwLoadDriver(&buf1);
// if (dwOK != ERROR_SUCCESS)
// {
// // if (STATUS_OBJECT_NAME_NOT_FOUND == dwOK)
// printf("Error code is:%d\n", dwOK);
// return -1;
// }
RtlFreeUnicodeString(&buf1);
// ɾ³ý×¢²á±íÏî
iBuffLen = sprintf(szSubKey, "%s%s\\Enum", "System\\CurrentControlSet\\Services\\", szDrvName);
szSubKey[iBuffLen] = 0;
RegDeleteKey(HKEY_LOCAL_MACHINE, szSubKey);
iBuffLen = sprintf(szSubKey, "%s%s\\Security", "System\\CurrentControlSet\\Services\\", szDrvName);
szSubKey[iBuffLen] = 0;
RegDeleteKey(HKEY_LOCAL_MACHINE, szSubKey);
iBuffLen = sprintf(szSubKey, "%s%s", "System\\CurrentControlSet\\Services\\", szDrvName);
szSubKey[iBuffLen] = 0;
RegDeleteKey(HKEY_LOCAL_MACHINE, szSubKey);
iBuffLen = sprintf(szSubKey, "\\\\.\\%s", szDrvName);
szSubKey[iBuffLen] = 0;
HANDLE hMydriver;
hMydriver = CreateFile("\\\\.\\Twdm1",
GENERIC_WRITE | GENERIC_READ,
0,
NULL,
OPEN_EXISTING,
0,
NULL);
if (INVALID_HANDLE_VALUE == hMydriver)
{
printf("Open driver failed.\n");
}
return 0;
}LoadDriver报错:STATUS_OBJECT_NAME_NOT_FOUND,具体可见http://topic.csdn.net/u/20090514/17/c7121acc-c09c-42c3-966b-dd6f48c50bc9.html?seed=1213520911 |
|
|
沙发#
发布于:2009-05-18 15:44
请大家帮帮忙,由于初次写驱动一类的程序,已经卡在这几天了,公司上面催得紧!实在不好意思,新人,没什么分~
|
|