阅读:2968回复:15
在安全模式下如何动态装载和卸载.sys
请问在2000和XP的安全模式下如何动态装载和卸载.sys?
|
|
沙发#
发布于:2003-02-16 17:18
为什么要在安全模式下装载和卸载sys,在安全模式下,系统只支持最小的硬件默认配置。 :D
|
|
|
板凳#
发布于:2003-02-16 17:38
我做的文件隐藏的程序,没有办法在安全模式下运行,就是因为无法加载Filter driver,有什么办法吗?
|
|
地板#
发布于:2003-02-17 08:17
如果真的存在这个问题,强烈关注!
|
|
地下室#
发布于:2003-02-17 15:28
看看《Inside microsoft windows 2000》的相关部分(具体章节不记得了)。
|
|
|
5楼#
发布于:2004-10-10 17:19
这个问题谁知道具体的办法吗?
|
|
6楼#
发布于:2004-10-11 09:45
这样就可以解决了.
#define SYS_FILE "your.sys" #define SYS_NAME "your" /**************************************************************************** * * FUNCTION: InstallDriver( IN SC_HANDLE, IN LPCTSTR, IN LPCTSTR) * * PURPOSE: Creates a driver service. * ****************************************************************************/ BOOL InstallDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName, IN LPCTSTR ServiceExe ) { SC_HANDLE schService; // // NOTE: This creates an entry for a standalone driver. If this // is modified for use with a driver that requires a Tag, // Group, and/or Dependencies, it may be necessary to // query the registry for existing driver information // (in order to determine a unique Tag, etc.). // schService = CreateService( SchSCManager, // SCManager database DriverName, // name of service DriverName, // name to display SERVICE_ALL_ACCESS, // desired access SERVICE_KERNEL_DRIVER, // service type SERVICE_DEMAND_START, // start type SERVICE_ERROR_NORMAL, // error control type ServiceExe, // service's binary NULL, // no load ordering group NULL, // no tag identifier NULL, // no dependencies NULL, // LocalSystem account NULL // no password ); if ( schService == NULL ) return FALSE; CloseServiceHandle( schService ); return TRUE; } /**************************************************************************** * * FUNCTION: StartDriver( IN SC_HANDLE, IN LPCTSTR) * * PURPOSE: Starts the driver service. * ****************************************************************************/ BOOL StartDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName ) { SC_HANDLE schService; BOOL ret; schService = OpenService( SchSCManager, DriverName, SERVICE_ALL_ACCESS ); if ( schService == NULL ) return FALSE; ret = StartService( schService, 0, NULL ) || GetLastError() == ERROR_SERVICE_ALREADY_RUNNING || GetLastError() == ERROR_SERVICE_DISABLED; CloseServiceHandle( schService ); return ret; } /**************************************************************************** * * FUNCTION: OpenDevice( IN LPCTSTR, HANDLE *) * * PURPOSE: Opens the device and returns a handle if desired. * ****************************************************************************/ BOOL OpenDevice( IN LPCTSTR DriverName, HANDLE * lphDevice ) { TCHAR completeDeviceName[64]; HANDLE hDevice; // // Create a \.XXX device name that CreateFile can use // // NOTE: We're making an assumption here that the driver // has created a symbolic link using it's own name // (i.e. if the driver has the name "XXX" we assume // that it used IoCreateSymbolicLink to create a // symbolic link "DosDevicesXXX". Usually, there // is this understanding between related apps/drivers. // // An application might also peruse the DEVICEMAP // section of the registry, or use the QueryDosDevice // API to enumerate the existing symbolic links in the // system. // if( GetVersion() & 0xFF >= 5 ) { // // We reference the global name so that the application can // be executed in Terminal Services sessions on Win2K // wsprintf( completeDeviceName, TEXT("\\.\Global\%s"), DriverName ); } else { wsprintf( completeDeviceName, TEXT("\\.\%s"), DriverName ); } hDevice = CreateFile( completeDeviceName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL ); if ( hDevice == ((HANDLE)-1) ) return FALSE; // If user wants handle, give it to them. Otherwise, just close it. if ( lphDevice ) *lphDevice = hDevice; else CloseHandle( hDevice ); return TRUE; } /**************************************************************************** * * FUNCTION: StopDriver( IN SC_HANDLE, IN LPCTSTR) * * PURPOSE: Has the configuration manager stop the driver (unload it) * ****************************************************************************/ BOOL StopDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName ) { SC_HANDLE schService; BOOL ret; SERVICE_STATUS serviceStatus; schService = OpenService( SchSCManager, DriverName, SERVICE_ALL_ACCESS ); if ( schService == NULL ) return FALSE; ret = ControlService( schService, SERVICE_CONTROL_STOP, &serviceStatus ); CloseServiceHandle( schService ); return ret; } /**************************************************************************** * * FUNCTION: RemoveDriver( IN SC_HANDLE, IN LPCTSTR) * * PURPOSE: Deletes the driver service. * ****************************************************************************/ BOOL RemoveDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName ) { SC_HANDLE schService; BOOL ret; schService = OpenService( SchSCManager, DriverName, SERVICE_ALL_ACCESS ); if ( schService == NULL ) return FALSE; ret = DeleteService( schService ); CloseServiceHandle( schService ); return ret; } /**************************************************************************** * * FUNCTION: UnloadDeviceDriver( const TCHAR *) * * PURPOSE: Stops the driver and has the configuration manager unload it. * ****************************************************************************/ BOOL UnloadDeviceDriver( const TCHAR * Name ) { SC_HANDLE schSCManager; schSCManager = OpenSCManager( NULL, // machine (NULL == local) NULL, // database (NULL == default) SC_MANAGER_ALL_ACCESS // access required ); StopDriver( schSCManager, Name ); RemoveDriver( schSCManager, Name ); CloseServiceHandle( schSCManager ); return TRUE; } /**************************************************************************** * * FUNCTION: LoadDeviceDriver( const TCHAR, const TCHAR, HANDLE *) * * PURPOSE: Registers a driver with the system configuration manager * and then loads it. * ****************************************************************************/ BOOL LoadDeviceDriver( const TCHAR * Name, const TCHAR * Path, HANDLE * lphDevice, PDWORD Error ) { SC_HANDLE schSCManager; BOOL okay; schSCManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS ); // Remove previous instance RemoveDriver( schSCManager, Name ); // Ignore success of installation: it may already be installed. InstallDriver( schSCManager, Name, Path ); // Ignore success of start: it may already be started. StartDriver( schSCManager, Name ); // Do make sure we can open it. okay = OpenDevice( Name, lphDevice ); *Error = GetLastError(); CloseServiceHandle( schSCManager ); return okay; } // 调用方法 { HANDLE SysHandle; if(!OpenDevice( SYS_NAME, &SysHandle )){ CRegKey keyServices; LONG lRes = keyServices.Open(HKEY_LOCAL_MACHINE, _T("SYSTEM\CurrentControlSet\Services")); if (lRes == ERROR_SUCCESS){ keyServices.RecurseDeleteKey(_T("your")); } LoadDeviceDriver( SYS_NAME, pPath, &SysHandle, &error );//注意pPath的格式必须为"System32\\Drivers\\your.sys" || "System32\\yourpath\\your.sys" || "System32\\your.sys" CRegKey keyYour; lRes = keyYour.Open(HKEY_LOCAL_MACHINE, _T("SYSTEM\CurrentControlSet\Services\your")); if (lRes == ERROR_SUCCESS){ DWORD dwStart = SERVICE_BOOT_START; keyYour.SetValue(dwStart, _T("Start")); keyYour.SetValue(_T("Base"), _T("Group")); } } } [编辑 - 10/11/04 by waqis] |
|
7楼#
发布于:2004-10-11 09:48
我试试先
|
|
8楼#
发布于:2004-10-12 18:09
经修改后在正常启动的时候可以,在安全模式依然不行啊?
|
|
9楼#
发布于:2004-10-13 08:33
第一次加载必须在正常模式下进行,每问题的。我的程序就是怎么做的。不信你试试。
|
|
|
10楼#
发布于:2004-10-13 10:14
waqis,你的zip文件怎么不能下载?
|
|
11楼#
发布于:2004-10-13 10:43
没问题呀,用flashget下。
|
|
12楼#
发布于:2005-04-01 08:34
安全模式下Windows有一个要加载的驱动列表。
在这个键值下面 HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot 下面有两个:Minimal对应直接的安全模式 Network对应带网络的安全模式。 把你的驱动按照里面的格式加进去以后进入安全模式Windows也会加载你的驱动。 |
|
13楼#
发布于:2005-04-01 09:17
可以参考3721那个垃圾驱动的做法,把其挂节到文件系统过滤驱动里.
|
|
|
14楼#
发布于:2005-04-01 09:41
安全模式下Windows有一个要加载的驱动列表。 wollok说的很详细了。按照这样做就可以在安全模式下加载你的驱动。 |
|
|
15楼#
发布于:2005-04-04 09:39
将驱动注册为总线驱动,即可在安全模式下加载
|
|