asdfgh12

驱动牛犊

注册日期2004-10-14
最后登录2005-05-26
粉丝0
关注0
积分0分
威望0点
贡献值0点
好评度0点
原创分0分
专家分0分

加关注写私信

阅读：1572回复：10

玩过NTrootkit的高手来看一看

楼主^#

更多发布于：2005-01-11 09:22

昨天从http://www.ntrootkit.com下载了NTrootkit（源码在后），我编译后（Win200+Win2k ddk sp1）有很多未定义和重定义错误，除去这些错误后，仍有100多个警告。我主要是想学习ntoskrnl.exe未导出函数的使用方法，ZwCreateProcess在rk_kpatch.c中的定义如下：
_declspec(naked) NTSTATUS NTAPI ZwCreateProcess(
PHANDLE FileHandle,
   ACCESS_MASK DesiredAccess,
   POBJECT_ATTRIBUTES ObjectAttributes,
   PIO_STATUS_BLOCK IoStatusBlock,
   PLARGE_INTEGER AllocationSize OPTIONAL,
   ULONG FileAttributes,
   ULONG ShareAccess,
   ULONG CreateDisposition,
   ULONG CreateOptions,
   PVOID EaBuffer OPTIONAL,
   ULONG EaLength )
{
_asm
{
mov eax, _callnumber_NtCreateProcess
lea edx, [esp+4]
int 2eh
ret 20h
}
}
而在rk_process.h中却是这样的声明：
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateProcess(
OUT PHANDLE phProcess,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN HANDLE hParentProcess,
IN BOOLEAN bInheritParentHandles,
IN HANDLE hSection OPTIONAL,
IN HANDLE hDebugPort OPTIONAL,
IN HANDLE hExceptionPort OPTIONAL
);
编译后有警告：
rk_kpatch.c(319) : warning C4273: 'ZwCreateProcess' : inconsistent dll linkage. dllexport assumed.

为什么会是这样？能告诉小弟正确的使用方法吗？谢谢！

请高手赐教！

附件名称/大小下载次数最后更新: 2005-01-11_源码.rar (895KB) 48

喜欢1

最新喜欢：

cyliu

zxwqd 驱动牛犊注册日期2004-09-20 最后登录2005-06-14 粉丝0 关注0 积分0分威望0点贡献值0点好评度0点原创分0分专家分0分加关注写私信	沙发^# 发布于：2005-01-11 15:16 高手快来释疑呀！
	回复(0) 喜欢(0)

AllenZh

驱动老牛

注册日期2001-08-19
最后登录2015-11-27
粉丝19
关注10
积分1316分
威望2387点
贡献值7点
好评度321点
原创分0分
专家分0分

加关注写私信

板凳^#

发布于：2005-01-11 23:00

高手快来释疑呀！

明天测试告诉你

1,承接Windows下驱动/应用开发 2,本人原创虚拟鼠标/键盘,触摸屏,虚拟显卡,Mirror驱动,XP无盘的SCSI虚拟磁盘驱动等 3,windows下有尝技术服务(包括BUG调试,员工培训等) 欢迎深圳和海外企业联系.msn:mfczmh@sina.com

回复喜欢

AllenZh

驱动老牛

注册日期2001-08-19
最后登录2015-11-27
粉丝19
关注10
积分1316分
威望2387点
贡献值7点
好评度321点
原创分0分
专家分0分

加关注写私信

地板^#

发布于：2005-01-11 23:01

现在太晚了，并且我这台计算机没有安装开发环境

1,承接Windows下驱动/应用开发 2,本人原创虚拟鼠标/键盘,触摸屏,虚拟显卡,Mirror驱动,XP无盘的SCSI虚拟磁盘驱动等 3,windows下有尝技术服务(包括BUG调试,员工培训等) 欢迎深圳和海外企业联系.msn:mfczmh@sina.com

回复喜欢

asdfgh12 驱动牛犊注册日期2004-10-14 最后登录2005-05-26 粉丝0 关注0 积分0分威望0点贡献值0点好评度0点原创分0分专家分0分加关注写私信	地下室^# 发布于：2005-01-12 14:33 非常感谢老大的热心！！！！！
	回复(0) 喜欢(0)

AllenZh

驱动老牛

注册日期2001-08-19
最后登录2015-11-27
粉丝19
关注10
积分1316分
威望2387点
贡献值7点
好评度321点
原创分0分
专家分0分

加关注写私信

5楼^#

发布于：2005-01-12 19:17

非常感谢老大的热心！！！！！

Compiler Warning (level 1) C4273
'identifier' : inconsistent DLL linkage. dllexport assumed

The specified member function was declared in a class with dllexport linkage, and then was imported. This warning can also be caused by declaring a member function in a class with dllimport linkage as neither imported nor static nor inline.

The function was compiled as dllexport.

1,承接Windows下驱动/应用开发 2,本人原创虚拟鼠标/键盘,触摸屏,虚拟显卡,Mirror驱动,XP无盘的SCSI虚拟磁盘驱动等 3,windows下有尝技术服务(包括BUG调试,员工培训等) 欢迎深圳和海外企业联系.msn:mfczmh@sina.com

回复喜欢

AllenZh

驱动老牛

注册日期2001-08-19
最后登录2015-11-27
粉丝19
关注10
积分1316分
威望2387点
贡献值7点
好评度321点
原创分0分
专家分0分

加关注写私信

6楼^#

发布于：2005-01-12 19:18

今天太忙了，刚才才看，不好意思

1,承接Windows下驱动/应用开发 2,本人原创虚拟鼠标/键盘,触摸屏,虚拟显卡,Mirror驱动,XP无盘的SCSI虚拟磁盘驱动等 3,windows下有尝技术服务(包括BUG调试,员工培训等) 欢迎深圳和海外企业联系.msn:mfczmh@sina.com

回复喜欢

AllenZh

驱动老牛

注册日期2001-08-19
最后登录2015-11-27
粉丝19
关注10
积分1316分
威望2387点
贡献值7点
好评度321点
原创分0分
专家分0分

加关注写私信

7楼^#

发布于：2005-01-12 19:21

对了刚才编译了一下，很多警告，需要小心使用这个代码，弄不好就会有问题：）

Compiling e:\t\ntrootkit1 directory ********************
'nmake.exe /c BUILDMSG=Stop. -i NTTEST= UMTEST= NOLINK=1 386=1'
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_driver.c
rk_driver.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_driver.c(405) : warning C4047: 'function' : 'int ' differs in levels of indirection from 'void *'
e:\t\ntrootkit1\rk_driver.c(405) : warning C4024: 'memset' : different types for formal and actual parameter 2
e:\t\ntrootkit1\rk_driver.c(721) : warning C4047: '=' : 'unsigned long ' differs in levels of indirection from 'void *'
e:\t\ntrootkit1\rk_driver.c(729) : warning C4047: '=' : 'char ' differs in levels of indirection from 'void *'
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_memory.c
rk_memory.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_memory.c(28) : warning C4273: 'NewZwCreateSection' : inconsistent dll linkage. dllexport assumed.
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_packet.c
rk_packet.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_packet.c(104) : warning C4244: 'initializing' : conversion from 'unsigned long ' to 'unsigned short ', possible loss of data
e:\t\ntrootkit1\rk_packet.c(105) : warning C4244: 'initializing' : conversion from 'unsigned long ' to 'unsigned short ', possible loss of data
e:\t\ntrootkit1\rk_packet.c(114) : warning C4244: 'initializing' : conversion from 'unsigned long ' to 'unsigned short ', possible loss of data
e:\t\ntrootkit1\rk_packet.c(115) : warning C4244: 'initializing' : conversion from 'unsigned long ' to 'unsigned short ', possible loss of data
e:\t\ntrootkit1\rk_packet.c(153) : warning C4244: '=' : conversion from 'long ' to 'unsigned short ', possible loss of data
e:\t\ntrootkit1\rk_packet.c(176) : warning C4242: 'function' : conversion from 'int ' to 'unsigned short ', possible loss of data
e:\t\ntrootkit1\rk_packet.c(627) : warning C4047: 'function' : 'int ' differs in levels of indirection from 'void *'
e:\t\ntrootkit1\rk_packet.c(627) : warning C4024: 'memset' : different types for formal and actual parameter 2
e:\t\ntrootkit1\rk_packet.c(639) : warning C4047: '=' : 'char ' differs in levels of indirection from 'void *'
e:\t\ntrootkit1\rk_packet.c(652) : warning C4047: 'function' : 'int ' differs in levels of indirection from 'void *'
e:\t\ntrootkit1\rk_packet.c(652) : warning C4024: 'memset' : different types for formal and actual parameter 2
e:\t\ntrootkit1\rk_packet.c(747) : warning C4242: '=' : conversion from 'int ' to 'unsigned char ', possible loss of data
e:\t\ntrootkit1\rk_packet.c(176) : warning C4761: integral size mismatch in argument; conversion supplied
e:\t\ntrootkit1\rk_packet.c(338) : warning C4761: integral size mismatch in argument; conversion supplied
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_kpatch.c
rk_kpatch.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_kpatch.c(163) : warning C4098: 'HookSyscalls' : 'void' function returning a value
e:\t\ntrootkit1\rk_kpatch.c(319) : warning C4273: 'ZwCreateProcess' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_kpatch.c(319) : warning C4028: formal parameter 5 different from declaration
e:\t\ntrootkit1\rk_kpatch.c(319) : warning C4028: formal parameter 6 different from declaration
e:\t\ntrootkit1\rk_kpatch.c(319) : warning C4028: formal parameter 7 different from declaration
e:\t\ntrootkit1\rk_kpatch.c(319) : warning C4028: formal parameter 8 different from declaration
e:\t\ntrootkit1\rk_kpatch.c(319) : warning C4029: declared formal parameter list different from definition
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_router.c
rk_router.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_interrupt.c
rk_interrupt.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_ioman.c
rk_ioman.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_ioman.c(41) : warning C4273: 'NewZwQueryDirectoryFile' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(133) : warning C4273: 'NewZwOpenFile' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(186) : warning C4273: 'NewNtCreateFile' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(225) : warning C4273: 'NewZwOpenKey' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(229) : warning C4047: 'initializing' : 'void *' differs in levels of indirection from '__int32 '
e:\t\ntrootkit1\rk_ioman.c(269) : warning C4273: 'NewZwQueryKey' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(275) : warning C4047: 'initializing' : 'void *' differs in levels of indirection from '__int32 '
e:\t\ntrootkit1\rk_ioman.c(337) : warning C4273: 'NewZwQueryValueKey' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(367) : warning C4273: 'NewZwEnumerateValueKey' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(438) : warning C4273: 'NewZwEnumerateKey' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(492) : warning C4273: 'NewZwDeleteKey' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(513) : warning C4273: 'NewZwFlushKey' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(538) : warning C4273: 'NewZwSetValueKey' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(569) : warning C4273: 'NewZwCreateKey' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(597) : warning C4273: 'NewZwDeleteValueKey' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(678) : warning C4273: 'NewZwQuerySystemInformation' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_ioman.c(721) : warning C4047: 'function' : 'int ' differs in levels of indirection from 'void *'
e:\t\ntrootkit1\rk_ioman.c(721) : warning C4024: 'memset' : different types for formal and actual parameter 2
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_object.c
rk_object.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_object.c(17) : warning C4273: 'NewZwClose' : inconsistent dll linkage. dllexport assumed.
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_process.c
rk_process.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_process.c(28) : warning C4273: 'NewZwCreateThread' : inconsistent dll linkage. dllexport assumed.
e:\t\ntrootkit1\rk_process.c(85) : warning C4273: 'NewNtCreateProcess' : inconsistent dll linkage. dllexport assumed.
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_utility.c
rk_utility.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_utility.c(58) : warning C4033: 'DequeuAndRun_RunInProcessContext_WorkItem' must return a value
e:\t\ntrootkit1\rk_utility.c(61) : warning C4047: '==' : 'void *' differs in levels of indirection from 'unsigned long '
e:\t\ntrootkit1\rk_utility.c(62) : warning C4033: 'DequeuAndRun_RunInProcessContext_WorkItem' must return a value
e:\t\ntrootkit1\rk_utility.c(132) : warning C4028: formal parameter 2 different from declaration
e:\t\ntrootkit1\rk_utility.c(132) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_utility.c(132) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_utility.c(376) : warning C4047: 'function' : 'char *' differs in levels of indirection from 'long '
e:\t\ntrootkit1\rk_utility.c(376) : warning C4024: 'DbgPrint' : different types for formal and actual parameter 1
e:\t\ntrootkit1\rk_utility.c(50) : warning C4716: 'QueueWorkToRunInProcessContext' : must return a value
e:\t\ntrootkit1\rk_utility.c(76) : warning C4716: 'DequeuAndRun_RunInProcessContext_WorkItem' : must return a value
e:\t\ntrootkit1\rk_utility.c(87) : warning C4716: 'WaitForWorkItem' : must return a value
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_defense.c
rk_defense.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_defense.c(731) : warning C4133: 'function' : incompatible types - from 'unsigned long *' to 'union _LARGE_INTEGER *'
e:\t\ntrootkit1\rk_defense.c(740) : warning C4098: 'WatchProcessHandle' : 'void' function returning a value
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_command.c
rk_command.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_command.c(266) : warning C4047: 'function' : 'int ' differs in levels of indirection from 'void *'
e:\t\ntrootkit1\rk_command.c(266) : warning C4024: 'memset' : different types for formal and actual parameter 2
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_keyboard.c
rk_keyboard.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_keyboard.c(145) : warning C4047: 'function' : 'int ' differs in levels of indirection from 'void *'
e:\t\ntrootkit1\rk_keyboard.c(145) : warning C4024: 'memset' : different types for formal and actual parameter 2
cl -nologo -Ii386\ -I. -IC:\NTDDK\inc -IC:\NTDDK\inc -IC:\NTDDK\inc\ddk -IC:\NTDDK\inc\ddk\wdm -IC:\NTDDK\private\inc -IC:\NTDDK\inc -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0500 -DWINVER=0x0500 -D_WIN32_IE=0x0501 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -DFPO=0 -DNDEBUG -D_DLL=1 /c /Zel /Zp8 /Gy -cbstring /W3 /Gz /QIfdiv- /QIf /QI0f /GB /Gi- /Gm- /GX- /GR- /GF -Z7 /Oxs /Oy- -FIC:\NTDDK\inc\warning.h .\rk_exec.c
rk_exec.c
e:\t\ntrootkit1\rk_driver.h(22) : warning C4142: benign redefinition of type
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 3 different from declaration
e:\t\ntrootkit1\rk_driver.h(719) : warning C4028: formal parameter 4 different from declaration
e:\t\ntrootkit1\rk_exec.c(322) : warning C4018: '<' : signed/unsigned mismatch
e:\t\ntrootkit1\rk_exec.c(325) : warning C4244: '=' : conversion from 'unsigned long ' to 'unsigned short ', possible loss of data
e:\t\ntrootkit1\rk_exec.c(292) : warning C4716: 'exec' : must return a value

Stop.
Linking e:\t\ntrootkit1 directory ********************
'nmake.exe /c BUILDMSG=Stop. -i LINKONLY=1 NOPASS0=1 NTTEST= UMTEST= 386=1'
link -out:objchk\i386\NTROOT.sys -machine:ix86 @C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nma00760.
Microsoft (R) Incremental Linker Version 5.12.8181
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.

-STACK:262144,4096
-MERGE:_PAGE=PAGE
-MERGE:_TEXT=.text
-SECTION:INIT,d
-OPT:REF
-OPT:ICF
-IGNORE:4001,4037,4039,4044,4065,4070,4078,4087,4089,4198
-INCREMENTAL:NO
-FULLBUILD
-FORCE:MULTIPLE
-NOCOMMENT
/release
-NODEFAULTLIB
-debug:FULL
-debugtype:cv
-version:5.00
-osversion:5.00
-optidata
-driver
-align:0x20
-subsystem:native,5.00
-base:0x10000
-entry:DriverEntry@8
-out:objchk\i386\NTROOT.sys
objchk\i386\rk_driver.obj
objchk\i386\rk_memory.obj
objchk\i386\rk_packet.obj
objchk\i386\rk_kpatch.obj
objchk\i386\rk_router.obj
objchk\i386\rk_interrupt.obj
objchk\i386\rk_ioman.obj
objchk\i386\rk_object.obj
objchk\i386\rk_process.obj
objchk\i386\rk_utility.obj
objchk\i386\rk_defense.obj
objchk\i386\rk_command.obj
objchk\i386\rk_keyboard.obj
objchk\i386\rk_exec.obj
C:\NTDDK\libchk\i386\ntoskrnl.lib
C:\NTDDK\libchk\i386\hal.lib
C:\NTDDK\libchk\i386\wmilib.lib
C:\NTDDK\libchk\i386\ndis.lib
Creating library objchk\i386\NTROOT.lib and object objchk\i386\NTROOT.exp
LINK : warning LNK4049: locally defined symbol "_NewZwQuerySystemInformation@16" imported
LINK : warning LNK4049: locally defined symbol "_NewZwQueryDirectoryFile@44" imported
LINK : warning LNK4049: locally defined symbol "_NewZwDeleteValueKey@8" imported
LINK : warning LNK4049: locally defined symbol "_NewZwCreateKey@28" imported
LINK : warning LNK4049: locally defined symbol "_NewZwSetValueKey@24" imported
LINK : warning LNK4049: locally defined symbol "_NewZwFlushKey@4" imported
LINK : warning LNK4049: locally defined symbol "_NewZwDeleteKey@4" imported
LINK : warning LNK4049: locally defined symbol "_NewZwEnumerateKey@24" imported
LINK : warning LNK4049: locally defined symbol "_NewZwEnumerateValueKey@24" imported
LINK : warning LNK4049: locally defined symbol "_NewZwQueryValueKey@24" imported
LINK : warning LNK4049: locally defined symbol "_NewZwQueryKey@20" imported
LINK : warning LNK4049: locally defined symbol "_NewZwOpenKey@12" imported
LINK : warning LNK4049: locally defined symbol "_NewZwClose@4" imported
LINK : warning LNK4049: locally defined symbol "_NewZwCreateSection@28" imported
LINK : warning LNK4049: locally defined symbol "_NewZwOpenFile@24" imported
LINK : warning LNK4049: locally defined symbol "_NewNtCreateFile@44" imported
LINK : warning LNK4049: locally defined symbol "_NewZwCreateThread@32" imported
LINK : warning LNK4049: locally defined symbol "_NewNtCreateProcess@32" imported

Stop.

1,承接Windows下驱动/应用开发 2,本人原创虚拟鼠标/键盘,触摸屏,虚拟显卡,Mirror驱动,XP无盘的SCSI虚拟磁盘驱动等 3,windows下有尝技术服务(包括BUG调试,员工培训等) 欢迎深圳和海外企业联系.msn:mfczmh@sina.com

回复喜欢

asdfgh12 驱动牛犊注册日期2004-10-14 最后登录2005-05-26 粉丝0 关注0 积分0分威望0点贡献值0点好评度0点原创分0分专家分0分加关注写私信	8楼^# 发布于：2005-01-13 08:25 AllenZh老大，很感谢您！能不能具体的说明一下如何处理这个警告？我看大家都对ntoskrnl.exe未导出函数的使用方法很感兴趣，如果老大有空，可以整理一下，给如饥似渴的兄弟们上一节总结课，以前大家讲的好像并不具体。
	回复(0) 喜欢(0)

asdfgh12 驱动牛犊注册日期2004-10-14 最后登录2005-05-26 粉丝0 关注0 积分0分威望0点贡献值0点好评度0点原创分0分专家分0分加关注写私信	9楼^# 发布于：2005-01-13 08:28 把这57分全给大哥了
	回复(0) 喜欢(0)

asdfgh12 驱动牛犊注册日期2004-10-14 最后登录2005-05-26 粉丝0 关注0 积分0分威望0点贡献值0点好评度0点原创分0分专家分0分加关注写私信	10楼^# 发布于：2005-01-17 16:57 顶！
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册