x64读写驱动源码.rar资源-CSDN文库

共10个文件

c：3个

h：2个

user：2个

x64

读写驱动

2星需积分: 49 174 浏览量 2019-09-08 12:37:44 上传评论 2 收藏 13KB RAR 举报

资源推荐

资源详情

资源评论

收起资源包目录

x64读写驱动源码.rar （10个子文件）

ProtectProcess.h 5KB

OrangeDriver.user 967B

rengrandrv.c 8KB

OrangeDriver.filters 1KB

test.c 11KB

Types.h 14B

OrangeDriver.sln 3KB

OrangeDriver.vcxproj.user 276B

OrangeDriver.vcxproj 9KB

OrangeDriver.c 8KB

#include "dbghelp.h" #include "jhxxs.h" #include <stdio.h> #include <ntdef.h> #include <ntstatus.h> #include <ntddk.h> // // A structure representing the instance information associated with // a particular device // typedef struct _DEVICE_EXTENSION { ULONG StateVariable; } DEVICE_EXTENSION, *PDEVICE_EXTENSION; typedef struct _KAPC_STATE { LIST_ENTRY ApcListHead[2]; PEPROCESS Process; UCHAR KernelApcInProgress; UCHAR KernelApcPending; UCHAR UserApcPending; }KAPC_STATE, *PKAPC_STATE; NTKERNELAPI void KeStackAttachProcess(IN PEPROCESS Process, OUT PKAPC_STATE ApcState); NTKERNELAPI void KeUnstackDetachProcess(IN PKAPC_STATE ApcState); NTKERNELAPI NTSTATUS PsLookupProcessByProcessId(IN ULONG ulProcId, OUT PEPROCESS * pEProcess); NTKERNELAPI NTSTATUS ObOpenObjectByPointer( IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, IN POBJECT_TYPE ObjectType OPTIONAL, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle ); // // Device driver routine declarations. // NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ); NTSTATUS JhxxsDispatchCreate( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ); NTSTATUS JhxxsDispatchClose( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ); NTSTATUS JhxxsDispatchDeviceControl( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ); VOID JhxxsUnload( IN PDRIVER_OBJECT DriverObject ); #ifdef ALLOC_PRAGMA #pragma alloc_text(INIT, DriverEntry) #pragma alloc_text(PAGE, JhxxsDispatchCreate) #pragma alloc_text(PAGE, JhxxsDispatchClose) #pragma alloc_text(PAGE, JhxxsDispatchDeviceControl) #pragma alloc_text(PAGE, JhxxsUnload) #endif // ALLOC_PRAGMA NTSTATUS MyWriteMemory(IN HANDLE hProcess, OUT PVOID BaseAddress, IN PVOID Pbuff, IN ULONG BufferSize) { PEPROCESS EProcess; KAPC_STATE ApcState; PVOID writebuffer = NULL; NTSTATUS status; status = ObReferenceObjectByHandle( hProcess, PROCESS_VM_WRITE | PROCESS_VM_READ, NULL, KernelMode, &EProcess, NULL ); if (!NT_SUCCESS(status)) { ObDereferenceObject(EProcess); return STATUS_UNSUCCESSFUL; } writebuffer = ExAllocatePoolWithTag(NonPagedPool, BufferSize, 'Sys'); if (writebuffer == NULL) { ObDereferenceObject(EProcess); ExFreePool(writebuffer); return STATUS_UNSUCCESSFUL; } *(ULONG*)writebuffer = (ULONG)0x1; if (MmIsAddressValid(Pbuff)) { __try { ProbeForRead((CONST PVOID)Pbuff, BufferSize, sizeof(CHAR)); RtlCopyMemory(writebuffer, Pbuff, BufferSize); } __except (EXCEPTION_EXECUTE_HANDLER) { status = STATUS_UNSUCCESSFUL; } } else { status = STATUS_UNSUCCESSFUL; } if (NT_SUCCESS(status)) { KeStackAttachProcess(EProcess, &ApcState); if (MmIsAddressValid(BaseAddress)) { __try { ProbeForWrite((CONST PVOID)BaseAddress, BufferSize, sizeof(CHAR)); RtlCopyMemory(BaseAddress, writebuffer, BufferSize); } __except (EXCEPTION_EXECUTE_HANDLER) { status = STATUS_UNSUCCESSFUL; } } else { status = STATUS_UNSUCCESSFUL; } KeUnstackDetachProcess(&ApcState); } ObDereferenceObject(EProcess); ExFreePool(writebuffer); return status; } NTSTATUS MyReadMemory(IN HANDLE hProcess, IN PVOID BaseAddress, OUT PVOID Pbuff, IN ULONG BufferSize) { PEPROCESS EProcess; KAPC_STATE ApcState; PVOID readbuffer = NULL; NTSTATUS status; status = ObReferenceObjectByHandle( hProcess, PROCESS_VM_WRITE | PROCESS_VM_READ, NULL, KernelMode, &EProcess, NULL ); if (!NT_SUCCESS(status)) { ObDereferenceObject(EProcess); return STATUS_UNSUCCESSFUL; } readbuffer = ExAllocatePoolWithTag(NonPagedPool, BufferSize, 'Sys'); if (readbuffer == NULL) { ObDereferenceObject(EProcess); ExFreePool(readbuffer); return STATUS_UNSUCCESSFUL; } *(ULONG*)readbuffer = (ULONG)0x1; KeStackAttachProcess(EProcess, &ApcState); if (MmIsAddressValid(BaseAddress)) { __try { ProbeForRead((CONST PVOID)BaseAddress, BufferSize, sizeof(CHAR)); RtlCopyMemory(readbuffer, BaseAddress, BufferSize); } __except (EXCEPTION_EXECUTE_HANDLER) { status = STATUS_UNSUCCESSFUL; } } else { status = STATUS_UNSUCCESSFUL; } KeUnstackDetachProcess(&ApcState); if (NT_SUCCESS(status)) { if (MmIsAddressValid(Pbuff)) { __try { ProbeForWrite(Pbuff, BufferSize, sizeof(CHAR)); RtlCopyMemory(Pbuff, readbuffer, BufferSize); } __except (EXCEPTION_EXECUTE_HANDLER) { status = STATUS_UNSUCCESSFUL; } } else { status = STATUS_UNSUCCESSFUL; } } ObDereferenceObject(EProcess); ExFreePool(readbuffer); return status; } NTSTATUS MyOpenProcess(ULONG PID, PHANDLE pHandle) { NTSTATUS status; PEPROCESS EProcess = NULL; HANDLE handle = NULL; UNICODE_STRING y; PULONG PsProcessType; status = PsLookupProcessByProcessId(PID, &EProcess); if (NT_SUCCESS(status)) { handle = 0; RtlInitUnicodeString(&y, L"PsProcessType"); PsProcessType = MmGetSystemRoutineAddress(&y); if (PsProcessType) { status = ObOpenObjectByPointer(EProcess, 0, 0, PROCESS_ALL_ACCESS, (PVOID)*PsProcessType, UserMode, &handle); if (NT_SUCCESS(status)) { *pHandle = handle; } } ObfDereferenceObject(EProcess); } return status; } NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { NTSTATUS status = STATUS_SUCCESS; UNICODE_STRING ntDeviceName; UNICODE_STRING dosDeviceName; PDEVICE_EXTENSION deviceExtension; PDEVICE_OBJECT deviceObject = NULL; BOOLEAN fSymbolicLink = FALSE; KdBreakPoint(); RtlInitUnicodeString(&ntDeviceName, JHXXS_DEVICE_NAME_W); status = IoCreateDevice( DriverObject, sizeof(DEVICE_EXTENSION), &ntDeviceName, FILE_DEVICE_JHXXS, 0, TRUE, &deviceObject ); if (!NT_SUCCESS(status)) { goto __failed; } deviceExtension = (PDEVICE_EXTENSION)deviceObject->DeviceExtension; RtlInitUnicodeString(&dosDeviceName, JHXXS_DOS_DEVICE_NAME_W); status = IoCreateSymbolicLink(&dosDeviceName, &ntDeviceName); if (!NT_SUCCESS(status)) { goto __failed; } fSymbolicLink = TRUE; DriverObject->MajorFunction[IRP_MJ_CREATE] = JhxxsDispatchCreate; DriverObject->MajorFunction[IRP_MJ_CLOSE] = JhxxsDispatchClose; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = JhxxsDispatchDeviceControl; DriverObject->DriverUnload = JhxxsUnload; if (NT_SUCCESS(status)) return status; __failed: if (fSymbolicLink) IoDeleteSymbolicLink(&dosDeviceName); if (deviceObject) IoDeleteDevice(deviceObject); return status; } NTSTATUS JhxxsDispatchCreate( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { NTSTATUS status = STATUS_SUCCESS; Irp->IoStatus.Information = 0; Irp->IoStatus.Status = status; IoCompleteRequest(Irp, IO_NO_INCREMENT); return status; } NTSTATUS JhxxsDispatchClose( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { NTSTATUS status = STATUS_SUCCESS; Irp->IoStatus.Information = 0; Irp->IoStatus.Status = status; IoCompleteRequest(Irp, IO_NO_INCREMENT); return status; } NTSTATUS JhxxsDispatchDeviceControl( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { NT

评论收藏

内容反馈