#include <ntddk.h>
NTSTATUS
ZwAllocateVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN OUT PSIZE_T RegionSize,
IN ULONG AllocationType,
IN ULONG Protect
);
NTSTATUS ReadWriteProcess()
{
NTSTATUS Status;
HANDLE hProcess;
CLIENT_ID ClientId;
OBJECT_ATTRIBUTES ObjAttr;
PVOID AllocateAddress;
size_t RegionSize;
ClientId.UniqueProcess = (HANDLE)2084;
ClientId.UniqueThread = 0;
memset(&ObjAttr,0,sizeof(OBJECT_ATTRIBUTES));
Status = ZwOpenProcess(&hProcess,PROCESS_ALL_ACCESS,&ObjAttr,&ClientId);
if (!NT_SUCCESS(Status))
{
KdPrint(("error code:%X",Status));
return Status;
}
RegionSize = 0xff;
Status = ZwAllocateVirtualMemory(hProcess,&AllocateAddress,0,&RegionSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
if (!NT_SUCCESS(Status))
{
KdPrint(("error code:%X",Status));
return Status;
}
KdPrint(("address:%X,size:%d",AllocateAddress,RegionSize));
ZwClose(hProcess);
return Status;
}
VOID MyUnload(PDRIVER_OBJECT pDriverObject)
{
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,PUNICODE_STRING Reg_Path)
{
ReadWriteProcess();
pDriverObject->DriverUnload = MyUnload;
return STATUS_SUCCESS;
}
本文始发于微信公众号(飓风网络安全):Windows驱动编程之内存读写
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论