Hook IoCallDriver的问题

下页哥

@Ta 2013-12-09 1424点击

代码执行到MyIoCallDriver不知道为什么就特么蓝屏，Windbg 调试在调用旧的IofCallDriver时候出错。求解！！！！！！！
#include<ntddk.h>

typedef NTSTATUS (FASTCALL* PMY_IOFCALLDRIVER_FP)(IN PDEVICE_OBJECT,IN OUT PIRP);
typedef unsigned char BYTE;
static PMY_IOFCALLDRIVER_FP oldcallerbody=NULL;
VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject);

PMY_IOFCALLDRIVER_FP XP_HOOK_IoCallDriver(PMY_IOFCALLDRIVER_FP newCaller,BOOLEAN hook)
{
  UNICODE_STRING funName;
  BYTE *addr;
  RtlInitUnicodeString(&funName,L"IofCallDriver");
  addr=MmGetSystemRoutineAddress(&funName);
  if(hook)
  {
     oldcallerbody=(PMY_IOFCALLDRIVER_FP)(*(PLONG)(addr+2));
     InterlockedExchange((PLONG)(addr+2),newCaller);
     return oldcallerbody;
  }
  else
  {
    if (oldcallerbody!=NULL)
    {
      InterlockedExchange((PLONG)(addr+2),oldcallerbody);
      return oldcallerbody;
    }
  }
}

NTSTATUS FASTCALL MyIoCallDriver(IN PDEVICE_OBJECT pDev,IN OUT PIRP pIrp )
{
  DbgPrint("Hook Is called \n");
  return oldcallerbody(pDev,pIrp);
}

NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject,IN IN PUNICODE_STRING pReg_Path)
{
  PMY_IOFCALLDRIVER_FP pfn=MyIoCallDriver;
  XP_HOOK_IoCallDriver(MyIoCallDriver,TRUE);
  pDriverObject->DriverUnload=DriverUnload;
}

VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject)
{
  XP_HOOK_IoCallDriver(MyIoCallDriver,FALSE);
  DbgPrint("close hook \n");
}

隐藏样式查看源码

回复列表(0|隐藏机器人聊天)

帖子没有回复

添加新回复

回复需要登录。