//rlTenD.cpp
#include <ntddk.h><span style="font-family: Arial, Helvetica, sans-serif;">//加在這裏要比加載頭文件中好</span>
#include "SSDTHOOK.h"//加在這裏要比加載頭文件中好
#include "rlTenD.h"
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriver, PUNICODE_STRING str)
{
//驅動 ->驅動卸載=卸載驅動
pDriver->DriverUnload = UnloadDriver;
//調試輸出
DbgPrint("Loading MyDriver...\r");
ULONG uAddr = GetSSDTAddr(0x42);
if (uAddr)
{
KdPrint(("NtCreateFile: 0x%08x\r", uAddr));
}
return STATUS_SUCCESS;
}
void UnloadDriver(PDRIVER_OBJECT pDriver)
{
//調試輸出
DbgPrint("unLoading MyDriver...\r");
}
===================================================================================================
//rlTenD.h
void UnloadDriver(PDRIVER_OBJECT pDriver);
===================================================================================================
//SSDTHOOK.cpp
#include "SSDTHOOK.h"
ULONG GetSSDTAddr(ULONG uIndex)
{
ULONG uAddr = *(PULONG)((ULONG)(*KeServiceDescriptorTable).ServiceTableBase + uIndex * sizeof(ULONG));
return uAddr;
}
===================================================================================================
//SSDTHOOK.cpp
#pragma once
#ifdef __cplusplus
exern "C"
#endif
#include <ntddk.h>
#include <string.h>
#ifdef __cplusplus
};
#endif
typedef struct _SDT_ENTRY
{
PVOID *ServiceTableBase;
PULONG ServiceCounterTableBase; //Used only in checked build
ULONG NumberOfServices;
PUCHAR ParamTableBase;
} SDT_ENTRY, *PSDT_ENTRY;
EXTERN_C SDT_ENTRY *KeServiceDescriptorTable;
ULONG GetSSDTAddr(ULONG uIndex);
