-
大小: 826KB文件类型: .rar金币: 1下载: 0 次发布日期: 2021-05-21
- 语言: 其他
- 标签: Ntoskrnl.exe
资源简介
动态取得Ntoskrnl.exe导出函数地址
代码片段和文件信息
// GetDllFunctionAddress.cpp
//
// Generated by DriverWizard version DriverStudio 3.1.0 (Build 1722)
//
#include
#include “..\SOURCES\type.h“
#include “..\SOURCES\debug.h“
#include “..\SOURCES\GetJmpAddress.h“
#include “..\SOURCES\IoCreateMdlFroAddress.h“
#include “Type.h“
#include “GetDllFunctionAddress.h“
__declspec(dllimport)NTSTATUS NTAPI
IoFileReadFile(
IN HANDLE FileHandle
OUT PIO_STATUS_BLOCK IoStatusBlock
OUT PVOID Buffer
IN ULONG Length
IN PLARGE_INTEGER ByteOffset OPTIONAL
IN KPROCESSOR_MODE AccessMode
);
__declspec(dllimport)NTSTATUS NTAPI
IoFileCreateFile(
OUT PHANDLE FileHandle
IN ACCESS_MASK DesiredAccess
IN Pobject_ATTRIBUTES objectAttributes
OUT PIO_STATUS_BLOCK IoStatusBlock
IN PLARGE_INTEGER AllocationSize OPTIONAL
IN ULONG FileAttributes
IN ULONG ShareAccess
IN ULONG CreateDisposition
IN ULONG CreateOptions
IN PVOID EaBuffer OPTIONAL
IN ULONG EaLength
);
__declspec(dllimport)NTSTATUS NTAPI
IoFileWriteFile(
IN HANDLE FileHandle
OUT PIO_STATUS_BLOCK IoStatusBlock
IN PVOID Buffer
IN ULONG Length
IN PLARGE_INTEGER ByteOffset OPTIONAL
IN KPROCESSOR_MODE AccessMode);
__declspec(dllimport)NTSTATUS NTAPI
IoFileClose(
IN HANDLE FileHandle
IN KPROCESSOR_MODE AccessMode);
__declspec(dllimport)NTSTATUS NTAPI CheckHandle(OUT PHANDLE FileHandle);
__declspec(dllimport)NTSTATUS NTAPI CheckobjectAttributes(IN Pobject_ATTRIBUTES objectAttributes);
__declspec(dllimport)NTSTATUS NTAPI CheckIoStatusBlock(IN PIO_STATUS_BLOCK IoStatusBlock);
typedef struct {
DWORD dwNumberOfModules;
SYSTEM_MODULE_INFORMATION smi;
} MODULES *PMODULES;
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySystemInformation(
IN SYSTEM_INFORMATION_CLASS SystemInformationClass
IN OUT PVOID SystemInformation
IN ULONG SystemInformationLength
OUT PULONG ReturnLength OPTIONAL
);
DWORD pGetDllFunctionAddress(char* lpFunctionName
PUNICODE_STRING pDllName
PVOID MoudelbaseAddress
ULONG *FunctionRAV
Pbase_ADDRESS_MESSAGE OutMoudelbaseAddress)
{
HANDLE hThread hSection hFile hMod;
SECTION_IMAGE_INFORMATION sii;
IMAGE_DOS_HEADER* dosheader;
IMAGE_OPTIONAL_HEADER* opthdr;
IMAGE_EXPORT_DIRECTORY* pExportTable;
DWORD* arrayOfFunctionAddresses;
DWORD* arrayOfFunctionNames;
WORD* arrayOfFunctionOrdinals;
DWORD functionOrdinal;
DWORD base x functionAddress;
char* functionName;
STRING ntFunctionName ntFunctionNameSearch;
PVOID baseAddress = NULL;
SIZE_T size=0;
NTSTATUS Status=0;
IO_STATUS_BLOCK iosb;
属性 大小 日期 时间 名称
----------- --------- ---------- ----- ----
....... 113 2010-04-23 20:08 GetDllFunctionAddressDll\buildchk_wxp_x86.err
....... 2884 2010-04-23 20:08 GetDllFunctionAddressDll\buildchk_wxp_x86.log
文件 4744 2010-04-23 20:11 GetDllFunctionAddressDll\buildfre_wxp_x86.log
文件 81 2010-03-31 20:45 GetDllFunctionAddressDll\function.h
文件 97242 2010-04-23 16:56 GetDllFunctionAddressDll\GetDllFunctionAddress.lib
文件 39404 2010-04-01 16:59 GetDllFunctionAddressDll\GetDllFunctionAddressDll.aps
文件 7377 2010-04-23 20:08 GetDllFunctionAddressDll\GetDllFunctionAddressDll.c
文件 208 2010-04-02 17:24 GetDllFunctionAddressDll\GetDllFunctionAddressDll.def
文件 20914 2010-04-02 22:04 GetDllFunctionAddressDll\GetDllFunctionAddressDll.dsp
文件 343 2010-03-31 20:45 GetDllFunctionAddressDll\GetDllFunctionAddressDll.dsw
文件 1587 2010-04-23 20:11 GetDllFunctionAddressDll\GetDllFunctionAddressDll.h
文件 74752 2010-04-23 20:27 GetDllFunctionAddressDll\GetDllFunctionAddressDll.ncb
文件 282112 2010-04-23 20:27 GetDllFunctionAddressDll\GetDllFunctionAddressDll.opt
文件 2056 2010-03-31 20:45 GetDllFunctionAddressDll\GetDllFunctionAddressDll.rc
文件 53 2010-04-01 16:33 GetDllFunctionAddressDll\GetFunctionAddressDll.def
文件 9216 2010-04-22 21:45 GetDllFunctionAddressDll\IoFile.dll
文件 5344 2010-04-22 21:45 GetDllFunctionAddressDll\IoFile.lib
文件 0 2010-04-02 22:04 GetDllFunctionAddressDll\KeInsertQueueApc.c
文件 0 2010-04-02 22:03 GetDllFunctionAddressDll\KeInsertQueueApc.h
文件 308 2010-03-31 20:45 GetDllFunctionAddressDll\makefile
文件 1215 2010-04-02 01:10 GetDllFunctionAddressDll\NtQuerySystemInformation.c
文件 2786 2010-04-01 21:18 GetDllFunctionAddressDll\NtQuerySystemInformation.h
文件 2000 2010-04-23 20:08 GetDllFunctionAddressDll\objchk_wxp_x86\i386\GetDllFunctionAddressDll.exp
文件 3830 2010-04-23 20:08 GetDllFunctionAddressDll\objchk_wxp_x86\i386\GetDllFunctionAddressDll.lib
文件 43223 2010-04-23 20:08 GetDllFunctionAddressDll\objchk_wxp_x86\i386\getdllfunctionaddressdll.obj
文件 972 2010-04-23 20:08 GetDllFunctionAddressDll\objchk_wxp_x86\i386\getdllfunctionaddressdll.res
文件 8836 2010-04-23 20:08 GetDllFunctionAddressDll\objchk_wxp_x86\i386\ntquerysysteminformation.obj
文件 6752 2010-04-23 20:08 GetDllFunctionAddressDll\objchk_wxp_x86\i386\pslookupthreadbythreadid.obj
....... 1006 2010-04-23 20:08 GetDllFunctionAddressDll\objchk_wxp_x86\_ob
文件 2037 2010-04-23 20:11 GetDllFunctionAddressDll\objfre_wxp_x86\i386\GetDllFunctionAddressDll.exp
............此处省略102个文件信息
- 上一篇:Windows虚拟键码中文参考
- 下一篇:欧姆龙Hostli
nk协议讲解以及举例
评论
共有 条评论