过某xx游戏保护的部分代码(windbg+ce测试通过)
代码太杂了,放出核心部分,给大家提供一个思路#include "Driver.h"
#include "helper.h"
#include "ThreadHeader.h"
#include "Process.h"
VOID AddWinDbgToEpro(
HANDLEParentId,
HANDLEProcessId,
BOOLEANCreate
);
VOID DealIO(
IN HANDLEParentId,
IN HANDLEProcessId,
IN BOOLEANCreate
);
VOID TimerDpc( IN PKDPC pDpc,
IN PVOID pContext,
IN PVOID SysArg1,
IN PVOID SysArg2 ) ;
#pragma INITCODE
extern "C" NTSTATUS DriverEntry (
IN PDRIVER_OBJECT pDriverObject,
IN PUNICODE_STRING pRegistryPath )
{
NTSTATUS status;
KdPrint(("Enter DriverEntry\n"));
//注册其他驱动调用函数入口
pDriverObject->DriverUnload = HelloDDKUnload;
pDriverObject->MajorFunction = HelloDDKDispatchRoutine;
pDriverObject->MajorFunction = HelloDDKDispatchRoutine;
pDriverObject->MajorFunction = HelloDDKDispatchRoutine;
pDriverObject->MajorFunction = HelloDDKDispatchRoutine;
//创建驱动设备对象
status = CreateDevice(pDriverObject);
//PsSetCreateProcessNotifyRoutine(DealIO,FALSE);
KdPrint(("DriverEntry end\n"));
return status;
}
**** Hidden Message ***** 回复学习,谢谢楼主 要怎樣過:L 看看是什么aa 我是来学习的 谢谢楼主 看看隐藏的内容 看看隐藏的内容 回复 1# po7829
谢谢分享了 cxxxxxxxxxx 看看隐藏的内容
页:
[1]
2