- 注册时间
- 2011-3-6
- 最后登录
- 1970-1-1
该用户从未签到
|
ULONG GetFunctionAddress
(
IN ULONG FirstFeature,
IN ULONG SecondFeature,
IN ULONG ThirdFeature,
IN ULONG FourthFeature
)
{
NTSTATUS NtStatus=STATUS_SEVERITY_SUCCESS;
ULONG SystemInformationLength=0;
ULONG Index=0;
ULONG Loop=0;
ULONG ModuleBegin=0;
ULONG ModuleFinish=0;
PULONG SystemInformationBuffer=NULL;
PSYSTEM_MODULE_INFORMATION SystemModulePointer=NULL;
ULONG Value=0;
ZwQuerySystemInformation(SystemModuleInformation,NULL,0,&SystemInformationLength);
SystemInformationBuffer=ExAllocatePool(PagedPool,SystemInformationLength);
if (SystemInformationBuffer==NULL)
{
return NtStatus;
}
NtStatus=ZwQuerySystemInformation
(
SystemModuleInformation,
SystemInformationBuffer,
SystemInformationLength,
NULL
);
if (!NT_SUCCESS(NtStatus))
{
ExFreePool(SystemInformationBuffer);
return NtStatus;
}
if (MmIsAddressValid(SystemInformationBuffer)==False)
{
ExFreePool(SystemInformationBuffer);
return NtStatus;
}
SystemModulePointer=(PSYSTEM_MODULE_INFORMATION)(SystemInformationBuffer+1);
for (Index=0;Index<*(ULONG*)SystemInformationBuffer;Index++)
{
ModuleBegin=(ULONG)SystemModulePointer[Index].Base;
ModuleFinish=(ULONG)SystemModulePointer[Index].Base+SystemModulePointer[Index].Size;
for (Loop=ModuleBeginAddress;Loop<ModuleFinishAddress;Loop++)
{
if
(
*(ULONG*)(Loop+0)==FirstFeature&&
*(ULONG*)(Loop+4)==SecondFeature&&
*(ULONG*)(Loop+8)==ThirdFeature&&
*(ULONG*)(Loop+12)==FourthFeature
)
{
Value=Loop;
}
}
}
ExFreePool(SystemInformationBuffer);
return Value;
} |
|
发表于 2013-5-6 08:41:53