Windows驱动编程之内存读写

#include

NTSTATUS

ZwAllocateVirtualMemory(

IN HANDLE ProcessHandle,

IN OUT PVOID *BaseAddress,

IN ULONG ZeroBits,

IN OUT PSIZE_T RegionSize,

IN ULONG AllocationType,

IN ULONG Protect

);

NTSTATUS ReadWriteProcess()

{

NTSTATUSStatus;

HANDLEhProcess;

CLIENT_IDClientId;

OBJECT_ATTRIBUTESObjAttr;

PVOIDAllocateAddress;

size_tRegionSize;

ClientId.UniqueProcess = (HANDLE)2084;

ClientId.UniqueThread = 0;

memset(&ObjAttr,0,sizeof(OBJECT_ATTRIBUTES));

Status = ZwOpenProcess(&hProcess,PROCESS_ALL_ACCESS,&ObjAttr,&ClientId);

if (!NT_SUCCESS(Status))

{

KdPrint(("error code:%X",Status));

return Status;

}

RegionSize = 0xff;

Status = ZwAllocateVirtualMemory(hProcess,&AllocateAddress,0,&RegionSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);

if (!NT_SUCCESS(Status))

{

KdPrint(("error code:%X",Status));

return Status;

}

KdPrint(("address:%X,size:%d",AllocateAddress,RegionSize));

ZwClose(hProcess);

return Status;

}

VOID MyUnload(PDRIVER_OBJECT pDriverObject)

{

}

NTSTATUS DriverEntry(PDRIVER_OBJECTpDriverObject,PUNICODE_STRING Reg_Path)

{

ReadWriteProcess();

pDriverObject->DriverUnload = MyUnload;

return STATUS_SUCCESS;

}