#include
NTSTATUS
ZwAllocateVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN OUT PSIZE_T RegionSize,
IN ULONG AllocationType,
IN ULONG Protect
);
NTSTATUS ReadWriteProcess()
{
NTSTATUSStatus;
HANDLEhProcess;
CLIENT_IDClientId;
OBJECT_ATTRIBUTESObjAttr;
PVOIDAllocateAddress;
size_tRegionSize;
ClientId.UniqueProcess = (HANDLE)2084;
ClientId.UniqueThread = 0;
memset(&ObjAttr,0,sizeof(OBJECT_ATTRIBUTES));
Status = ZwOpenProcess(&hProcess,PROCESS_ALL_ACCESS,&ObjAttr,&ClientId);
if (!NT_SUCCESS(Status))
{
KdPrint(("error code:%X",Status));
return Status;
}
RegionSize = 0xff;
Status = ZwAllocateVirtualMemory(hProcess,&AllocateAddress,0,&RegionSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
if (!NT_SUCCESS(Status))
{
KdPrint(("error code:%X",Status));
return Status;
}
KdPrint(("address:%X,size:%d",AllocateAddress,RegionSize));
ZwClose(hProcess);
return Status;
}
VOID MyUnload(PDRIVER_OBJECT pDriverObject)
{
}
NTSTATUS DriverEntry(PDRIVER_OBJECTpDriverObject,PUNICODE_STRING Reg_Path)
{
ReadWriteProcess();
pDriverObject->DriverUnload = MyUnload;
return STATUS_SUCCESS;
}
领取专属 10元无门槛券
私享最新 技术干货