DriverEntry.c- #include "ntddk.h"
- #define PAGEDCODE code_seg("PAGE")
- #define LOCKEDCODE code_seg()
- #define INITCODE code_seg("INIT")
- #define PAGEDDATA data_seg("PAGE")
- #define LOCKEDDATA data_seg()
- #define INITDATA data_seg("INIT")
- #pragma PAGEDCODE
- VOID MyDriverUnload(IN PDRIVER_OBJECT pDriverObject)
- {
- KdPrint(("DriverEntry unLoading...\n"));
- }
- #pragma INITCODE
- NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING RegistryPath)
- {
- NTSTATUS status = STATUS_SUCCESS;
- ULONG u_Index;
- PVOID pfn_ObGetObjectType;
- PULONG ObTypeIndexTable;
- UNICODE_STRING str_func_name;
- RtlInitUnicodeString(&str_func_name, L"ObGetObjectType");
- pfn_ObGetObjectType = MmGetSystemRoutineAddress(&str_func_name);
- if (!MmIsAddressValid(pfn_ObGetObjectType))
- {
- KdPrint(("error!\n"));
- }
- else
- {
- ObTypeIndexTable = *(PULONG *)((ULONG)pfn_ObGetObjectType + 15);
- u_Index = 2;
- while (ObTypeIndexTable[u_Index])
- {
- KdPrint(("ObTypeIndexTable[%d]:%wZ\n", u_Index, ObTypeIndexTable[u_Index] + 8));
- u_Index++;
- }
- }
- pDriverObject->DriverUnload = MyDriverUnload;
- return status;
- }
复制代码 |