[代码原创,思路非原创]VB版使用ZwSetSystemInformation加载驱动
本帖最后由 Tesla.Angela 于 2010-6-5 09:35 编辑用ZwSetSystemInformation加载驱动算是老技巧了,不过网上的代码都是C语言的,我一时无聊,就把它转成VB了。
相信不少人都使用陈辉写的驱动加载模块吧?某些时候用用这个也不错。
Private Type UNICODE_STRING
Length As Integer
MaxLength As Integer
pBuffer As Long
End Type
Private Type SYSTEM_LOAD_AND_CALL_IMAGE
ImageName As UNICODE_STRING
End Type
Private Declare Function RtlInitUnicodeString Lib "NTDLL.DLL" (ByRef DestinationString As UNICODE_STRING, ByVal SourceString As Long) As Long
Private Declare Function ZwSetSystemInformation Lib "NTDLL.DLL" (ByVal SystemInformationClass As Long, ByVal pSystemInformation As Long, ByVal SystemInformationLength As Long) As Long
Private Function NT_SUCCESS(ByVal Status As Long) As Boolean
NT_SUCCESS = (Status >= 0)
End Function
Sub Main()
Dim ustr As SYSTEM_LOAD_AND_CALL_IMAGE
Call RtlInitUnicodeString(ustr.ImageName, StrPtr("\??\c:\_root_.sys"))
If (NT_SUCCESS(ZwSetSystemInformation(38, VarPtr(ustr), Len(ustr))) = True) Then
MsgBox "Load Driver Success!", , ""
Else
MsgBox "Load Driver Error!", , ""
End If
End Sub
本帖最后由 Tesla.Angela 于 2010-6-5 09:44 编辑
沙发自己坐。
VB.NET没有指针(连VarPtr都没有),修改一下声明估计可以移植到VB.NET上:
Private Type UNICODE_STRING
Dim Length As Short
Dim MaxLength As Short
Dim pBuffer As Integer
End Type
Private Declare Function RtlInitUnicodeString Lib "NTDLL.DLL" (ByRef DestinationString As UNICODE_STRING, ByRef SourceString As String) As Integer
Private Declare Function ZwSetSystemInformation Lib "NTDLL.DLL" (ByVal SystemInformationClass As Integer, ByRef pSystemInformation As SYSTEM_LOAD_AND_CALL_IMAGE, ByVal SystemInformationLength As Integer) As Integer
重装了系统,不想再安装几乎有4GB的VS2008了。 有什么优点吗!? 回复 4# oopww
不用写注册表,不使用NtLoadDriver。 360呢?!!!!回复 5# Tesla.Angela
页:
[1]