自己寫API來調用好像不會被HOOK會C++的大大可以朝這方面努力=ˇ=
我不會C++只是網路找到發一下而已
自己實現一下 ReadVirtualMemory
==================================
NTSTATUS
NtReadVirtualMemory (
IN HANDLE ProcessHandle,
IN PVOID BaseAddress,
OUT PVOID Buffer,
IN ULONG BufferSize,
OUT PULONG NumberOfBytesRead OPTIONAL
)
{
ULONG BytesCopied;
KPROCESSOR_MODE PreviousMode;
PEPROCESS Process;
NTSTATUS Status;
PAGED_CODE();
PreviousMode = KeGetPreviousMode();
if (PreviousMode != KernelMode) {
Status = MiValidateUserTransfer(BaseAddress, Buffer, BufferSize);
if (Status != STATUS_SUCCESS) {
return Status;
}
if (ARGUMENT_PRESENT(NumberOfBytesRead)) {
try {
ProbeForWriteUlong(NumberOfBytesRead);
} except(EXCEPTION_EXECUTE_HANDLER) {
return GetExceptionCode();
}
}
}
BytesCopied = 0;
Status = STATUS_SUCCESS;
if (BufferSize != 0) {
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_VM_READ,
PsProcessType,
PreviousMode,
(PVOID *)&Process,
NULL);
if (Status == STATUS_SUCCESS) {
Status = MmCopyVirtualMemory (Process,
BaseAddress,
PsGetCurrentProcess(),
Buffer,
BufferSize,
PreviousMode,
&BytesCopied);
ObDereferenceObject(Process);
}
}
if (ARGUMENT_PRESENT(NumberOfBytesRead)) {
try {
*NumberOfBytesRead = BytesCopied;
} except(EXCEPTION_EXECUTE_HANDLER) {
NOTHING;
}
}
return Status;
}
留言列表
楓之谷數據 (1)
