LONG KernelImageFileBase;
HANDLE KernelImageFilehandle;
UNICODE_STRING KernelImageName;
OBJECT_ATTRIBUTES obj_attr;
NTSTATUS status;
GetKernelImageName(&KernelImageName); //得到的路径 //C:\WINDOWS\system32\ntoskrnl.exe
InitializeObjectAttributes(&obj_attr,&KernelImageName,OBJ_EXCLUSIVE,NULL,NULL);
status = ZwOpenFile(&KernelImageFilehandle,GENERIC_ALL,&obj_attr,NULL,FILE_SHARE_READ,FILE_SYNCHRONOUS_IO_NONALERT);
if (STATUS_SUCCESS != status)
{
KdPrint(("ZwOpenFile field!\n"));
return;
}
KdPrint(("ZwOpenFile success!\n"));
以上代码执行的时候结果为 ZwOpenFile field,不知道为什么,请大家帮忙看下!谢谢
HANDLE KernelImageFilehandle;
UNICODE_STRING KernelImageName;
OBJECT_ATTRIBUTES obj_attr;
NTSTATUS status;
GetKernelImageName(&KernelImageName); //得到的路径 //C:\WINDOWS\system32\ntoskrnl.exe
InitializeObjectAttributes(&obj_attr,&KernelImageName,OBJ_EXCLUSIVE,NULL,NULL);
status = ZwOpenFile(&KernelImageFilehandle,GENERIC_ALL,&obj_attr,NULL,FILE_SHARE_READ,FILE_SYNCHRONOUS_IO_NONALERT);
if (STATUS_SUCCESS != status)
{
KdPrint(("ZwOpenFile field!\n"));
return;
}
KdPrint(("ZwOpenFile success!\n"));
以上代码执行的时候结果为 ZwOpenFile field,不知道为什么,请大家帮忙看下!谢谢