简单内核模式驱动程序
简单内核模式驱动程序
提问于 2018-02-19 01:54:37
我正在创建简单的内核模式驱动程序(空项目)来尝试一些
用户模式应用程序上的读/写内存操作。
我在以下代码行编译项目时遇到错误:
NTSTATUS NTAPI MmCopyVirtualMemory(PEPROCESS SourceProcess, PVOID
SourceAddress, PEPROCESS TargetProcess, PVOID TargetAddress, SIZE_T
BufferSize, KPROCESSOR_MODE PreviousMode, PSIZE_T ReturnSize);
NTSTATUS PsLookupProcessByProcessId(_In_ HANDLE ProcessId, _Outptr_
PEPROCESS *Process);
KernelWPM(Process, &Writeval, 0x010F29B0, sizeof(__int32));VS编译错误:
Severity Code Description Project File Line Suppression State
Error C2371 'PEPROCESS': redefinition; different basic types INR
C:\Program Files (x86)\Windows Kits\10\Include\10.0.16299.0\km\ntifs.h 85
Warning C4022 'GetProcessByID': pointer mismatch for actual parameter 1
INR C:\Users\NAKEDRAT\Desktop\INR\INR\main.c 62
Error C2371 'PETHREAD': redefinition; different basic types INR
C:\Program Files (x86)\Windows Kits\10\Include\10.0.16299.0\km\ntifs.h 86
Warning C4047 'function': 'PEPROCESS' differs in levels of indirection
from 'PEPROCESS **' INR C:\Users\NAKEDRAT\Desktop\INR\INR\main.c 62
Warning C4024 'GetProcessByID': different types for formal and actual
parameter 2 INR C:\Users\NAKEDRAT\Desktop\INR\INR\main.c 62
Warning C4047 'function': 'PEPROCESS' differs in levels of indirection
from 'PEPROCESS *' INR C:\Users\NAKEDRAT\Desktop\INR\INR\main.c 64
Warning C4024 'KernelWPM': different types for formal and actual parameter
1 INR C:\Users\NAKEDRAT\Desktop\INR\INR\main.c 64
Warning C4022 'KernelWPM': pointer mismatch for actual parameter 3 INR
C:\Users\NAKEDRAT\Desktop\INR\INR\main.c 64 下面是我的代码:同样使用相同的SDK和WDK版本
#include <ntddk.h>
#include <ntdef.h>
#include <ntifs.h>
DRIVER_INITIALIZE DriverEntry;
#pragma alloc_text(INIT, DriverEntry)
NTSTATUS NTAPI MmCopyVirtualMemory(PEPROCESS SourceProcess, PVOID
SourceAddress, PEPROCESS TargetProcess, PVOID TargetAddress, SIZE_T
BufferSize, KPROCESSOR_MODE PreviousMode, PSIZE_T ReturnSize);
NTSTATUS PsLookupProcessByProcessId(_In_ HANDLE ProcessId, _Outptr_
PEPROCESS *Process);
NTSTATUS KernelRPM(PEPROCESS Process, PVOID SourceAddress, PVOID
TargetAddress, SIZE_T Size)
{
PEPROCESS SourceProcess = Process;
PEPROCESS TargetProcess = PsGetCurrentProcess();
SIZE_T Result;
if (NT_SUCCESS(MmCopyVirtualMemory(SourceProcess, SourceAddress,
TargetProcess, TargetAddress, Size, KernelMode, &Result)))
return STATUS_SUCCESS;
else
return STATUS_ACCESS_DENIED;
}
NTSTATUS KernelWPM(PEPROCESS Process, PVOID SourceAddress, PVOID
TargetAddress, SIZE_T Size)
{
PEPROCESS SourceProcess = PsGetCurrentProcess();
PEPROCESS TargetProcess = Process;
SIZE_T Result;
if (NT_SUCCESS(MmCopyVirtualMemory(SourceProcess, SourceAddress,
TargetProcess, TargetAddress, Size, KernelMode, &Result)))
return STATUS_SUCCESS;
else
return STATUS_ACCESS_DENIED;
}
NTSTATUS DriverEntry(_In_ struct _DRIVER_OBJECT *DriverObject, _In_
PUNICODE_STRING RegistryPath)
{
int Writeval = 666;
PEPROCESS *Process;
GetProcessByID(4872, &Process);
KernelWPM(Process, &Writeval, 0x010F29B0, sizeof(__int32));
DbgPrint("Value of int i: %d", Writeval);
return STATUS_SUCCESS;
}我做错了什么?我如何改进这一点,有什么建议吗?谢谢。
回答 2
Stack Overflow用户
发布于 2018-06-04 07:45:27
您在同一文件中包含了nttdk和ntifs。这将引发冲突。
Stack Overflow用户
发布于 2020-02-19 23:45:10
在ntddk.h为我修复它之前包含ntifs.h。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/48854835
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号