IOCTL读写驱动-Microsoft微软签名

大宝

1. 
   
2. typedef struct _REQUEST_BASE {
   
3.         DWORD ProcessId;
   
4.         PVOID Base;
   
5. } REQUEST_BASE, * PREQUEST_BASE;
   
6. 
   
7. typedef struct _REQUEST_WRITE {
   
8.         DWORD ProcessId;
   
9.         PVOID Dest;
   
10.         PVOID Src;
    
11.         DWORD Size;
    
12. } REQUEST_WRITE, * PREQUEST_WRITE;
    
13. 
    
14. typedef struct _REQUEST_READ {
    
15.         DWORD ProcessId;
    
16.         PVOID Dest;
    
17.         PVOID Src;
    
18.         DWORD Size;
    
19. } REQUEST_READ, * PREQUEST_READ;
    

复制代码

1. 
   
2. #define DRIVER_SVC_NAME                                 L"mstoresvc"
   
3. #define DRIVER_DEVICE_FILE           L"\\\\.\" DRIVER_SVC_NAME
   
4. 
   
5. #define FILE_DEVICE_DRIVER 0x131120
   
6. #define IOCTL_CORE_BASE                                (ULONG)CTL_CODE(FILE_DEVICE_DRIVER, 0x810, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
   
7. #define IOCTL_CORE_WRITE                        (ULONG)CTL_CODE(FILE_DEVICE_DRIVER, 0x811, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
   
8. #define IOCTL_CORE_READ                                (ULONG)CTL_CODE(FILE_DEVICE_DRIVER, 0x812, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
   
9. #define IOCTL_CORE_SETUP                        (ULONG)CTL_CODE(FILE_DEVICE_DRIVER, 0x813, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
   

复制代码

kafka

试试看

chazinai

有调用demo吗？

chazinai

有通讯，hDevice=CreateFileA("\\\\.\\mstoresvc", GENERIC_READ | GENERIC_WRITE, 0, 0, 3, 0, 0)；
DeviceIoControl(hDevice,IOCTL_CORE_BASE,&buffer,sizeof(buffer),0,8,0,0));
获取地址了，但地址获取到的是0，这两行有问题吗