[求助]创建调试对象。蓝屏大神看看这是啥情况-软件逆向-看雪-安全社区|安全招聘|kanxue.com

[求助]创建调试对象。蓝屏大神看看这是啥情况

发表于: 2016-1-6 22:22 3061

[求助]创建调试对象。蓝屏大神看看这是啥情况

简单选择

2016-1-6 22:22

3061

NTSTATUS
CreatemyObjectTypeByName(
IN PCWSTR ObjectTypeName,//要创建的对象类型的名字
IN POBJECT_TYPE pObjectTypeForCopy,//原始的ObjectType
OUT POBJECT_TYPE *pNewObjectType)//返回新创建的ObjectType
{

	UNICODE_STRING NameString;
	OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
	NTSTATUS status = 0;
	RtlInitUnicodeString(&NameString, ObjectTypeName);
	RtlZeroMemory(&ObjectTypeInitializer, sizeof(OBJECT_TYPE_INITIALIZER));

	ObjectTypeInitializer.Length = pObjectTypeForCopy->TypeInfo.Length;
	ObjectTypeInitializer.UseDefaultObject = pObjectTypeForCopy->TypeInfo.UseDefaultObject;
	ObjectTypeInitializer.CaseInsensitive = pObjectTypeForCopy->TypeInfo.CaseInsensitive;
	ObjectTypeInitializer.InvalidAttributes = pObjectTypeForCopy->TypeInfo.InvalidAttributes;
	ObjectTypeInitializer.GenericMapping = pObjectTypeForCopy->TypeInfo.GenericMapping;
	ObjectTypeInitializer.ValidAccessMask = 0x1f000f;
	ObjectTypeInitializer.SecurityRequired = pObjectTypeForCopy->TypeInfo.SecurityRequired;
	ObjectTypeInitializer.MaintainHandleCount = pObjectTypeForCopy->TypeInfo.MaintainHandleCount;
	ObjectTypeInitializer.MaintainTypeList = pObjectTypeForCopy->TypeInfo.MaintainTypeList;
	ObjectTypeInitializer.PoolType = pObjectTypeForCopy->TypeInfo.PoolType;
	ObjectTypeInitializer.DefaultPagedPoolCharge = pObjectTypeForCopy->TypeInfo.DefaultPagedPoolCharge;
	ObjectTypeInitializer.DefaultNonPagedPoolCharge = pObjectTypeForCopy->TypeInfo.DefaultNonPagedPoolCharge;
	ObjectTypeInitializer.DumpProcedure = pObjectTypeForCopy->TypeInfo.DumpProcedure;
	ObjectTypeInitializer.OpenProcedure = pObjectTypeForCopy->TypeInfo.OpenProcedure;
	ObjectTypeInitializer.CloseProcedure = pObjectTypeForCopy->TypeInfo.CloseProcedure;
	ObjectTypeInitializer.DeleteProcedure = pObjectTypeForCopy->TypeInfo.DeleteProcedure;
	ObjectTypeInitializer.ParseProcedure = pObjectTypeForCopy->TypeInfo.ParseProcedure;
	ObjectTypeInitializer.SecurityProcedure = pObjectTypeForCopy->TypeInfo.SecurityProcedure;
	ObjectTypeInitializer.QueryNameProcedure = pObjectTypeForCopy->TypeInfo.QueryNameProcedure;
	ObjectTypeInitializer.OkayToCloseProcedure = pObjectTypeForCopy->TypeInfo.OkayToCloseProcedure;

	status = ObCreateObjectType(
		&NameString,
		&ObjectTypeInitializer,
		(PSECURITY_DESCRIPTOR)NULL,
		pNewObjectType);

	if (NT_SUCCESS(status))
	{
		DbgPrint("pNewObjectType: 0x%08X\n", *pNewObjectType);
	}
	return status;
}

抄的论坛上的代码。。 XP跑得正常。。。 win7 32位蓝屏。。。调用ObCreateObjectType蓝屏的。。这是哪里的问题丫。

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・1

免费・0

支持

最新回复 (1)
简单选择雪币： 5 活跃值： (127) 能力值： ( LV2，RANK：10 ) 在线值：发帖 27 回帖 73 粉丝 0 关注私信	简单选择 2 楼已经解决了。。 2016-1-6 23:17 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

简单选择

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

专注于PC、移动、智能设备安全研究及逆向工程的开发者社区

最新回复 (1)
简单选择雪币： 5 活跃值： (127) 能力值： ( LV2，RANK：10 ) 在线值：发帖 27 回帖 73 粉丝 0 关注私信	简单选择 2 楼已经解决了。。 2016-1-6 23:17 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

[求助]创建调试对象。蓝屏 大神看看这是啥情况

[求助]创建调试对象。蓝屏大神看看这是啥情况