获取句柄的详细信息:(原代码) http://blog.vckbase.com/bastet/archive/2005/03/31/4244.html
2007-04-18 18:01
686 查看
一、驱动部分
extern "C"
{
#include <ntddk.h>
}
#include "ScSysInfo.h"
extern "C"
{
#include "native.h"
#include "../TestHandle/ob.h"
}
#if 1
#define dprintf DbgPrint
#else
#define dprintf
#endif
#define kprintf DbgPrint
#define NT_DEVICE_NAME L"//Device//ScSysInfo"
#define DOS_DEVICE_NAME L"//DosDevices//ScSysInfo"
typedef struct _OBJECT_TYPE {
ERESOURCE Mutex;
LIST_ENTRY TypeList;
UNICODE_STRING Name; // Copy from object header for convenience
PVOID DefaultObject;
ULONG Index;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
OBJECT_TYPE_INITIALIZER TypeInfo;
#ifdef POOL_TAGGING
ULONG Key;
#endif //POOL_TAGGING
} OBJECT_TYPE, *POBJECT_TYPE;
struct ScHandleInfoOut
{
OBJECT_HEADER obj_hdr;
OBJECT_TYPE obj_type;
};
NTSTATUS ScSysInfoDispatchCreate(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
NTSTATUS ScSysInfoDispatchClose(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
NTSTATUS ScSysInfoDispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
VOID ScSysInfoUnload(IN PDRIVER_OBJECT DriverObject);
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING RegistryPath)
{
NTSTATUS ntStatus;
PDEVICE_OBJECT DeviceObject = NULL;
UNICODE_STRING ntDeviceName, dosDeviceName;
RtlInitUnicodeString(&ntDeviceName, NT_DEVICE_NAME);
ntStatus = IoCreateDevice(
DriverObject,
0,
&ntDeviceName, // DeviceName
FILE_DEVICE_SCSYSINFO, // DeviceType
0, // DeviceCharacteristics
FALSE, // Exclusive
&DeviceObject // [OUT]
);
DeviceObject->Flags |= DO_BUFFERED_IO;
if (!NT_SUCCESS(ntStatus))
{
dprintf("ScSysInfo IoCreateDevice=0x%x/n", ntStatus);
goto __failed;
}
RtlInitUnicodeString(&dosDeviceName, DOS_DEVICE_NAME);
ntStatus = IoCreateSymbolicLink(&dosDeviceName, &ntDeviceName);
if (!NT_SUCCESS(ntStatus))
{
goto __failed;
}
BOOLEAN fSymbolicLink = TRUE;
DriverObject->MajorFunction[IRP_MJ_CREATE] = ScSysInfoDispatchCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = ScSysInfoDispatchClose;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ScSysInfoDispatchDeviceControl;
DriverObject->DriverUnload = ScSysInfoUnload;
if (!NT_SUCCESS(ntStatus))
{
goto __failed;
}
return ntStatus;
__failed:
if (fSymbolicLink)
{
IoDeleteSymbolicLink(&dosDeviceName);
}
if (DeviceObject)
{
IoDeleteDevice(DeviceObject);
}
return ntStatus;
}
NTSTATUS ScSysInfoDispatchCreate(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS ScSysInfoDispatchClose(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS ScSysInfoDispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
NTSTATUS ntStatus;
PIO_STACK_LOCATION IrpStack = IoGetCurrentIrpStackLocation(Irp);
PVOID lpInOutBuffer;
ULONG nInBufferSize, nOutBufferSize, dwIoControlCode;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
lpInOutBuffer = Irp->AssociatedIrp.SystemBuffer;
HANDLE *inbuf=(HANDLE*)Irp->AssociatedIrp.SystemBuffer;
ScHandleInfoOut *outbuf=(ScHandleInfoOut *)Irp->AssociatedIrp.SystemBuffer;
nInBufferSize = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
nOutBufferSize = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
dprintf("ScSysInfo IRP_MJ_DEVICE_CONTROL/n");
dwIoControlCode = IrpStack->Parameters.DeviceIoControl.IoControlCode;
switch (dwIoControlCode)
{
case IOCTL_SCSYSINFO_GETHANDLEOBJECT:
{
PVOID objbody=NULL;
POBJECT_HEADER ObjectHeader=NULL;
if(ObReferenceObjectByHandle(*inbuf,0x80000000,NULL,KernelMode,&objbody,NULL)==STATUS_SUCCESS)
{
if(objbody!=NULL)
{
ObjectHeader=OBJECT_TO_OBJECT_HEADER(objbody);
}
}
memset(outbuf,0,sizeof(ScHandleInfoOut));
if(ObjectHeader!=NULL)
{
outbuf->obj_hdr=*ObjectHeader;
if(ObjectHeader->Type!=NULL)
{
outbuf->obj_type=*(ObjectHeader->Type);
}
ObDereferenceObject(objbody);
}
Irp->IoStatus.Information = sizeof(ScHandleInfoOut);
Irp->IoStatus.Status = STATUS_SUCCESS;
break;
}
default:
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
dprintf("ScSysInfo unknown IRP_MJ_DEVICE_CONTROL/n");
break;
}
ntStatus = Irp->IoStatus.Status;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return ntStatus;
}
VOID ScSysInfoUnload(IN PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING dosDeviceName;
RtlInitUnicodeString(&dosDeviceName, DOS_DEVICE_NAME);
IoDeleteSymbolicLink(&dosDeviceName);
IoDeleteDevice(DriverObject->DeviceObject);
}
posted on 2005-03-31 07:59 Diviner 阅读(1953) 评论(6) 编辑 收藏
typedef struct _OBJECT_CREATE_INFORMATION {
ULONG Attributes;
HANDLE RootDirectory;
PVOID ParseContext;
KPROCESSOR_MODE ProbeMode;
ULONG PagedPoolCharge;
ULONG NonPagedPoolCharge;
ULONG SecurityDescriptorCharge;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PSECURITY_QUALITY_OF_SERVICE SecurityQos;
SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
} OBJECT_CREATE_INFORMATION, *POBJECT_CREATE_INFORMATION;
typedef struct _OBJECT_HEADER {
LONG PointerCount;
union {
LONG HandleCount;
PSINGLE_LIST_ENTRY SEntry;
};
POBJECT_TYPE Type;
UCHAR NameInfoOffset;
UCHAR HandleInfoOffset;
UCHAR QuotaInfoOffset;
UCHAR Flags;
union
{
POBJECT_CREATE_INFORMATION ObjectCreateInfo;
PVOID QuotaBlockCharged;
};
PSECURITY_DESCRIPTOR SecurityDescriptor;
QUAD Body;
} OBJECT_HEADER, *POBJECT_HEADER;
#define OBJECT_TO_OBJECT_HEADER( o ) /
CONTAINING_RECORD( (o), OBJECT_HEADER, Body )
# 头文件 2005-03-31 08:00 七猫的垃圾箱
#pragma once
#define FILE_DEVICE_SCSYSINFO 0x8000
#define SCSYSINFO_IOCTL_BASE 0x800
#define CTL_CODE_SCSYSINFO(i) CTL_CODE(FILE_DEVICE_SCSYSINFO, SCSYSINFO_IOCTL_BASE+i, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_SCSYSINFO_GETHANDLEOBJECT CTL_CODE_SCSYSINFO(0)
#define IOCTL_SCSYSINFO_TEST CTL_CODE_SCSYSINFO(1)
#define SCSYSINFO_DEVICE_NAME_WIN32 "////.//ScSysInfo"
# ob.h 2005-03-31 08:01 Diviner
#pragma once
typedef struct _OBJECT_DUMP_CONTROL {
PVOID Stream;
ULONG Detail;
} OB_DUMP_CONTROL, *POB_DUMP_CONTROL;
typedef VOID (*OB_DUMP_METHOD)(
IN PVOID Object,
IN POB_DUMP_CONTROL Control OPTIONAL
);
typedef enum _OB_OPEN_REASON {
ObCreateHandle,
ObOpenHandle,
ObDuplicateHandle,
ObInheritHandle,
ObMaxOpenReason
} OB_OPEN_REASON;
typedef struct _EPROCESS *PEPROCESS;
typedef VOID (*OB_OPEN_METHOD)(
IN OB_OPEN_REASON OpenReason,
IN PEPROCESS Process OPTIONAL,
IN PVOID Object,
IN ACCESS_MASK GrantedAccess,
IN ULONG HandleCount
);
typedef BOOLEAN (*OB_OKAYTOCLOSE_METHOD)(
IN PEPROCESS Process OPTIONAL,
IN PVOID Object,
IN HANDLE Handle
);
typedef VOID (*OB_CLOSE_METHOD)(
IN PEPROCESS Process OPTIONAL,
IN PVOID Object,
IN ACCESS_MASK GrantedAccess,
IN ULONG ProcessHandleCount,
IN ULONG SystemHandleCount
);
typedef VOID (*OB_DELETE_METHOD)(
IN PVOID Object
);
typedef CCHAR KPROCESSOR_MODE;
typedef NTSTATUS (*OB_PARSE_METHOD)(
IN PVOID ParseObject,
IN PVOID ObjectType,
IN OUT PACCESS_STATE AccessState,
IN KPROCESSOR_MODE AccessMode,
IN ULONG Attributes,
IN OUT PUNICODE_STRING CompleteName,
IN OUT PUNICODE_STRING RemainingName,
IN OUT PVOID Context OPTIONAL,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL,
OUT PVOID *Object
);
typedef NTSTATUS (*OB_SECURITY_METHOD)(
IN PVOID Object,
IN SECURITY_OPERATION_CODE OperationCode,
IN PSECURITY_INFORMATION SecurityInformation,
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PULONG CapturedLength,
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
IN POOL_TYPE PoolType,
IN PGENERIC_MAPPING GenericMapping
);
typedef NTSTATUS (*OB_QUERYNAME_METHOD)(
IN PVOID Object,
IN BOOLEAN HasObjectName,
OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
IN ULONG Length,
OUT PULONG ReturnLength
);
typedef struct _OBJECT_TYPE_INITIALIZER {
USHORT Length;
BOOLEAN UseDefaultObject;
BOOLEAN Reserved;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccessMask;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
BOOLEAN MaintainTypeList;
POOL_TYPE PoolType;
ULONG DefaultPagedPoolCharge;
ULONG DefaultNonPagedPoolCharge;
OB_DUMP_METHOD DumpProcedure;
OB_OPEN_METHOD OpenProcedure;
OB_CLOSE_METHOD CloseProcedure;
OB_DELETE_METHOD DeleteProcedure;
OB_PARSE_METHOD ParseProcedure;
OB_SECURITY_METHOD SecurityProcedure;
OB_QUERYNAME_METHOD QueryNameProcedure;
OB_OKAYTOCLOSE_METHOD OkayToCloseProcedure;
} OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER;
# 打开驱动部分 2005-03-31 08:01 Diviner
#pragma once
#define WIN32_LEAN_AND_MEAN
#include <Windows.h>
extern "C"
{
#include "native.h"
#include "ddk.h"
#include "ob.h"
}
typedef CCHAR KPROCESSOR_MODE;
typedef enum _MODE {
KernelMode,
UserMode,
MaximumMode
} MODE;
typedef ULONG_PTR ERESOURCE_THREAD;
typedef struct _OWNER_ENTRY {
ERESOURCE_THREAD OwnerThread;
union {
LONG OwnerCount;
ULONG TableSize;
};
} OWNER_ENTRY, *POWNER_ENTRY;
typedef struct _ERESOURCE {
LIST_ENTRY SystemResourcesList;
POWNER_ENTRY OwnerTable;
SHORT ActiveCount;
USHORT Flag;
PKSEMAPHORE SharedWaiters;
PKEVENT ExclusiveWaiters;
OWNER_ENTRY OwnerThreads[2];
ULONG ContentionCount;
USHORT NumberOfSharedWaiters;
USHORT NumberOfExclusiveWaiters;
union {
PVOID Address;
ULONG_PTR CreatorBackTraceIndex;
};
KSPIN_LOCK SpinLock;
} ERESOURCE, *PERESOURCE;
typedef struct _OBJECT_TYPE {
ERESOURCE Mutex;
LIST_ENTRY TypeList;
UNICODE_STRING Name; // Copy from object header for convenience
PVOID DefaultObject;
ULONG Index;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
OBJECT_TYPE_INITIALIZER TypeInfo;
#ifdef POOL_TAGGING
ULONG Key;
#endif //POOL_TAGGING
} OBJECT_TYPE, *POBJECT_TYPE;
typedef struct _OBJECT_TYPE *POBJECT_TYPE;
typedef double DOUBLE;
typedef struct _QUAD { // QUAD is for those times we want
double DoNotUseThisField; // an 8 byte aligned 8 byte long structure
} QUAD; // which is NOT really a floating point
// number. Use DOUBLE if you want an FP
// number.
#include "../ScSysInfo/ScSysInfo.h"
#include "../ScSysInfo/native.h"
struct ScHandleInfoOut
{
OBJECT_HEADER obj_hdr;
OBJECT_TYPE obj_type;
};
class MemDriver
{
public:
MemDriver(){_handle=NULL;}
~MemDriver(){if(_handle!=NULL)CloseHandle(_handle);}
bool InstallAndStart();
bool UnInstall();
ScHandleInfoOut *GetHeaderByHandle(HANDLE queryhandle);
public:
bool OpenDriver();
private:
HANDLE _handle;
};
extern MemDriver gMemDriver;
#include "Memdriver.h"
#include <WinSvc.h>
#include <winioctl.h>
#include <stdlib.h>
#include <stdio.h>
MemDriver gMemDriver;
#define DRIVERNAME "ScSysInfo"
#define DRIVERFILANAME "ScSysInfo.sys"
bool MemDriver::UnInstall()
{
SC_HANDLE scmHandle=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(scmHandle!=0)
{
SC_HANDLE handle=OpenService(scmHandle,DRIVERNAME,SERVICE_ALL_ACCESS);
if(handle!=0)
{
SERVICE_STATUS status;
ControlService(handle,SERVICE_CONTROL_STOP,&status);
DeleteService(handle);
CloseServiceHandle(handle);
}
CloseServiceHandle(scmHandle);
}
return true;
}
bool MemDriver::InstallAndStart()
{
char systemDir[MAX_PATH];
GetSystemDirectory(systemDir,MAX_PATH);
strcat(systemDir,"//drivers//");
strcat(systemDir,DRIVERFILANAME);
UnInstall();
SetFileAttributes(systemDir,0);
DeleteFile(systemDir);
if(CopyFile("D://HandleInfo//debug//ScSysInfo.sys",systemDir,FALSE)==0)
return false;
SC_HANDLE scmHandle=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(scmHandle==0)
return false;
SC_HANDLE newDriver=CreateService(scmHandle,DRIVERNAME,DRIVERNAME,SERVICE_ALL_ACCESS,SERVICE_KERNEL_DRIVER,SERVICE_DEMAND_START,SERVICE_ERROR_IGNORE,systemDir,NULL,NULL,NULL,NULL,NULL);
if(newDriver!=NULL)
{
const char *args=NULL;
StartService(newDriver,0,&args);
CloseServiceHandle(newDriver);
}
CloseServiceHandle(scmHandle);
return true;
}
bool MemDriver::OpenDriver()
{
char drvName[MAX_PATH];
wsprintf(drvName,"////.//%s",DRIVERNAME);
_handle=CreateFile(drvName,GENERIC_ALL,0,NULL,OPEN_EXISTING,0,0);
if(_handle==INVALID_HANDLE_VALUE)
{
return false;
}
return true;
}
ScHandleInfoOut *MemDriver::GetHeaderByHandle(HANDLE queryhandle)
{
static ScHandleInfoOut outbuf;
HANDLE inbuf=queryhandle;
DWORD retLen=sizeof(outbuf);
memset(&outbuf,0,sizeof(outbuf));
if(!DeviceIoControl(_handle,IOCTL_SCSYSINFO_GETHANDLEOBJECT,&inbuf,sizeof(inbuf),&outbuf,sizeof(outbuf),&retLen,NULL))
{
//glog.log(__FUNCTION__,"pa acquire error");
return 0;
}
return &outbuf;
}
# re: 获取句柄的详细信息:(原代码) 2005-03-31 08:02 七猫的垃圾箱
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include "socknative.h"
#include "MemDriver.h"
#pragma comment(lib,"ntdll")
#pragma comment(lib,"ws2_32")
#pragma comment(lib,"Ws2Help")
class Winsock2Env
{
public:
Winsock2Env(){WSADATA m_data;WSAStartup(MAKEWORD(2,2),&m_data);}
~Winsock2Env(){WSACleanup();}
};
Winsock2Env gWinsock2Env;
int main(int argc, char *argv[])
{
gMemDriver.InstallAndStart();
gMemDriver.OpenDriver();
//HANDLE handle=CreateEvent(NULL,TRUE,TRUE,NULL);
HANDLE handle=(HANDLE)socket(AF_INET,SOCK_STREAM,0);
sockaddr_in sa;
memset(&sa,0,sizeof(sa));
sa.sin_family=AF_INET;
sa.sin_addr.S_un.S_addr=INADDR_ANY;
sa.sin_port=htons(5011);
int ret=bind((SOCKET)handle,(sockaddr*)&sa,sizeof(sa));
ScHandleInfoOut *pheader=gMemDriver.GetHeaderByHandle(handle);
DWORD retlen=0;
OBJECT_BASIC_INFORMATION basic_info;
NtQueryObject(handle,ObjectBasicInformation,&basic_info,sizeof(basic_info),&retlen);
retlen=0;
OBJECT_NAME_INFORMATION name_info;
NtQueryObject(handle,ObjectNameInformation,&name_info,sizeof(name_info),&retlen);
OBJECT_TYPE_INFORMATION type_info;
int sizeddd=sizeof(type_info);
NtQueryObject(handle,ObjectTypeInformation,&type_info,sizeof(type_info),&retlen);
return 0;
}
# native.h 2005-03-31 08:00 七猫的垃圾箱
extern "C"
{
#include <ntddk.h>
}
#include "ScSysInfo.h"
extern "C"
{
#include "native.h"
#include "../TestHandle/ob.h"
}
#if 1
#define dprintf DbgPrint
#else
#define dprintf
#endif
#define kprintf DbgPrint
#define NT_DEVICE_NAME L"//Device//ScSysInfo"
#define DOS_DEVICE_NAME L"//DosDevices//ScSysInfo"
typedef struct _OBJECT_TYPE {
ERESOURCE Mutex;
LIST_ENTRY TypeList;
UNICODE_STRING Name; // Copy from object header for convenience
PVOID DefaultObject;
ULONG Index;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
OBJECT_TYPE_INITIALIZER TypeInfo;
#ifdef POOL_TAGGING
ULONG Key;
#endif //POOL_TAGGING
} OBJECT_TYPE, *POBJECT_TYPE;
struct ScHandleInfoOut
{
OBJECT_HEADER obj_hdr;
OBJECT_TYPE obj_type;
};
NTSTATUS ScSysInfoDispatchCreate(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
NTSTATUS ScSysInfoDispatchClose(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
NTSTATUS ScSysInfoDispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
VOID ScSysInfoUnload(IN PDRIVER_OBJECT DriverObject);
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING RegistryPath)
{
NTSTATUS ntStatus;
PDEVICE_OBJECT DeviceObject = NULL;
UNICODE_STRING ntDeviceName, dosDeviceName;
RtlInitUnicodeString(&ntDeviceName, NT_DEVICE_NAME);
ntStatus = IoCreateDevice(
DriverObject,
0,
&ntDeviceName, // DeviceName
FILE_DEVICE_SCSYSINFO, // DeviceType
0, // DeviceCharacteristics
FALSE, // Exclusive
&DeviceObject // [OUT]
);
DeviceObject->Flags |= DO_BUFFERED_IO;
if (!NT_SUCCESS(ntStatus))
{
dprintf("ScSysInfo IoCreateDevice=0x%x/n", ntStatus);
goto __failed;
}
RtlInitUnicodeString(&dosDeviceName, DOS_DEVICE_NAME);
ntStatus = IoCreateSymbolicLink(&dosDeviceName, &ntDeviceName);
if (!NT_SUCCESS(ntStatus))
{
goto __failed;
}
BOOLEAN fSymbolicLink = TRUE;
DriverObject->MajorFunction[IRP_MJ_CREATE] = ScSysInfoDispatchCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = ScSysInfoDispatchClose;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ScSysInfoDispatchDeviceControl;
DriverObject->DriverUnload = ScSysInfoUnload;
if (!NT_SUCCESS(ntStatus))
{
goto __failed;
}
return ntStatus;
__failed:
if (fSymbolicLink)
{
IoDeleteSymbolicLink(&dosDeviceName);
}
if (DeviceObject)
{
IoDeleteDevice(DeviceObject);
}
return ntStatus;
}
NTSTATUS ScSysInfoDispatchCreate(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS ScSysInfoDispatchClose(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS ScSysInfoDispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
NTSTATUS ntStatus;
PIO_STACK_LOCATION IrpStack = IoGetCurrentIrpStackLocation(Irp);
PVOID lpInOutBuffer;
ULONG nInBufferSize, nOutBufferSize, dwIoControlCode;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
lpInOutBuffer = Irp->AssociatedIrp.SystemBuffer;
HANDLE *inbuf=(HANDLE*)Irp->AssociatedIrp.SystemBuffer;
ScHandleInfoOut *outbuf=(ScHandleInfoOut *)Irp->AssociatedIrp.SystemBuffer;
nInBufferSize = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
nOutBufferSize = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
dprintf("ScSysInfo IRP_MJ_DEVICE_CONTROL/n");
dwIoControlCode = IrpStack->Parameters.DeviceIoControl.IoControlCode;
switch (dwIoControlCode)
{
case IOCTL_SCSYSINFO_GETHANDLEOBJECT:
{
PVOID objbody=NULL;
POBJECT_HEADER ObjectHeader=NULL;
if(ObReferenceObjectByHandle(*inbuf,0x80000000,NULL,KernelMode,&objbody,NULL)==STATUS_SUCCESS)
{
if(objbody!=NULL)
{
ObjectHeader=OBJECT_TO_OBJECT_HEADER(objbody);
}
}
memset(outbuf,0,sizeof(ScHandleInfoOut));
if(ObjectHeader!=NULL)
{
outbuf->obj_hdr=*ObjectHeader;
if(ObjectHeader->Type!=NULL)
{
outbuf->obj_type=*(ObjectHeader->Type);
}
ObDereferenceObject(objbody);
}
Irp->IoStatus.Information = sizeof(ScHandleInfoOut);
Irp->IoStatus.Status = STATUS_SUCCESS;
break;
}
default:
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
dprintf("ScSysInfo unknown IRP_MJ_DEVICE_CONTROL/n");
break;
}
ntStatus = Irp->IoStatus.Status;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return ntStatus;
}
VOID ScSysInfoUnload(IN PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING dosDeviceName;
RtlInitUnicodeString(&dosDeviceName, DOS_DEVICE_NAME);
IoDeleteSymbolicLink(&dosDeviceName);
IoDeleteDevice(DriverObject->DeviceObject);
}
posted on 2005-03-31 07:59 Diviner 阅读(1953) 评论(6) 编辑 收藏
Feedback
#pragma oncetypedef struct _OBJECT_CREATE_INFORMATION {
ULONG Attributes;
HANDLE RootDirectory;
PVOID ParseContext;
KPROCESSOR_MODE ProbeMode;
ULONG PagedPoolCharge;
ULONG NonPagedPoolCharge;
ULONG SecurityDescriptorCharge;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PSECURITY_QUALITY_OF_SERVICE SecurityQos;
SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
} OBJECT_CREATE_INFORMATION, *POBJECT_CREATE_INFORMATION;
typedef struct _OBJECT_HEADER {
LONG PointerCount;
union {
LONG HandleCount;
PSINGLE_LIST_ENTRY SEntry;
};
POBJECT_TYPE Type;
UCHAR NameInfoOffset;
UCHAR HandleInfoOffset;
UCHAR QuotaInfoOffset;
UCHAR Flags;
union
{
POBJECT_CREATE_INFORMATION ObjectCreateInfo;
PVOID QuotaBlockCharged;
};
PSECURITY_DESCRIPTOR SecurityDescriptor;
QUAD Body;
} OBJECT_HEADER, *POBJECT_HEADER;
#define OBJECT_TO_OBJECT_HEADER( o ) /
CONTAINING_RECORD( (o), OBJECT_HEADER, Body )
# 头文件 2005-03-31 08:00 七猫的垃圾箱
#pragma once
#define FILE_DEVICE_SCSYSINFO 0x8000
#define SCSYSINFO_IOCTL_BASE 0x800
#define CTL_CODE_SCSYSINFO(i) CTL_CODE(FILE_DEVICE_SCSYSINFO, SCSYSINFO_IOCTL_BASE+i, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_SCSYSINFO_GETHANDLEOBJECT CTL_CODE_SCSYSINFO(0)
#define IOCTL_SCSYSINFO_TEST CTL_CODE_SCSYSINFO(1)
#define SCSYSINFO_DEVICE_NAME_WIN32 "////.//ScSysInfo"
# ob.h 2005-03-31 08:01 Diviner
#pragma once
typedef struct _OBJECT_DUMP_CONTROL {
PVOID Stream;
ULONG Detail;
} OB_DUMP_CONTROL, *POB_DUMP_CONTROL;
typedef VOID (*OB_DUMP_METHOD)(
IN PVOID Object,
IN POB_DUMP_CONTROL Control OPTIONAL
);
typedef enum _OB_OPEN_REASON {
ObCreateHandle,
ObOpenHandle,
ObDuplicateHandle,
ObInheritHandle,
ObMaxOpenReason
} OB_OPEN_REASON;
typedef struct _EPROCESS *PEPROCESS;
typedef VOID (*OB_OPEN_METHOD)(
IN OB_OPEN_REASON OpenReason,
IN PEPROCESS Process OPTIONAL,
IN PVOID Object,
IN ACCESS_MASK GrantedAccess,
IN ULONG HandleCount
);
typedef BOOLEAN (*OB_OKAYTOCLOSE_METHOD)(
IN PEPROCESS Process OPTIONAL,
IN PVOID Object,
IN HANDLE Handle
);
typedef VOID (*OB_CLOSE_METHOD)(
IN PEPROCESS Process OPTIONAL,
IN PVOID Object,
IN ACCESS_MASK GrantedAccess,
IN ULONG ProcessHandleCount,
IN ULONG SystemHandleCount
);
typedef VOID (*OB_DELETE_METHOD)(
IN PVOID Object
);
typedef CCHAR KPROCESSOR_MODE;
typedef NTSTATUS (*OB_PARSE_METHOD)(
IN PVOID ParseObject,
IN PVOID ObjectType,
IN OUT PACCESS_STATE AccessState,
IN KPROCESSOR_MODE AccessMode,
IN ULONG Attributes,
IN OUT PUNICODE_STRING CompleteName,
IN OUT PUNICODE_STRING RemainingName,
IN OUT PVOID Context OPTIONAL,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL,
OUT PVOID *Object
);
typedef NTSTATUS (*OB_SECURITY_METHOD)(
IN PVOID Object,
IN SECURITY_OPERATION_CODE OperationCode,
IN PSECURITY_INFORMATION SecurityInformation,
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PULONG CapturedLength,
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
IN POOL_TYPE PoolType,
IN PGENERIC_MAPPING GenericMapping
);
typedef NTSTATUS (*OB_QUERYNAME_METHOD)(
IN PVOID Object,
IN BOOLEAN HasObjectName,
OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
IN ULONG Length,
OUT PULONG ReturnLength
);
typedef struct _OBJECT_TYPE_INITIALIZER {
USHORT Length;
BOOLEAN UseDefaultObject;
BOOLEAN Reserved;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccessMask;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
BOOLEAN MaintainTypeList;
POOL_TYPE PoolType;
ULONG DefaultPagedPoolCharge;
ULONG DefaultNonPagedPoolCharge;
OB_DUMP_METHOD DumpProcedure;
OB_OPEN_METHOD OpenProcedure;
OB_CLOSE_METHOD CloseProcedure;
OB_DELETE_METHOD DeleteProcedure;
OB_PARSE_METHOD ParseProcedure;
OB_SECURITY_METHOD SecurityProcedure;
OB_QUERYNAME_METHOD QueryNameProcedure;
OB_OKAYTOCLOSE_METHOD OkayToCloseProcedure;
} OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER;
# 打开驱动部分 2005-03-31 08:01 Diviner
#pragma once
#define WIN32_LEAN_AND_MEAN
#include <Windows.h>
extern "C"
{
#include "native.h"
#include "ddk.h"
#include "ob.h"
}
typedef CCHAR KPROCESSOR_MODE;
typedef enum _MODE {
KernelMode,
UserMode,
MaximumMode
} MODE;
typedef ULONG_PTR ERESOURCE_THREAD;
typedef struct _OWNER_ENTRY {
ERESOURCE_THREAD OwnerThread;
union {
LONG OwnerCount;
ULONG TableSize;
};
} OWNER_ENTRY, *POWNER_ENTRY;
typedef struct _ERESOURCE {
LIST_ENTRY SystemResourcesList;
POWNER_ENTRY OwnerTable;
SHORT ActiveCount;
USHORT Flag;
PKSEMAPHORE SharedWaiters;
PKEVENT ExclusiveWaiters;
OWNER_ENTRY OwnerThreads[2];
ULONG ContentionCount;
USHORT NumberOfSharedWaiters;
USHORT NumberOfExclusiveWaiters;
union {
PVOID Address;
ULONG_PTR CreatorBackTraceIndex;
};
KSPIN_LOCK SpinLock;
} ERESOURCE, *PERESOURCE;
typedef struct _OBJECT_TYPE {
ERESOURCE Mutex;
LIST_ENTRY TypeList;
UNICODE_STRING Name; // Copy from object header for convenience
PVOID DefaultObject;
ULONG Index;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
OBJECT_TYPE_INITIALIZER TypeInfo;
#ifdef POOL_TAGGING
ULONG Key;
#endif //POOL_TAGGING
} OBJECT_TYPE, *POBJECT_TYPE;
typedef struct _OBJECT_TYPE *POBJECT_TYPE;
typedef double DOUBLE;
typedef struct _QUAD { // QUAD is for those times we want
double DoNotUseThisField; // an 8 byte aligned 8 byte long structure
} QUAD; // which is NOT really a floating point
// number. Use DOUBLE if you want an FP
// number.
#include "../ScSysInfo/ScSysInfo.h"
#include "../ScSysInfo/native.h"
struct ScHandleInfoOut
{
OBJECT_HEADER obj_hdr;
OBJECT_TYPE obj_type;
};
class MemDriver
{
public:
MemDriver(){_handle=NULL;}
~MemDriver(){if(_handle!=NULL)CloseHandle(_handle);}
bool InstallAndStart();
bool UnInstall();
ScHandleInfoOut *GetHeaderByHandle(HANDLE queryhandle);
public:
bool OpenDriver();
private:
HANDLE _handle;
};
extern MemDriver gMemDriver;
#include "Memdriver.h"
#include <WinSvc.h>
#include <winioctl.h>
#include <stdlib.h>
#include <stdio.h>
MemDriver gMemDriver;
#define DRIVERNAME "ScSysInfo"
#define DRIVERFILANAME "ScSysInfo.sys"
bool MemDriver::UnInstall()
{
SC_HANDLE scmHandle=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(scmHandle!=0)
{
SC_HANDLE handle=OpenService(scmHandle,DRIVERNAME,SERVICE_ALL_ACCESS);
if(handle!=0)
{
SERVICE_STATUS status;
ControlService(handle,SERVICE_CONTROL_STOP,&status);
DeleteService(handle);
CloseServiceHandle(handle);
}
CloseServiceHandle(scmHandle);
}
return true;
}
bool MemDriver::InstallAndStart()
{
char systemDir[MAX_PATH];
GetSystemDirectory(systemDir,MAX_PATH);
strcat(systemDir,"//drivers//");
strcat(systemDir,DRIVERFILANAME);
UnInstall();
SetFileAttributes(systemDir,0);
DeleteFile(systemDir);
if(CopyFile("D://HandleInfo//debug//ScSysInfo.sys",systemDir,FALSE)==0)
return false;
SC_HANDLE scmHandle=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(scmHandle==0)
return false;
SC_HANDLE newDriver=CreateService(scmHandle,DRIVERNAME,DRIVERNAME,SERVICE_ALL_ACCESS,SERVICE_KERNEL_DRIVER,SERVICE_DEMAND_START,SERVICE_ERROR_IGNORE,systemDir,NULL,NULL,NULL,NULL,NULL);
if(newDriver!=NULL)
{
const char *args=NULL;
StartService(newDriver,0,&args);
CloseServiceHandle(newDriver);
}
CloseServiceHandle(scmHandle);
return true;
}
bool MemDriver::OpenDriver()
{
char drvName[MAX_PATH];
wsprintf(drvName,"////.//%s",DRIVERNAME);
_handle=CreateFile(drvName,GENERIC_ALL,0,NULL,OPEN_EXISTING,0,0);
if(_handle==INVALID_HANDLE_VALUE)
{
return false;
}
return true;
}
ScHandleInfoOut *MemDriver::GetHeaderByHandle(HANDLE queryhandle)
{
static ScHandleInfoOut outbuf;
HANDLE inbuf=queryhandle;
DWORD retLen=sizeof(outbuf);
memset(&outbuf,0,sizeof(outbuf));
if(!DeviceIoControl(_handle,IOCTL_SCSYSINFO_GETHANDLEOBJECT,&inbuf,sizeof(inbuf),&outbuf,sizeof(outbuf),&retLen,NULL))
{
//glog.log(__FUNCTION__,"pa acquire error");
return 0;
}
return &outbuf;
}
# re: 获取句柄的详细信息:(原代码) 2005-03-31 08:02 七猫的垃圾箱
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include "socknative.h"
#include "MemDriver.h"
#pragma comment(lib,"ntdll")
#pragma comment(lib,"ws2_32")
#pragma comment(lib,"Ws2Help")
class Winsock2Env
{
public:
Winsock2Env(){WSADATA m_data;WSAStartup(MAKEWORD(2,2),&m_data);}
~Winsock2Env(){WSACleanup();}
};
Winsock2Env gWinsock2Env;
int main(int argc, char *argv[])
{
gMemDriver.InstallAndStart();
gMemDriver.OpenDriver();
//HANDLE handle=CreateEvent(NULL,TRUE,TRUE,NULL);
HANDLE handle=(HANDLE)socket(AF_INET,SOCK_STREAM,0);
sockaddr_in sa;
memset(&sa,0,sizeof(sa));
sa.sin_family=AF_INET;
sa.sin_addr.S_un.S_addr=INADDR_ANY;
sa.sin_port=htons(5011);
int ret=bind((SOCKET)handle,(sockaddr*)&sa,sizeof(sa));
ScHandleInfoOut *pheader=gMemDriver.GetHeaderByHandle(handle);
DWORD retlen=0;
OBJECT_BASIC_INFORMATION basic_info;
NtQueryObject(handle,ObjectBasicInformation,&basic_info,sizeof(basic_info),&retlen);
retlen=0;
OBJECT_NAME_INFORMATION name_info;
NtQueryObject(handle,ObjectNameInformation,&name_info,sizeof(name_info),&retlen);
OBJECT_TYPE_INFORMATION type_info;
int sizeddd=sizeof(type_info);
NtQueryObject(handle,ObjectTypeInformation,&type_info,sizeof(type_info),&retlen);
return 0;
}
# native.h 2005-03-31 08:00 七猫的垃圾箱
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- TThread 类 详细解析 --(原帖 华夏黑客同盟)http://www.cppblog.com/Khan/archive/2006/11/21/15503.html
- 复制文章时自动在文章末尾加上来源网址的代码本文来自: http://www.cnblogs.com/wifi 详细来源请参考:http://www.cnblogs.com/wifi/archive/2012/04/24/2468097.html
- Linux 硬限制和软限制 http://www.cppblog.com/API/archive/2012/03/19/168289.html
- PHP 杂谈《重构-改善既有代码的设计》之一 重新组织你的函数【链接:http://www.cnblogs.com/baochuan/archive/2012/03/31/2425441.html】
- 工欲善其事,必先利其器——VC2005的常用快捷键(来自http://www.cppblog.com/corelito/archive/2008/10/17/64233.html)
- 【数据结构】排序算法总结及php排序算法实现代码(伪代码见 http://blog.sina.com.cn/s/blog_676a011e0100ty5o.html)
- (微信公众号开发《一》OAuth2.0网页授权认证获取用户的详细信息,实现自动登陆)http://blog.csdn.net/liaohaojian/article/details/70175835
- python 的日志logging模块学习 (转自:http://www.cnblogs.com/dkblog/archive/2011/08/26/2155018.html)
- Zend Studio无法调试php代码转自(http://www.cnblogs.com/yaksea/archive/2011/08/26/2154154.html)
- 使用SqlDataAdapter对象获取数据(转自:http://www.cnblogs.com/zyh-nhy/archive/2009/01/07/1371177.html)
- PHP 杂谈《重构-改善既有代码的设计》之二 对象之间搬移特性【链接:http://www.cnblogs.com/baochuan/archive/2012/04/01/2427199.html】
- Windows Mobile 发送短信的问题(转自http://www.cppblog.com/SpringSnow/archive/2009/06/08/76107.html)
- XPath语法 在C#中使用XPath示例 【转http://www.cnblogs.com/yukaizhao/archive/2011/07/25/xpath.html】非常详细的文章
- VS2005中用C#中的NameValueCollection类读取配置信息 (转自http://www.cnblogs.com/teddy/archive/2006/10/18/532880.html)
- NLP常用工具 from:http://www.cppblog.com/baby-fly/archive/2010/10/08/129003.html
- 一个http请求的详细过程(转自http://www.cnblogs.com/ly312/archive/2011/05/30/2063462.html)
- jQuery选择器大全(48个代码片段+21幅图演示)-转http://www.cnblogs.com/keepfool/archive/2012/06/02/2532203.html
- 模版详解(模版与宏) 转自:http://www.cppblog.com/zmllegtui/archive/2008/10/28/65316.html
- 收集关于scrollTop信息 http://www.cnblogs.com/FrameWork/archive/2007/04/13/712750.html
- C++ 类的静态成员详细讲解 http://www.cnblogs.com/morewindows/archive/2011/08/26/2154198.html