用Visual studio11在Windows8上开发驱动实现内存填0杀进程

在Windows NT中，80386保护模式的“保护”比Windows 95中更坚固，这个“镀金的笼子”更加结实，更加难以打破。在Windows 95中，至少应用程序I/O操作是不受限制的，而在Windows NT中，我们的应用程序连这点权限都被剥夺了。在NT中几乎不太可能进入真正的ring0层。
在Windows NT中，存在三种Device Driver：

  1．“Virtual device Driver” (VDD)。通过VDD，16位应用程序，如DOS 和Win16应用程序可以访问特定的I/O端口（注意，不是直接访问，而是要通过VDD来实现访问）。

  2．“GDI Driver”，提供显示和打印所需的GDI函数。

  3．“Kernel Mode Driver”，实现对特定硬件的操作，比如说CreateFile, CloseHandle (对于文件对象而言), ReadFile, WriteFile, DeviceIoControl 等操作。“Kernel Mode Driver”还是Windows NT中唯一可以对硬件中断和DMA进行操作的Driver。SCSI 小端口驱动和 网卡NDIS 驱动都是Kernel Mode Driver的一种特殊形式。

Visual studio11与Windows8带来格外不同的新体验

1.启动Vs11

2.看见满目的驱动开发模板

3.选择一个驱动模式，有内核模式与用户模式两种的驱动

4.创建一个驱动程序，KMDF DriverMVP

5.我们选择的是内核模式的驱动程序，下面是创建成功后的界面，分别是驱动程序本身，与驱动安装包

6.按下F5，选择驱动编译，

插入下列代码实现内存填0杀进程，请见代码分析

[cpp] view plain copy print ?

1. void WPOFF() 
2. { 
3.     __asm {   //去掉内存保护 
4.         cli 
5.         mov  eax,cr0 
6.         and  eax,not 10000h 
7.         mov  cr0,eax 
8.     } 
9. } 
10.  
11. void WPON() 
12. { 
13.     __asm {   //恢复内存保护   
14.         mov  eax,cr0 
15.         or   eax,10000h 
16.         mov  cr0,eax 
17.         sti 
18.     }  
19. } 
20.  
21.  
22. // 
23. // 
24.  
25. #ifdef __cplusplus 
26. } 
27. #endif 
28.  
29. #endif 
30.  
31. NTKERNELAPI 
32. BOOLEAN 
33. KeInsertQueueApc ( 
34.    PRKAPC Apc, 
35.    PVOID SystemArgument1, 
36.     PVOID SystemArgument2, 
37.     KPRIORITY Increment 
38.     ); 
39.  
40. BOOLEAN  
41. fake_KeInsertQueueApc(IN PKAPC Apc, 
42.                  IN PVOID SystemArgument1, 
43.                  IN PVOID SystemArgument2, 
44.                  IN KPRIORITY PriorityBoost); 
45.  
46. BOOLEAN 
47. Proxy_KeInsertQueueApc(IN PKAPC Apc, 
48.                  IN PVOID SystemArgument1, 
49.                  IN PVOID SystemArgument2, 
50.                  IN KPRIORITY PriorityBoost); 
51.  
52.  
53. ULONG g_uCr0; 
54.  
55. void WPOFF() 
56. { 
57.     ULONG uAttr; 
58.     
59.     _asm 
60.     { 
61.         push eax; 
62.         mov eax, cr0; 
63.         mov uAttr, eax; 
64.         and eax, 0FFFEFFFFh; // CR0 16 BIT = 0 
65.         mov cr0, eax; 
66.         pop eax; 
67.         cli 
68.     }; 
69.     g_uCr0 = uAttr; //保存原有的 CRO 屬性 
70. } 
71.  
72. VOID WPON() 
73. { 
74.     _asm 
75.     { 
76.         sti 
77.         push eax; 
78.         mov eax, g_uCr0; //恢復原有 CR0 屬性 
79.         mov cr0, eax; 
80.         pop eax; 
81.     }; 
82. } 
83. #include <ntddk.h> 
84.     #include"ntifs.h" 
85.      
86. typedef unsigned long DWORD; 
87. PHYSICAL_ADDRESS    g_PhysicalPage; 
88.  
89. void WPOFF() 
90. { 
91.     __asm {   //去掉内存保护 
92.         cli 
93.         mov  eax,cr0 
94.         and  eax,not 10000h 
95.         mov  cr0,eax 
96.     } 
97. } 
98.  
99. void WPON() 
100. { 
101.     __asm {   //恢复内存保护   
102.         mov  eax,cr0 
103.         or   eax,10000h 
104.         mov  cr0,eax 
105.         sti 
106.     }  
107. } 
108.  
109. VOID DestroyProcess(DWORD eproc) 
110. { 
111.    DWORD                VirtualAddr; 
112.    PHYSICAL_ADDRESS    physical_addr; 
113.    DWORD                AddrTmp; 
114.    PVOID                ProcessHandle; 
115.  
116.    KeAttachProcess( (PEPROCESS)eproc ); 
117.    for ( VirtualAddr = 0x1000; VirtualAddr < *(DWORD*)MmSystemRangeStart; VirtualAddr+=0x1000) 
118.    { 
119.        // 跳过不再内存里的 
120.        physical_addr = MmGetPhysicalAddress( (PVOID)VirtualAddr); 
121.        if ( physical_addr.HighPart > g_PhysicalPage.HighPart ) 
122.            continue; 
123.        if ( physical_addr.HighPart == g_PhysicalPage.HighPart && 
124.             physical_addr.LowPart >= g_PhysicalPage.LowPart   ) 
125.            continue; 
126.        if ( (physical_addr.HighPart | physical_addr.LowPart) == 0 ) 
127.            continue; 
128.        AddrTmp = (DWORD)MmGetVirtualForPhysical( physical_addr); 
129.        if ( AddrTmp != VirtualAddr) 
130.            continue; 
131.        WPOFF(); 
132.        RtlZeroMemory( (PVOID)VirtualAddr, 0x1000); 
133.        WPON(); 
134.    } 
135.    KeDetachProcess(); 
136.  
137.    if ( ObOpenObjectByPointer( (PVOID)eproc, 0, NULL, 0, NULL, KernelMode, &ProcessHandle) != STATUS_SUCCESS) 
138.        return; 
139.    ZwTerminateProcess( (HANDLE)ProcessHandle, STATUS_SUCCESS); 
140.    ZwClose( (HANDLE)ProcessHandle ); 
141.    return; 
142. } 
143.  
144.  
145. VOID OnUnload( IN PDRIVER_OBJECT DriverObject ) 
146. { 
147.    DbgPrint("My Driver UnLoad!"); 
148. } 
149. //================================================================================================ 
150. NTSTATUS DriverEntry( IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath ) 
151. { 
152.     SYSTEM_BASIC_INFORMATION BasicInfo; 
153.     ULONG ReturnedLength; 
154.     PEPROCESS eproc; 
155.      
156.      
157.   DbgPrint("My Driver Loaded!"); 
158.   theDriverObject->DriverUnload = OnUnload; 
159.    
160.   ZwQuerySystemInformation( SystemBasicInformation, &BasicInfo,  
161.                             sizeof(SYSTEM_BASIC_INFORMATION), &ReturnedLength); 
162.  
163.    __asm mov eax,BasicInfo.PhysicalPageSize; 
164.    __asm mul BasicInfo.NumberOfPhysicalPages; 
165.    __asm mov g_PhysicalPage.HighPart, edx; 
166.    __asm mov g_PhysicalPage.LowPart, eax; 
167.     
168.     PsLookupProcessByProcessId((PVOID)1068,&eproc); 
169.   DestroyProcess((DWORD)eproc); 
170.   return STATUS_SUCCESS; 
171. } 
172. //================================================================================================ 
173.  
174. #include "pe.h" 
175.  
176. #ifndef GLOBAL_NATIVE_API_DEF_SUDAMI 
177. #define GLOBAL_NATIVE_API_DEF_SUDAMI 
178.  
179. #ifdef __cplusplus 
180. extern "C" { 
181. #endif 
182.  
183.  
184.  
185.  
186. typedef long NTSTATUS, *PNTSTATUS; 
187.  
188. typedef unsigned long DWORD; 
189. typedef DWORD * PDWORD; 
190. typedef unsigned long ULONG; 
191. typedef unsigned long ULONG_PTR; 
192. typedef ULONG *PULONG; 
193. typedef unsigned short WORD; 
194. typedef unsigned char BYTE;  
195. typedef unsigned char UCHAR; 
196. typedef unsigned short USHORT; 
197. typedef void *PVOID; 
198. typedef int BOOL; 
199. typedef BYTE BOOLEAN; 
200.  
201. typedef CCHAR KPROCESSOR_MODE; 
202.  
203.  
204.  
205. #ifndef  LOWORD 
206. #define LOWORD(l)           ((unsigned short)(unsigned int)(l)) 
207. #endif 
208.  
209. #ifndef HIWORD 
210. #define HIWORD(l)           ((unsigned short)((((unsigned int)(l)) >> 16) & 0xFFFF)) 
211. #endif 
212.  
213. // 定义ioctl相关的，用于R3和R0间的通信 
214. #ifndef MAKELONG 
215. #define MAKELONG(a, b) ((LONG) (((WORD) (a)) | ((DWORD) ((WORD) (b))) << 16)) 
216. #endif 
217.  
218. #define MY_DEVICE_TYPE       0x0000AA71   // 这地方可以自己改 
219. #define DRIVER_IO(code)  CTL_CODE (MY_DEVICE_TYPE, code, METHOD_BUFFERED, FILE_ANY_ACCESS) 
220.  
221. typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS; 
222.  
223. /**********************************************************
225. #define NT_DEVICE_NAME              L"\\Device\\sKillTimeProtected"
226. #define DOS_DEVICE_NAME             L"\\DosDevices\\sKillTimeProtected"
230. //                                                                              --   
232. #ifndef  ANSI_STRING
233. typedef struct _STRING {
234.   USHORT  Length;
235.   USHORT  MaximumLength;
236.   PCHAR  Buffer;
237. } ANSI_STRING, *PANSI_STRING;
238. #endif
240. #ifndef  UNICODE_STRING
241. typedef struct _UNICODE_STRING {
242.   USHORT  Length;
243.   USHORT  MaximumLength;
244.   PWSTR  Buffer;
245. } UNICODE_STRING, *PUNICODE_STRING;
246. #endif
248. /* SSDT */ 
249. #pragma pack(1) 
250. typedef struct ServiceDescriptorEntry { 
251.     unsigned int    *ServiceTableBase; 
252.     unsigned int    *ServiceCounterTableBase;  
253.     unsigned int    NumberOfServices; 
254.     unsigned char   *ParamTableBase; 
255. } ServiceDescriptorTableEntry_t, *PServiceDescriptorTableEntry_t; 
256.  
257. typedef struct ServiceDescriptorShadowEntry { 
258.     unsigned int    *Win32kTableBase; 
259.     unsigned int    *Win32kCounterTableBase; 
260.     unsigned int    NumberofWin32kServices; 
261.     unsigned char   *Win32kParamTableBase; 
262. } ServiceDescriptorTableShadowEntry_t, *PServiceDescriptorTableShadowEntry_t; 
263. #pragma pack() 
264.  
265. __declspec(dllimport)  ServiceDescriptorTableEntry_t    KeServiceDescriptorTable; 
266. PServiceDescriptorTableShadowEntry_t                    KeServiceDescriptorTableShadow; 
267.  
268.  
269.  
270. struct _SYSTEM_THREADS 
271. { 
272.     LARGE_INTEGER       KernelTime; 
273.     LARGE_INTEGER       UserTime; 
274.     LARGE_INTEGER       CreateTime; 
275.     ULONG               WaitTime; 
276.     PVOID               StartAddress; 
277.     CLIENT_ID           ClientIs; 
278.     KPRIORITY           Priority; 
279.     KPRIORITY           BasePriority; 
280.     ULONG               ContextSwitchCount; 
281.     ULONG               ThreadState; 
282.     KWAIT_REASON        WaitReason; 
283. }; 
284.  
285. struct _SYSTEM_PROCESSES 
286. { 
287.     ULONG               NextEntryDelta; 
288.     ULONG               ThreadCount; 
289.     ULONG               Reserved[6]; 
290.     LARGE_INTEGER       CreateTime; 
291.     LARGE_INTEGER       UserTime; 
292.     LARGE_INTEGER       KernelTime; 
293.     UNICODE_STRING      ProcessName; 
294.     KPRIORITY           BasePriority; 
295.     ULONG               ProcessId; 
296.     ULONG               InheritedFromProcessId; 
297.     ULONG               HandleCount; 
298.     ULONG               Reserved2[2]; 
299.     VM_COUNTERS         VmCounters; 
300.     IO_COUNTERS         IoCounters; //windows 2000 only 
301.     struct _SYSTEM_THREADS      Threads[1]; 
302. }; 
303.  
304.  
305. // PROCESS_BASIC_INFORMATION 
306. #ifdef  PROCESS_BASIC_INFORMATION 
307. #undef  PROCESS_BASIC_INFORMATION 
308. typedef struct _PROCESS_BASIC_INFORMATION { 
309.     NTSTATUS        ExitStatus; 
310.     ULONG           PebBaseAddress; 
311.     ULONG_PTR       AffinityMask; 
312.     LONG            BasePriority; 
313.     ULONG_PTR       UniqueProcessId; 
314.     ULONG_PTR       InheritedFromUniqueProcessId; 
315. } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; 
316. #endif 
317.  
318.  
319. // SYSTEM_HANDLE_INFORMATION 
320. typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO { 
321.      USHORT UniqueProcessId; 
322.      USHORT CreatorBackTraceIndex; 
323.      UCHAR ObjectTypeIndex; 
324.      UCHAR HandleAttributes; 
325.      USHORT HandleValue;   // 句柄 
326.      PVOID Object;         // 若HANDLE类型为线程,则它是ETHREAD结构 
327.      ULONG GrantedAccess; 
328. } SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO; 
329.  
330. typedef struct _SYSTEM_HANDLE_INFORMATION { 
331.      ULONG NumberOfHandles; 
332.      SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1]; 
333. } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; 
334.  
335.  
336. // SYSTEM_MODULE_INFORMATION 
337. typedef struct _SYSTEM_MODULE_INFORMATION { 
338.     ULONG   Reserved[2]; 
339.     PVOID   Base; 
340.     ULONG   Size; 
341.     ULONG   Flags; 
342.     USHORT  Index; 
343.     USHORT  Unknown; 
344.     USHORT  LoadCount; 
345.     USHORT  ModuleNameOffset; 
346.     CHAR    ImageName[256]; 
347. } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; 
348.  
349.  
350. typedef struct { 
351.     ULONG   dwNumberOfModules; 
352.     SYSTEM_MODULE_INFORMATION   smi; 
353. } MODULES, *PMODULES; 
354.  
355.  
356. // SYSTEM_BASIC_INFORMATION 
357. typedef struct _SYSTEM_BASIC_INFORMATION { 
358.     ULONG Unknown;                  //Always contains zero 
359.     ULONG MaximumIncrement;         //一个时钟的计量单位 
360.     ULONG PhysicalPageSize;         //一个内存页的大小 
361.     ULONG NumberOfPhysicalPages;    //系统管理着多少个页 
362.     ULONG LowestPhysicalPage;       //低端内存页 
363.     ULONG HighestPhysicalPage;      //高端内存页 
364.     ULONG AllocationGranularity; 
365.     ULONG LowestUserAddress;        //地端用户地址 
366.     ULONG HighestUserAddress;       //高端用户地址 
367.     ULONG ActiveProcessors;         //激活的处理器 
368.     UCHAR NumberProcessors;         //有多少个处理器 
369. } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; 
370.  
371.  
372. // SYSTEM_INFORMATION_CLASS 
373. typedef enum _SYSTEM_INFORMATION_CLASS { 
374.     SystemBasicInformation, 
375.     SystemProcessorInformation, 
376.     SystemPerformanceInformation, 
377.     SystemTimeOfDayInformation, 
378.     SystemPathInformation, 
379.     SystemProcessInformation, 
380.     SystemCallCountInformation, 
381.     SystemDeviceInformation, 
382.     SystemProcessorPerformanceInformation, 
383.     SystemFlagsInformation, 
384.     SystemCallTimeInformation, 
385.     SystemModuleInformation,  // 11 
386.     SystemLocksInformation, 
387.     SystemStackTraceInformation, 
388.     SystemPagedPoolInformation, 
389.     SystemNonPagedPoolInformation, 
390.     SystemHandleInformation,  // 0x10 -- 16 
391.     SystemObjectInformation, 
392.     SystemPageFileInformation, 
393.     SystemVdmInstemulInformation, 
394.     SystemVdmBopInformation, 
395.     SystemFileCacheInformation, 
396.     SystemPoolTagInformation, 
397.     SystemInterruptInformation, 
398.     SystemDpcBehaviorInformation, 
399.     SystemFullMemoryInformation, 
400.     SystemLoadGdiDriverInformation, 
401.     SystemUnloadGdiDriverInformation, 
402.     SystemTimeAdjustmentInformation, 
403.     SystemSummaryMemoryInformation, 
404.     SystemUnused1, 
405.     SystemPerformanceTraceInformation, 
406.     SystemCrashDumpInformation, 
407.     SystemExceptionInformation, 
408.     SystemCrashDumpStateInformation, 
409.     SystemKernelDebuggerInformation, 
410.     SystemContextSwitchInformation, 
411.     SystemRegistryQuotaInformation, 
412.     SystemExtendServiceTableInformation, 
413.     SystemPrioritySeperation, 
414.     SystemUnused3, 
415.     SystemUnused4, 
416.     SystemUnused5, 
417.     SystemUnused6, 
418.     SystemCurrentTimeZoneInformation, 
419.     SystemLookasideInformation, 
420.     SystemTimeSlipNotification, 
421.     SystemSessionCreate, 
422.     SystemSessionDetach, 
423.     SystemSessionInformation 
424. } SYSTEM_INFORMATION_CLASS; 
425.  
426.  
427. #ifndef  SECTION_INHERIT 
428. typedef enum _SECTION_INHERIT { 
429.     ViewShare = 1, 
430.     ViewUnmap = 2 
431. } SECTION_INHERIT; 
432. #endif 
433.  
434. #ifndef LUID 
435. typedef struct _LUID { 
436.     DWORD LowPart; 
437.     LONG  HighPart; 
438. } LUID, *PLUID; 
439. #endif 
440.  
441.  
442. #ifndef LARGE_INTEGER 
443. typedef union _LARGE_INTEGER { 
444.     struct { 
445.         ULONG LowPart; 
446.         LONG HighPart; 
447.     }; 
448.     struct { 
449.         ULONG LowPart; 
450.         LONG HighPart; 
451.     } u; 
452.     LONGLONG QuadPart; 
453. } LARGE_INTEGER, *PLARGE_INTEGER; 
454. #endif 
455.  
456. #ifndef TIME_FIELDS 
457. typedef struct _TIME_FIELDS { 
458.  
459.   USHORT                  Year; 
460.   USHORT                  Month; 
461.   USHORT                  Day; 
462.   USHORT                  Hour; 
463.   USHORT                  Minute; 
464.   USHORT                  Second; 
465.   USHORT                  Milliseconds; 
466.   USHORT                  Weekday; 
467.  
468. } TIME_FIELDS, *PTIME_FIELDS; 
469. #endif 
470.  
471.  
472.  
473.  
474. NTSTATUS 
475. NTAPI 
476. ZwQuerySystemInformation(     
477.     DWORD    SystemInformationClass, 
478.     PVOID    SystemInformation, 
479.     ULONG    SystemInformationLength, 
480.     PULONG    ReturnLength 
481.     ); 
482.  
483. NTSYSAPI 
484. NTSTATUS 
485. NTAPI 
486. NtOpenFile( 
487.     OUT PHANDLE FileHandle, 
488.     IN ACCESS_MASK DesiredAccess, 
489.     IN POBJECT_ATTRIBUTES ObjectAttributes, 
490.     OUT PIO_STATUS_BLOCK IoStatusBlock, 
491.     IN ULONG ShareAccess, 
492.     IN ULONG OpenOptions 
493.     ); 
494.  
495.  
496. NTSYSAPI  
497. VOID  
498. NTAPI  
499. RtlInitUnicodeString(  
500.      PUNICODE_STRING DestinationString,  
501.      PCWSTR SourceString  
502.      );  
503.  
504. NTSYSAPI  
505. NTSTATUS  
506. NTAPI  
507. ZwOpenSection(  
508.      OUT PHANDLE SectionHandle,  
509.      IN ACCESS_MASK DesiredAccess,  
510.      IN POBJECT_ATTRIBUTES objectAttributes  
511.      );  
512.  
513.  
514. NTSYSAPI  
515. NTSTATUS  
516. NTAPI  
517. ZwMapViewOfSection(  
518.      IN HANDLE SectionHandle,  
519.      IN HANDLE ProcessHandle,  
520.      IN OUT PVOID *BaseAddress,  
521.      IN ULONG ZeroBits,  
522.      IN ULONG CommitSize,  
523.      IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,  
524.      IN OUT PULONG ViewSize,  
525.      IN SECTION_INHERIT InheritDisposition,  
526.      IN ULONG AllocationType,  
527.      IN ULONG Protect  
528.      );  
529.  
530. NTSYSAPI 
531. NTSTATUS 
532. NTAPI 
533. NtCreateSection( 
534.     PHANDLE  SectionHandle, 
535.     ACCESS_MASK  DesiredAccess, 
536.     POBJECT_ATTRIBUTES  ObjectAttributes, 
537.     PLARGE_INTEGER  MaximumSize OPTIONAL, 
538.     ULONG  SectionPageProtection, 
539.     ULONG  AllocationAttributes, 
540.     HANDLE  FileHandle 
541.     );  
542.  
543.  
544. NTSYSAPI  
545. NTSTATUS  
546. NTAPI  
547. ZwUnmapViewOfSection(  
548.      IN HANDLE ProcessHandle,  
549.      IN PVOID BaseAddress  
550.      );  
551.  
552.  
553. NTSYSAPI 
554. NTSTATUS 
555. NTAPI 
556. NtReadFile( 
557.     IN HANDLE FileHandle, 
558.     IN HANDLE Event OPTIONAL, 
559.     IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 
560.     IN PVOID ApcContext OPTIONAL, 
561.     OUT PIO_STATUS_BLOCK IoStatusBlock, 
562.     OUT PVOID Buffer, 
563.     IN ULONG Length, 
564.     IN PLARGE_INTEGER ByteOffset OPTIONAL, 
565.     IN PULONG Key OPTIONAL 
566.     ); 
567.  
568.  
569. NTSYSAPI  
570. VOID 
571. NTAPI 
572. RtlTimeToTimeFields( 
573.   IN PLARGE_INTEGER       Time, 
574.   OUT PTIME_FIELDS        TimeFields 
575.   ); 
576.  
577. NTSYSAPI  
578. BOOLEAN 
579. NTAPI 
580. RtlTimeFieldsToTime( 
581.   IN PTIME_FIELDS         TimeFields, 
582.   OUT PLARGE_INTEGER      Time 
583.   ); 
584.  
585.  
586. /*
587. VOID
588. NTAPI
589. KeSetSystemTime(
590.   IN PLARGE_INTEGER NewTime,
591.   OUT PLARGE_INTEGER OldTime,
592.   IN BOOLEAN FixInterruptTime,
593.   IN PLARGE_INTEGER HalTime OPTIONAL
594.   );
595. */ 
596.  
597. NTSTATUS 
598. NTAPI 
599. NtQuerySystemTime ( 
600.   OUT PLARGE_INTEGER SystemTime 
601.   ); 
602.  
603.  
604.  
605.  
606. // 写保护的开&关 
607. void WPOFF() 
608. { 
609.     __asm {   //去掉内存保护 
610.         cli 
611.         mov  eax,cr0 
612.         and  eax,not 10000h 
613.         mov  cr0,eax 
614.     } 
615. } 
616.  
617. void WPON() 
618. { 
619.     __asm {   //恢复内存保护   
620.         mov  eax,cr0 
621.         or   eax,10000h 
622.         mov  cr0,eax 
623.         sti 
624.     }  
625. } 
626.  
627.  
628. // 
629. // 
630.  
631. #ifdef __cplusplus 
632. } 
633. #endif 
634.  
635. #endif 

 

原文地址：http://blog.csdn.net/yincheng01/article/details/8107336