驱动里占用的句柄 在 system进程 NTSTATUS ntStatus; OBJECT_ATTRIBUTES ObjectAttributes; UNICODE_STRING UniFileName; IO_STATUS_BLOCK IoStatusBlock; PCWSTR FileName = L"//Device//HarddiskVolume1//Driver1.sys"; RtlInitUnicodeString(&UniFileName , FileName); InitializeObjectAttributes(&ObjectAttributes,&UniFileName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,NULL,NULL); ntStatus=ZwCreateFile(&FileHandle, GENERIC_READ, &ObjectAttributes, &IoStatusBlock, 0, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN_IF, FILE_NON_DIRECTORY_FILE, NULL, 0); if(!NT_SUCCESS(ntStatus)){ DbgPrint("zwCreateFile = %d", ntStatus); } else { DbgPrint( "wzCreateFile Success."); }