ZwLoadDriver加载驱动

 bool driver_zwload(char *strSvcName,

   char *strDrvPath)

{

HKEY hKey = NULL;

bool bRet = false;

char Data[4] = {0};

char strSubKey[MAX_PATH] = {0}; 

NTSTATUS status;

ANSI_STRING astrBuffer;

UNICODE_STRING ustrBuffer;

 

MyZwLoadDriver myZwLoadDriver = (MyZwLoadDriver)GetProcAddress(LoadLibrary("ntdll.dll"), "ZwLoadDriver");

MyRtlInitAnsiString myRtlInitAnsiString = (MyRtlInitAnsiString)GetProcAddress(LoadLibrary("ntdll.dll"), "RtlInitAnsiString");

MyRtlFreeAnsiString myRtlFreeAnsiString = (MyRtlFreeAnsiString)GetProcAddress(LoadLibrary("ntdll.dll"), "RtlFreeAnsiString");

MyRtlFreeUnicodeString myRtlFreeUnicodeString = (MyRtlFreeUnicodeString)GetProcAddress(LoadLibrary("ntdll.dll"), "RtlFreeUnicodeString");

MyRtlAnsiStringToUnicodeString myRtlAnsiStringToUnicodeString = (MyRtlAnsiStringToUnicodeString)GetProcAddress(LoadLibrary("ntdll.dll"), "RtlAnsiStringToUnicodeString");

 

sprintf(strSubKey, "System\\CurrentControlSet\\Services\\%s", strSvcName);

 

//如果连创建key都失败的话，说明没权限，那么下面的也就不要进行了

if(RegCreateKey(HKEY_LOCAL_MACHINE, strSubKey, &hKey) != ERROR_SUCCESS)

{

return false;

}

 

Data[0] = 1;

Data[1] = 0;

Data[2] = 0;

Data[3] = 0;

 

RegSetValueEx(hKey, "Type", 0, 4,(const unsigned char *)Data, 4);

RegSetValueEx(hKey, "ErrorControl", 0, 4,(const unsigned char *)Data, 4);

RegSetValueEx(hKey, "Start", 0, 4, (const unsigned char *)Data, 4);

RegSetValueEx(hKey, "ImagePath", 0, 1, (const unsigned char *)strDrvPath, strlen(strDrvPath));

 

RegCloseKey(hKey); 

 

memset(strSubKey, 0, MAX_PATH);

sprintf(strSubKey, "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\%s", strSvcName);

 

myRtlInitAnsiString(&astrBuffer, strSubKey);

myRtlAnsiStringToUnicodeString(&ustrBuffer, &astrBuffer, TRUE);

 

//加载驱动

status = myZwLoadDriver(&ustrBuffer);

 

//如果加载失败

if (!NT_SUCCESS(status))

bRet  = false;

else

bRet = true;

 

myRtlFreeAnsiString(&astrBuffer);

myRtlFreeUnicodeString(&ustrBuffer);

 

memset(strSubKey, 0, MAX_PATH);

sprintf(strSubKey, "%s%s\\Enum","System\\CurrentControlSet\\Services\\", strSvcName);

RegDeleteKey(HKEY_LOCAL_MACHINE, strSubKey);

 

memset(strSubKey, 0, MAX_PATH);

sprintf(strSubKey, "%s%s\\Security", "System\\CurrentControlSet\\Services\\", strSvcName);

RegDeleteKey(HKEY_LOCAL_MACHINE, strSubKey);

 

memset(strSubKey, 0, MAX_PATH);

sprintf(strSubKey, "%s%s", "System\\CurrentControlSet\\Services\\", strSvcName);

RegDeleteKey(HKEY_LOCAL_MACHINE, strSubKey);

 

return bRet;

}

转载于:https://blog.51cto.com/mycyty/1166917