简简单单,虽然不懂它的道理,就算会用了吧
哎,内核级的东西调着也费事
因为一个 extern 没写,我可怜的虚拟机,连续蓝屏了4次。
typedef struct _ServiceDescriptorTable {
PVOID ServiceTableBase;
PVOID ServiceCounterTable;
unsigned int NumberOfServices;
PVOID ParamTableBase;
}*PServiceDescriptorTable;
extern PServiceDescriptorTable KeServiceDescriptorTable;
ULONG GetFunAddInSSDTNow(ULONG offset )
{
ULONG funAdd;
funAdd = (unsigned int)KeServiceDescriptorTable->ServiceTableBase;
funAdd = funAdd + offset;
funAdd = *(int *)funAdd;
return funAdd;
}