初学者自学驱动,看的是郁金香的教程+驱动开发技术详解这本书,遇到一段代码,说的是
给NtOpenProcess下个hook做保护,代码如下
/定义NtOpenProcess原型
extern "C" NTSTATUS __stdcall NTOPENPROCESS
(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK AccessMask,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PCLIENT_ID ClientId
);
NTOPENPROCESS* RealNtOpenProcess;
#pragma PAGECODE //自定义一个NtOpenProcess
extern "C" NTSTATUS __stdcall MyNtOpenProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PCLIENT_ID ClientId )
{
NTSTATUS rc;
HANDLE PID;
KdPrint(("++++++++++++Entry MyNtOpenProcess int ++++++++++++++\n"));
rc = (NTSTATUS)RealNtOpenProcess( ProcessHandle, DesiredAccess, ObjectAttributes, ClientId );
不全贴了太长了,问题就在这一句,rc = (NTSTATUS)RealNtOpenProcess( ProcessHandle, DesiredAccess, ObjectAttributes, ClientId );
这个RealNtOpenProcess我没找到函数体啊,只在前面定义了一个头部.怎么就可以调用此函数了并将结果返回给rc了呢?
迫切求解答!