-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy pathKeLoadLibrary.h
More file actions
34 lines (26 loc) · 1.15 KB
/
KeLoadLibrary.h
File metadata and controls
34 lines (26 loc) · 1.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#ifndef __KELOADLIBRARY__H__
#define __KELOADLIBRARY__H__
#include <NTDDK.h>
PVOID KeLoadLibrary(PCWSTR lpLibFileName, PVOID OldImageBase);
PVOID KeImageFile(unsigned char* FileBuffer, PVOID OldImageBase);
void FixImportTable(IN PVOID ImageBase);
PVOID GetModuleBase(PCHAR szModuleBase);
PVOID
MiFindExportedRoutineByName (
IN PVOID DllBase,
IN PANSI_STRING AnsiImageRoutineName
);
void FixBaseRelocTable(IN PVOID ImageBase, IN PVOID OldImageBase);
PVOID FixNewKiServiceTable(IN PVOID ImageBase, IN PVOID OldImageBase);
PVOID GetNtOsName(PCHAR szModuleBase);
#define NUMBER_SERVICE_TABLES 2
typedef struct _KSERVICE_TABLE_DESCRIPTOR {
PULONG Base; // SSDT (System Service Dispatch Table)的基地址
PULONG Count; // 用于 checked builds, 包含 SSDT 中每个服务被调用的次数
ULONG Limit; // 服务函数的个数, NumberOfService * 4 就是整个地址表的大小
PUCHAR Number; // SSPT(System Service Parameter Table)的基地址
} KSERVICE_TABLE_DESCRIPTOR, *PKSERVICE_TABLE_DESCRIPTOR;
//导出由 ntoskrnl.exe 所导出的 SSDT
extern PKSERVICE_TABLE_DESCRIPTOR KeServiceDescriptorTable;
extern KSERVICE_TABLE_DESCRIPTOR NewKeServiceDescriptorTable;
#endif