#include <ntddk.h>

NTSTATUS 
  ZwAllocateVirtualMemory(
    IN HANDLE  ProcessHandle,
    IN OUT PVOID  *BaseAddress,
    IN ULONG  ZeroBits,
    IN OUT PSIZE_T  RegionSize,
    IN ULONG  AllocationType,
    IN ULONG  Protect
    ); 




NTSTATUS ReadWriteProcess()
{
	NTSTATUS	Status;
	HANDLE		hProcess;
	CLIENT_ID	ClientId;
	OBJECT_ATTRIBUTES	ObjAttr;

	PVOID		AllocateAddress;
	size_t		RegionSize;

	ClientId.UniqueProcess = (HANDLE)2084;
	ClientId.UniqueThread = 0;
	
	memset(&ObjAttr,0,sizeof(OBJECT_ATTRIBUTES));

	Status = ZwOpenProcess(&hProcess,PROCESS_ALL_ACCESS,&ObjAttr,&ClientId);
	if (!NT_SUCCESS(Status))
	{
		KdPrint(("error code:%X",Status));
		return Status;
	}
	
	RegionSize = 0xff;

	Status = ZwAllocateVirtualMemory(hProcess,&AllocateAddress,0,&RegionSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
	if (!NT_SUCCESS(Status))
	{
		KdPrint(("error code:%X",Status));
		return Status;
	}
	
	KdPrint(("address:%X,size:%d",AllocateAddress,RegionSize));

	ZwClose(hProcess);
	return Status;
}

VOID MyUnload(PDRIVER_OBJECT pDriverObject)
{
}

NTSTATUS DriverEntry(PDRIVER_OBJECT	pDriverObject,PUNICODE_STRING Reg_Path)
{
	ReadWriteProcess();
	pDriverObject->DriverUnload = MyUnload;
	return STATUS_SUCCESS;
}
打赏