驱动内存映射文件

驱动内存映射文件，一切尽在代码中，各位老爷请看：

// 内存映射文件，返回基址 
// 用完记得ZwUnmapViewOfSection(ZwCurrentProcess(), BaseAddress);
PVOID CreateMapFileAndGetBaseAddr(PUNICODE_STRING FilePath, PSIZE_T Size)
{
#define SEC_IMAGE 0x01000000PVOID MapFileBaseAddress = NULL;HANDLE  FileHandle = NULL;HANDLE  SectionHandle = NULL;NTSTATUS status;IO_STATUS_BLOCK IoStatus = { 0 };OBJECT_ATTRIBUTES oa = { 0 };InitializeObjectAttributes(&oa,FilePath,OBJ_CASE_INSENSITIVE,0,0);status = ZwOpenFile(&FileHandle,FILE_READ_DATA,&oa,&IoStatus,FILE_SHARE_READ,FILE_SYNCHRONOUS_IO_NONALERT);if (!NT_SUCCESS(status)){KdPrint(("ZwOpenFile failed: 0x%x\n", status));return NULL;}oa.ObjectName = 0;status = ZwCreateSection(&SectionHandle,SECTION_ALL_ACCESS,&oa,0,PAGE_READONLY,SEC_IMAGE,FileHandle);if (!NT_SUCCESS(status)){KdPrint(("ZwCreateSection failed: 0x%x\n", status));ZwClose(FileHandle);return NULL;}status = ZwMapViewOfSection(SectionHandle,ZwCurrentProcess(),&MapFileBaseAddress,0,0,0,Size,ViewUnmap,0,PAGE_READONLY);if (!NT_SUCCESS(status)){KdPrint(("ZwMapViewOfSection failed: 0x%x\n", status));ZwClose(SectionHandle);ZwClose(FileHandle);return NULL;}ZwClose(SectionHandle);ZwClose(FileHandle);return MapFileBaseAddress;
}

本博客旨在提供高稳定性和良好风格的代码。

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！