插APC驱动读写

程序员文章站 2022-06-05 17:22:09

...

//插APC温柔读内存
BOOLEAN APCReadProcessMemory(ULONG PID, PVOID targetaddress, ULONG length, PVOID retdata)
{
	PEPROCESS pepro;
	KAPC_STATE kapc = { 0 };
	pepro = LookupProcess((HANDLE)PID);
	if (pepro == NULL)
		return FALSE;
	ObDereferenceObject(pepro);
	__try
	{
		KeStackAttachProcess(pepro, &kapc);
		ProbeForRead(targetaddress, length, sizeof(CHAR));
		RtlCopyMemory(retdata, targetaddress, length);
		KeUnstackDetachProcess(&kapc);
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		KeUnstackDetachProcess(&kapc);
		return FALSE;
	}	
	return TRUE;
}


//插APC温柔写内存
BOOLEAN APCWriteProcessMemory(ULONG PID, PVOID targetaddress, ULONG length, PVOID Indata)
{
	PEPROCESS pepro;
	KAPC_STATE kapc = { 0 };
	pepro = LookupProcess((HANDLE)PID);
	if (pepro == NULL)
		return FALSE;
	ObDereferenceObject(pepro);
	ULONG64 Cr0;
	__try
	{
		KeStackAttachProcess(pepro, &kapc);
		ProbeForWrite(targetaddress, length, sizeof(CHAR));
		_disable();
		Cr0 = __readcr0();
		Cr0 &= 0xfffffffffffeffff;
		__writecr0(Cr0);
		_enable();
		memcpy(targetaddress, Indata, length);
		_disable();
		Cr0 |= 10000;
		__writecr0(Cr0);
		_enable();
		KeUnstackDetachProcess(&kapc);
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		_disable();
		Cr0 |= 10000;
		__writecr0(Cr0);
		_enable();
		KeUnstackDetachProcess(&kapc);
		return FALSE;
	}
	return TRUE;
}

插APC驱动读写

插APC驱动读写

Linux内存读写 -- 自制驱动调试工具

Linux驱动开发常用调试工具---之内存读写工具devmem和devkmem

Linux驱动开发常用调试工具---之内存读写工具devmem