;应用层的实现如下:
.386
.model flat, stdcall
option casemap:none
include user32.inc
includelib user32.lib
.code
sztips db "Boot Mode",0 ;启动模式
sznb db "Normal boot",0 ;正常启动
szfsb db "Fail-safe boot",0 ;A fail-safe boot (also called SafeBoot, Safe Mode, or Clean Boot) bypasses the user startup files.
szfsnb db "Fail-safe with network boot",0 ;带网络模式的安全启动。
szunknow db "unknow boot mode",0 ;未知的启动模式,我想这个可能几乎为零。
start:
invoke GetSystemMetrics,67;SM_CLEANBOOT
.if eax == 0
invoke MessageBox,0,addr sznb,addr sztips,0
.elseif eax == 1
invoke MessageBox,0,addr szfsb,addr sztips,0
.elseif eax == 2
invoke MessageBox,0,addr szfsnb,addr sztips,0
.else
invoke MessageBox,0,addr szunknow,addr sztips,0
.endif
ret
end start
;made at 2011.08.17
;驱动层的实现如下:
;是摘自kmdkit。
.386
.model flat, stdcall
option casemap:none
include ntstatus.inc
include ntddk.inc
include ntoskrnl.inc
includelib ntoskrnl.lib
include Strings.mac
NORMALBOOT equ 0 ; The system is not in safe mode
SAFEBOOT_MINIMAL equ 1
SAFEBOOT_NETWORK equ 2
SAFEBOOT_DSREPAIR equ 3 ; (for Windows Domain Controllers Only)
.code
DriverEntry proc pDriverObject:PDRIVER_OBJECT, pusRegistryPath:PUNICODE_STRING
mov eax, InitSafeBootMode ;ntoskrnl.exe中导出的,就像ssdt一样。
mov eax, [eax]
mov eax, [eax]
.if eax == NORMALBOOT
invoke DbgPrint, $CTA0("Normal boot\n")
.elseif eax == SAFEBOOT_MINIMAL
invoke DbgPrint, $CTA0("Minimal safe boot\n")
.elseif eax == SAFEBOOT_NETWORK
invoke DbgPrint, $CTA0("Network safe boot\n")
.elseif eax == SAFEBOOT_DSREPAIR
invoke DbgPrint, $CTA0("Repair safe boot\n")
.else
invoke DbgPrint, $CTA0("Invalid safeboot option: %d\n"), eax
.endif
mov eax, 0;STATUS_DEVICE_CONFIGURATION_ERROR 加这个,运行后,会返回参数不正确。
ret
DriverEntry endp
end DriverEntry
;c/c++中用法示例:
extern PULONG InitSafeBootMode;
if (*InitSafeBootMode == 0)
{
DbgPrint("this is running in Normalmode");
}
没有评论:
发表评论