#include <ntifs.h>
#include <windef.h>
/*
文件名:RtlCreateHeap.c
其实最主要的还是RtlCreateHeap的说明,注意这个可以有回调函数。
RtlAllocateHeap这个函数也不能在指定的地址上申请内存。
made by correy
made at 2014.09.04
email:kouleguan at hotmail dot com
homepage:http://correy.webs.com
*/
DRIVER_INITIALIZE DriverEntry;
NTSTATUS DriverEntry( __in struct _DRIVER_OBJECT * DriverObject, __in PUNICODE_STRING RegistryPath)
{
NTSTATUS status = STATUS_UNSUCCESSFUL;
PVOID HeapHandle = 0;
PVOID p = 0;
BOOLEAN B = FALSE ;
SIZE_T Size = 9;
ULONG Alignment = 1;
KdBreakPoint();
HeapHandle = RtlCreateHeap(0, 0, 0, 0, 0, 0);
if (HeapHandle == NULL) {
return STATUS_INSUFFICIENT_RESOURCES;
}
KdPrint(("HeapHandle == %p!\n", HeapHandle));
p = RtlAllocateHeap(HeapHandle, HEAP_ZERO_MEMORY, Size);
if (p == NULL) {
HeapHandle = RtlDestroyHeap(HeapHandle);
if (HeapHandle != NULL) {
KdPrint(("RtlDestroyHeap fails!\n"));
}
return STATUS_INSUFFICIENT_RESOURCES;
}
KdPrint(("p == %p!\n", p));
__try {
ProbeForWrite(p, Size, Alignment);
*(char *)p = 9;
} __except (EXCEPTION_EXECUTE_HANDLER) {
KdPrint(("ExceptionCode == 0x%x!\n", GetExceptionCode()));
}
B = RtlFreeHeap(HeapHandle, HEAP_NO_SERIALIZE, p);
if (B == FALSE )
{
KdPrint(("RtlFreeHeap fails!\n"));
}
HeapHandle = RtlDestroyHeap(HeapHandle);
if (HeapHandle != NULL) {
KdPrint(("RtlDestroyHeap fails!\n"));
}
return status;
}
/*
运行结果如下:
HeapHandle == 00180000!
p == 00180688!
这些内存在哪个进程呢?
函数没有指明,但是函数的说明指明了。
*/
2014年9月4日星期四
驱动创建和访问用户堆
订阅:
博文评论 (Atom)
没有评论:
发表评论