如何在内核模式下使用Ntdll.h和Ntdll.lib? [英] How to use Ntdll.h and Ntdll.lib in Kernel Mode?
本文介绍了如何在内核模式下使用Ntdll.h和Ntdll.lib?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想使用Ntdll.lib和Ntdll.h来使用未记录的函数,我下载了ntdll.h和ntdll.lib并将这些文件添加到我的项目中,但是当我想使用未记录的函数时,我看到了这个错误,例如:
hi , i want to use Ntdll.lib and Ntdll.h for use of undocumented function , i download ntdll.h and ntdll.lib and Add these files to my project , but when i want to use undocumented function i see this error , for example :
Quote:
错误1错误C3861:'ZwCreateProcess':未找到标识符
Error 1 error C3861: 'ZwCreateProcess': identifier not found
请告诉我如何使用这些文件运行nt未记录的例程,谢谢,
please tell me how to use these file to run nt undocumented routine , thanks ,
推荐答案
参见此处 [ ^ ];您在编译单元中的任何位置都没有 ZwCreateProcess()
的定义。如果它没有在 Ntdll.h 中定义,那么我猜你不能使用它。
See here[^]; you do not have a definition of ZwCreateProcess()
anywhere in your compilation unit. If it is not defined in Ntdll.h then I guess you cannot use it.
这是ZwCreateToken的原型类型
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateToken(
OUT PHANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN TOKEN_TYPE类型,
IN PLUID AuthenticationId,
IN PLARGE_INTEGER到期时间,
IN PTOKEN_USER用户,
在PTOKEN_GROUPS群组中,
在PTOKEN_PRIVILEGES权限,
IN PTOKEN_OWNER所有者,
IN PTOKEN_PRIMARY_GROUP PrimaryGroup,
IN PTOKEN_DEFAULT_DACL DefaultDacl,
in PTOKEN_SOURCE来源
);
Here is a proto-type for ZwCreateToken
NTSYSAPI
NTSTATUS
NTAPI
ZwCreateToken(
OUT PHANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN TOKEN_TYPE Type,
IN PLUID AuthenticationId,
IN PLARGE_INTEGER ExpirationTime,
IN PTOKEN_USER User,
IN PTOKEN_GROUPS Groups,
IN PTOKEN_PRIVILEGES Privileges,
IN PTOKEN_OWNER Owner,
IN PTOKEN_PRIMARY_GROUP PrimaryGroup,
IN PTOKEN_DEFAULT_DACL DefaultDacl,
IN PTOKEN_SOURCE Source
);
这篇关于如何在内核模式下使用Ntdll.h和Ntdll.lib?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文