- 积分
- 552
- 最后登录
- 2024-4-26
- 精华
- 0
- 阅读权限
- 40
- 主题
- 67
- UID
- 60921
- 帖子
- 1365
- PB币
- 2672
- 威望
- 1
- 贡献
- 0
- 技术
- 4
- 活跃
- 1819
 
- UID
- 60921
- 帖子
- 1365
- PB币
- 2672
- 贡献
- 0
- 技术
- 4
- 活跃
- 1819
|
楼主
发表于 2007-2-14 10:58:22
IP属地浙江
32位的Vista的时间停止破解补丁的驱动源代码
逆向自俄罗斯OfflineVista的驱动,仅供有能力和有兴趣者学习和研究,本人不承担任何后果
TimerStop.cpp代码清单
#ifdef __cplusplus
extern "C" {
#endif
#include <wdm.h>
// 用KeSetTimer向计时器列表插入一个Timer,再用它来获取内核中的计时器列表
PULONG GetTimerTable()
{
KTIMER ktimer;
KeInitializeTimer(&ktimer);
LARGE_INTEGER duoTime = RtlConvertLongToLargeInteger(-1);
while (!KeSetTimer(&ktimer, duoTime, NULL))
{
duoTime.u.LowPart --;
}
PULONG pBlink = reinterpret_cast<PULONG>(ktimer.TimerListEntry.Blink);
KeCancelTimer(&ktimer);
while (*pBlink != 0)
{
pBlink -= 4;
}
pBlink = pBlink + 4;
return pBlink;
}
// 检查ulData的低12位是否为0x0218
ULONG Check(ULONG ulData)
{
ULONG ulRet = ulData;
ulRet = ulRet & 0x0FFF;
if (ulRet == 0x0218)
return 1;
else
return 0;
}
ULONG DoIt()
{
// 变量声明
ULONG uSearchCount;
ULONG uRoutineCount;
KIRQL NewIrql;
GetTimerTable();
uSearchCount = 0;
uRoutineCount = 0;
// 更改IRQL
KeRaiseIrql(2, &NewIrql);
// 获取计时器列表
PULONG pTimerTable = GetTimerTable();
DbgPrint("TimerTable : %x\n", pTimerTable);
// 取出每个TIMER
PULONG pTimer;
while ((pTimer = (PULONG)(*pTimerTable)) != 0)
{
while (pTimer != pTimerTable)
{
PULONG pBuffer = pTimer - 6;
PULONG pTmp = (PULONG)(*(pBuffer + 8));
pTimer = (PULONG)(*pTimer);
if (pTmp != 0)
{
ULONG data = *(pTmp + 3);
if (data != 0 && Check(data) != 0)
{
DbgPrint("Found DeferredRoutine %x QuadPart %lld", data, *(PLARGE_INTEGER)(pBuffer + 4));
PULONG eax = (PULONG)(*(pBuffer + 6));
pBuffer = (PULONG)(*(pBuffer + 7));
uRoutineCount ++;
*pBuffer = (ULONG)eax;
*(eax + 1) = (ULONG)pBuffer;
}
}
}
uSearchCount ++;
pTimerTable += 4;
if (uSearchCount < 0x1F4)
continue;
else
break;;
}
KeLowerIrql(NewIrql);
return uRoutineCount;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegPath)
{
DbgPrint("TimerStop Driver loaded");
return (0xFFFFFFFF - DoIt());
}
#ifdef __cplusplus
}
#endif
如果要建立好的项目,可以到http://bbs.driverdevelop.com/htm_data/100/0702/99145.html下载 |
|
