[MS-ERREF]:NTSTATUS values (NDIS_STATUS)

最新推荐文章于 2025-12-19 09:55:57 发布
原创 最新推荐文章于 2025-12-19 09:55:57 发布 · 735 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#windows

本文档提供了关于 MSDN Library 中 Windows 错误代码 (MS-ERREF) 的参考资料,并深入探讨了 NTSTATUS 结构及其值,这对于理解 Windows 操作系统中的错误处理机制至关重要。
驱动程序DDK返回值类型NTSTATUS常见含义
苞米地里捉小鸡的博客
06-12 2466
STATUS_SUCCESS 函数执行成功 STATUS_UNSUCCESSFUL 函数执行不成功 STATUS_NOT_IMPLEMENTED 函数未被实现 STATUS_INVALID_INFO_CLASS 输入参数是无效的类型 STATUS_INFO_LENGTH_MISMATCH 输入参数长度不匹配 STATUS_ACCESS_VIOLATION 不允许访问 STATUS_IN_PAGE_ERROR 发生页故障 STATUS_IN
驱动开发(4)内核中的内存分配和错误码
zuishikonghuan的博客
11-08 2670
在驱动开发中,我们不应该使用C/C++运行时函数中的malloc或者calloc函数分配内存,更不应该使用new关键字,因为内核中的内存分配需要特殊处理。 在应用程序中,每个应用都有2G的虚拟内存,因此内存并不紧张,而所有的驱动程序共用内核模式的2G虚拟内存,因此内核中的资源非常宝贵,应该尽量节省。 更可怕的是内存泄露,应用程序即使发生了内存泄露,在其结束时操作系统可以通过进程上下文中的虚拟内
NTSTATUS Values - MSDN - Microsoft
07-24 212
https://msdn.microsoft.com/en-us/library/cc704588.aspx 转载于:https://www.cnblogs.com/DeeLMind/p/7227765.html
bcrypt.h:error C2485: 'align' : unrecognized extended attribute错误的一种可能的处理
tomcat114的脚印
08-10 3325
<br />这是碰到的一个麻烦事。<br />其实这种麻烦远不只一个,而是有一大堆,各种各样的。比如wintrust.h报一大堆错,你又没法解决。题目这个属于bcrypt.h文件的问题,报四个错。但这些起因都可以归为一类,或者说目前我能知道的是一类,因为再有其他的,我没处理过,估计也处理不了。<br />点VC6.0的Tools-->Options-->Directories,找到Show directories for:下拉列表,调到include那一堆里面<br />调顺序吧!<br />包括的那些in
Windows NTSTATUS Values 进程终止消息标识符
热门推荐
tz_zs的博客
08-20 1万+
____tz_zs 常见的进程终止值: 0x00000003 CRT的 abort() 或者 assert() 方法被调用了 0x80000003 在 RTC 运行时检查 发现一个未处理的断点(比如__debugbreak())  0xC0000005 访问冲突 0xC00000FD 堆栈溢出。请避免递归,将大堆栈缓冲区移到堆上,或者通过堆栈链接器选项增加堆栈大小。 0xC00
NTSTATUS Values
weixin_30394251的博客
04-01 2036
By combining the NTSTATUS into a single 32-bit numbering space, the following NTSTATUS values are defined. Most values also have a defined default message that can be used to map the value to a human-...
windows WDF驱动开发总结(7)--网络驱动开发(NDIS
smilestone322的专栏
10-08 4329
<br />NDIS 网络设备接口规范<br />(1)    NDIS_PROTOCOL_CHARACTERISTICS<br />函数功能:This structure is used to specify the version numbers and various callback functions for a protocol.typedef struct _NDIS_PROTOCOL_CHARACTERISTICS {  UCHAR MajorNdisVersion;  UCHAR Mino
WFP vs NDIS 深度对比分析
zhangyihu321的专栏
08-28 256
它们在网络协议栈的不同层次工作,各有优势。
驱动开发:内核封装WFP防火墙入门
LYSHARK
06-08 1万+
注册了一个过滤点,此处我们必须要注意三个回调函数,classifyFn, notifyFn, flowDeleteFn 他们分别的功能时,事前回调,事后回调,事后回调,而WFP框架中我们最需要注意的也就是对这三个函数进行重定义,也就是需要重写函数来实现我们特定的功能。事前更重要一些,如果需要监控网络流量则需要在事前函数中做处理,而如果是监视则可以在事后做处理,既然要在事前进行处理,那么我们就来看看事前是如何处理的流量。当有新的网络数据包路由到事前函数时,程序中会通过如下案例直接得到我们所需要的数据包头,
/* File Kmd.cpp By WzrterFX */ #include "Kmd.h" namespace Kmd { NTSTATUS Kmd::Create(PDRIVER_OBJECT driverObject) { NTSTATUS status = STATUS_UNSUCCESSFUL; UNICODE_STRING deviceName { }; RtlInitUnicodeString(&deviceName, L"\\Device\\Kmd"); status = IoCreateDevice( driverObject, NULL, &deviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &_deviceObject ); if (!NT_SUCCESS(status)) { DbgPrintEx(0, 0, "Fatal, failed to create driver device.\n" ); return status; } UNICODE_STRING symbolicLink { }; RtlInitUnicodeString(&symbolicLink, L"\\DosDevices\\Kmd"); status = IoCreateSymbolicLink(&symbolicLink, &deviceName); if (!NT_SUCCESS(status)) { DbgPrintEx(0, 0, "Fatal, failed to establish driver link.\n" ); IoDeleteDevice(_deviceObject); return status; } SetFlag(_deviceObject->Flags, DO_BUFFERED_IO); driverObject->MajorFunction[IRP_MJ_CREATE] = [](PDEVICE_OBJECT, PIRP io) -> NTSTATUS { IoCompleteRequest(io, IO_NO_INCREMENT); return io->IoStatus.Status; }; driverObject->MajorFunction[IRP_MJ_CLOSE] = [](PDEVICE_OBJECT, PIRP io) -> NTSTATUS { IoCompleteRequest(io, IO_NO_INCREMENT); return io->IoStatus.Status; }; driverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = &this->KmdControl; ClearFlag(_deviceObject->Flags, DO_DEVICE_INITIALIZING); return STATUS_SUCCESS; } NTSTATUS Kmd::KmdControl(PDEVICE_OBJECT, PIRP io) { NTSTATUS status = STATUS_UNSUCCESSFUL; PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(io); if (!stack) { IoCompleteRequest(io, IO_NO_INCREMENT); DbgPrintEx(0, 0, "Fatal, missing driver stack location.\n" ); return status; } PKmdRequest request = reinterpret_cast<PKmdRequest>(io->AssociatedIrp.SystemBuffer); if (!request) { IoCompleteRequest(io, IO_NO_INCREMENT); DbgPrintEx(0, 0, "Fatal, missing driver associated request.\n" ); return status; } static PEPROCESS process { }; static SIZE_T reserved { }; switch (stack->Parameters.DeviceIoControl.IoControlCode) { case ::Kmd::_IoCtls::attach: { status = ::Kmd::_NtifsApi::PsLookupProcessByProcessId( request->attachRequest.process, &process ); break; } case ::Kmd::_IoCtls::read: { if (process) { status = ::Kmd::_NtifsApi::MmCopyVirtualMemory( process, request->copyMemoryRequest.from, PsGetCurrentProcess(), request->copyMemoryRequest.to, request->copyMemoryRequest.requested, MODE::KernelMode, &reserved ); } break; } case ::Kmd::_IoCtls::write: { if (process) { status = ::Kmd::_NtifsApi::MmCopyVirtualMemory( PsGetCurrentProcess(), request->copyMemoryRequest.to, process, request->copyMemoryRequest.from, request->copyMemoryRequest.requested, MODE::KernelMode, &reserved ); } break; } default: { status = STATUS_INVALID_DEVICE_REQUEST; break; } } io->IoStatus.Status = status; io->IoStatus.Information = sizeof(KmdRequest); IoCompleteRequest(io, IO_NO_INCREMENT); return status; } }帮我全部加上注释
03-22
status = ::Kmd::_NtifsApi::PsLookupProcessByProcessId( request->attachRequest.process, // 目标进程ID &process // 输出进程对象 ); break; } case ::Kmd::_IoCtls::read: { // 读取进程内存 if ...
CryptAcquireContext:MS_DEF_PROV Error of container opening: NTE_BAD_KEYSET
05-24
NTSTATUS status = NCryptOpenStorageProvider(&hProvider, MS_PLATFORM_CNG_RSA_PROVIDER, 0); if (status != ERROR_SUCCESS) { wprintf(L"Failed opening provider with code: 0x%lx\n", status); } // 创建/...
bool hook_function(void* target_function, void* hooked_function,void* trampoline, void** origin_function) { unsigned __int64 physical_address = MmGetPhysicalAddress(target_function).QuadPart; // // Check if function exist in physical memory // if (physical_address == NULL) { LogError("Requested virtual memory doesn't exist in physical one"); return false; } // // Check if page isn't already hooked // PLIST_ENTRY current = &g_vmm_context->ept_state->hooked_page_list; while (&g_vmm_context->ept_state->hooked_page_list != current->Flink) { current = current->Flink; __ept_hooked_page_info* hooked_page_info = CONTAINING_RECORD(current, __ept_hooked_page_info, hooked_page_list); if (hooked_page_info->pfn_of_hooked_page == GET_PFN(physical_address)) { LogInfo("Page already hooked"); __ept_hooked_function_info* hooked_function_info = pool_manager::request_pool<__ept_hooked_function_info*>(pool_manager::INTENTION_TRACK_HOOKED_FUNCTIONS, TRUE, sizeof(__ept_hooked_function_info)); if (hooked_function_info == nullptr) { LogError("There is no pre-allocated pool for hooked function struct"); return false; } // // If we are hooking code cave for second trampoline // then origin function in null and we don't have to get pool for trampoline // if(origin_function != nullptr) { hooked_function_info->first_trampoline_address = pool_manager::request_pool<unsigned __int8*>(pool_manager::INTENTION_EXEC_TRAMPOLINE, TRUE, 100); if (hooked_function_info->first_trampoline_address == nullptr) { pool_manager::release_pool(hooked_function_info); LogError("There is no pre-allocated pool for trampoline"); return false; } } hooked_function_info->virtual_address = target_function; hooked_function_info->second_trampoline_address = trampoline; hooked_function_info->fake_page_contents = hooked_page_info->fake_page_contents; if (hook_instruction_memory(hooked_function_info, target_function, hooked_function, trampoline, origin_function) == false) { if(hooked_function_info->first_trampoline_address != nullptr) pool_manager::release_pool(hooked_function_info->first_trampoline_address); pool_manager::release_pool(hooked_function_info); LogError("Hook failed"); return false; } // Track all hooked functions within page InsertHeadList(&hooked_page_info->hooked_functions_list, &hooked_function_info->hooked_function_list); return true; } } if (is_page_splitted(physical_address) == false) { void* split_buffer = pool_manager::request_pool<void*>(pool_manager::INTENTION_SPLIT_PML2, true, sizeof(__ept_dynamic_split)); if (split_buffer == nullptr) { LogError("There is no preallocated pool for split"); return false; } if (split_pml2(split_buffer, physical_address) == false) { pool_manager::release_pool(split_buffer); LogError("Split failed"); return false; } } __ept_pte* target_page = get_pml1_entry(physical_address); if (target_page == nullptr) { LogError("Failed to get PML1 entry of the target address"); return false; } __ept_hooked_page_info* hooked_page_info = pool_manager::request_pool<__ept_hooked_page_info*>(pool_manager::INTENTION_TRACK_HOOKED_PAGES, true, sizeof(__ept_hooked_page_info)); if (hooked_page_info == nullptr) { LogError("There is no preallocated pool for hooked page info"); return false; } InitializeListHead(&hooked_page_info->hooked_functions_list); __ept_hooked_function_info* hooked_function_info = pool_manager::request_pool<__ept_hooked_function_info*>(pool_manager::INTENTION_TRACK_HOOKED_FUNCTIONS, true, sizeof(__ept_hooked_function_info)); if (hooked_function_info == nullptr) { pool_manager::release_pool(hooked_page_info); LogError("There is no preallocated pool for hooked function info"); return false; } // // If we are hooking code cave for second trampoline // then origin function in null and we don't have to get pool for trampoline // if (origin_function != nullptr) { hooked_function_info->first_trampoline_address = pool_manager::request_pool<unsigned __int8*>(pool_manager::INTENTION_EXEC_TRAMPOLINE, TRUE, 100); if (hooked_function_info->first_trampoline_address == nullptr) { pool_manager::release_pool(hooked_page_info); pool_manager::release_pool(hooked_function_info); LogError("There is no pre-allocated pool for trampoline"); return false; } } hooked_page_info->pfn_of_hooked_page = GET_PFN(physical_address); hooked_page_info->pfn_of_fake_page_contents = GET_PFN(MmGetPhysicalAddress(hooked_page_info->fake_page_contents).QuadPart); hooked_page_info->entry_address = target_page; hooked_page_info->entry_address->execute = 0; hooked_page_info->entry_address->read = 1; hooked_page_info->entry_address->write = 1; hooked_page_info->original_entry = *target_page; hooked_page_info->changed_entry = *target_page; hooked_page_info->changed_entry.read = 0; hooked_page_info->changed_entry.write = 0; hooked_page_info->changed_entry.execute = 1; hooked_page_info->changed_entry.physical_address = hooked_page_info->pfn_of_fake_page_contents; RtlCopyMemory(&hooked_page_info->fake_page_contents, PAGE_ALIGN(target_function), PAGE_SIZE); hooked_function_info->virtual_address = target_function; hooked_function_info->second_trampoline_address = trampoline; hooked_function_info->fake_page_contents = hooked_page_info->fake_page_contents; if(hook_instruction_memory(hooked_function_info, target_function, hooked_function, trampoline, origin_function) == false) { if (hooked_function_info->first_trampoline_address != nullptr) pool_manager::release_pool(hooked_function_info->first_trampoline_address); pool_manager::release_pool(hooked_function_info); pool_manager::release_pool(hooked_page_info); LogError("Hook failed"); return false; } // Track all hooked functions InsertHeadList(&hooked_page_info->hooked_functions_list, &hooked_function_info->hooked_function_list); // Track all hooked pages InsertHeadList(&g_vmm_context->ept_state->hooked_page_list, &hooked_page_info->hooked_page_list); invept_single_context(g_vmm_context->ept_state->ept_pointer->all); return true; }
08-07
NTSTATUS status = MmGetPhysicalAddress(target_function, &physAddr, &pageSize); if (!NT_SUCCESS(status)) { return false; // 获取物理地址失败 } // 3. 设置EPT表项为不可执行(关键步骤) // 修改EPT...
/* File Kmd.h By WzrterFX */ #pragma once #ifndef KMD_H #define KMD_H #include <cstdint> #include <ntifs.h> namespace Kmd { namespace _NtifsApi { extern "C" __declspec(dllimport) NTSTATUS __stdcall IoCreateDriver( IN PUNICODE_STRING DriverName, IN PDRIVER_INITIALIZE InitializationFunction ); extern "C" __declspec(dllimport) NTSTATUS __stdcall PsLookupProcessByProcessId( IN HANDLE ProcessId, OUT PEPROCESS* Process ); extern "C" __declspec(dllimport) NTSTATUS __stdcall MmCopyVirtualMemory( IN PEPROCESS FromProcess, IN PVOID FromAddress, IN PEPROCESS ToProcess, IN PVOID ToAddress, IN SIZE_T BufferSize, IN KPROCESSOR_MODE PreviousMode, OUT PSIZE_T NumberOfBytesCopied ); } namespace _IoCtls { constexpr std::uint32_t attach = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x01, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ); constexpr std::uint32_t read = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x02, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ); constexpr std::uint32_t write = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x03, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ); } class Kmd { private: PDEVICE_OBJECT _deviceObject; typedef struct __AttachRequest { HANDLE process; } AttachRequest, * PAttachRequest; typedef struct __CopyMemoryRequest { PVOID from; PVOID to; SIZE_T requested; } CopyMemoryRequest, * PCopyMemoryRequest; typedef struct _KmdRequest { AttachRequest attachRequest; CopyMemoryRequest copyMemoryRequest; } KmdRequest, * PKmdRequest; static NTSTATUS KmdControl(PDEVICE_OBJECT deviceObject, PIRP io); public: NTSTATUS Create(PDRIVER_OBJECT driverObject); }; } #endif /* !KMD_H */添加注释
03-22
然后,代码进入Kmd命名空间,里面分为几个子命名空间:_NtifsApi和_IoCtls,以及一个Kmd类。我需要分别解释这些部分的作用。 在_NtifsApi命名空间中,声明了三个外部函数:IoCreateDriver、...
Linux查询防火墙放过的端口并额外增加需要通过的端口命令
weixin_56526539的博客
12-16 310
Linux查询防火墙放过的端口并额外增加需要通过的端口命令
mybatis-动态sql语句-<foreach>
m0_73879549的博客
12-16 259
循环遍历集合/数组,把集合元素拼接成sql片段,动态处理多个参数的场景就比如:简单场景的:构建IN条件、批量查询用户列表、一次插入多个用户,多对多关联表等等。
IO练习——网络爬虫(爬取数据)
2401_84643729的博客
12-15 801
Java练习——IO流练习题
C++ list容器模拟实现:迭代器、构造与STL风格编程
最新发布
2502_91499791的博客
12-19 646
迭代器的核心效果是模拟原生指针的行为且提供统一的方式去封装底层的细节,该文章就尤其体现了面向对象封装的特点,算是一篇真正意义上的工业级别的模拟实现
Java集合-List讲解
2301_78125917的博客
12-16 1277
Java 集合框架(Collections Framework)是 Java 中用于。它提供了一组接口、实现类和算法。
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值