[MS-ERREF]:NTSTATUS values (NDIS_STATUS)

最新推荐文章于 2025-12-17 21:08:13 发布
原创 最新推荐文章于 2025-12-17 21:08:13 发布 · 735 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#windows

本文档提供了关于 MSDN Library 中 Windows 错误代码 (MS-ERREF) 的参考资料,并深入探讨了 NTSTATUS 结构及其值,这对于理解 Windows 操作系统中的错误处理机制至关重要。
驱动程序DDK返回值类型NTSTATUS常见含义
苞米地里捉小鸡的博客
06-12 2466
STATUS_SUCCESS 函数执行成功 STATUS_UNSUCCESSFUL 函数执行不成功 STATUS_NOT_IMPLEMENTED 函数未被实现 STATUS_INVALID_INFO_CLASS 输入参数是无效的类型 STATUS_INFO_LENGTH_MISMATCH 输入参数长度不匹配 STATUS_ACCESS_VIOLATION 不允许访问 STATUS_IN_PAGE_ERROR 发生页故障 STATUS_IN
驱动开发(4)内核中的内存分配和错误码
zuishikonghuan的博客
11-08 2670
在驱动开发中,我们不应该使用C/C++运行时函数中的malloc或者calloc函数分配内存,更不应该使用new关键字,因为内核中的内存分配需要特殊处理。 在应用程序中,每个应用都有2G的虚拟内存,因此内存并不紧张,而所有的驱动程序共用内核模式的2G虚拟内存,因此内核中的资源非常宝贵,应该尽量节省。 更可怕的是内存泄露,应用程序即使发生了内存泄露,在其结束时操作系统可以通过进程上下文中的虚拟内
NTSTATUS Values - MSDN - Microsoft
07-24 212
https://msdn.microsoft.com/en-us/library/cc704588.aspx 转载于:https://www.cnblogs.com/DeeLMind/p/7227765.html
bcrypt.h:error C2485: 'align' : unrecognized extended attribute错误的一种可能的处理
tomcat114的脚印
08-10 3325
<br />这是碰到的一个麻烦事。<br />其实这种麻烦远不只一个,而是有一大堆,各种各样的。比如wintrust.h报一大堆错,你又没法解决。题目这个属于bcrypt.h文件的问题,报四个错。但这些起因都可以归为一类,或者说目前我能知道的是一类,因为再有其他的,我没处理过,估计也处理不了。<br />点VC6.0的Tools-->Options-->Directories,找到Show directories for:下拉列表,调到include那一堆里面<br />调顺序吧!<br />包括的那些in
Windows NTSTATUS Values 进程终止消息标识符
热门推荐
tz_zs的博客
08-20 1万+
____tz_zs 常见的进程终止值: 0x00000003 CRT的 abort() 或者 assert() 方法被调用了 0x80000003 在 RTC 运行时检查 发现一个未处理的断点(比如__debugbreak())  0xC0000005 访问冲突 0xC00000FD 堆栈溢出。请避免递归,将大堆栈缓冲区移到堆上,或者通过堆栈链接器选项增加堆栈大小。 0xC00
NTSTATUS Values
weixin_30394251的博客
04-01 2036
By combining the NTSTATUS into a single 32-bit numbering space, the following NTSTATUS values are defined. Most values also have a defined default message that can be used to map the value to a human-...
windows WDF驱动开发总结(7)--网络驱动开发(NDIS
smilestone322的专栏
10-08 4329
<br />NDIS 网络设备接口规范<br />(1)    NDIS_PROTOCOL_CHARACTERISTICS<br />函数功能:This structure is used to specify the version numbers and various callback functions for a protocol.typedef struct _NDIS_PROTOCOL_CHARACTERISTICS {  UCHAR MajorNdisVersion;  UCHAR Mino
WFP vs NDIS 深度对比分析
zhangyihu321的专栏
08-28 256
它们在网络协议栈的不同层次工作,各有优势。
驱动开发:内核封装WFP防火墙入门
LYSHARK
06-08 1万+
注册了一个过滤点,此处我们必须要注意三个回调函数,classifyFn, notifyFn, flowDeleteFn 他们分别的功能时,事前回调,事后回调,事后回调,而WFP框架中我们最需要注意的也就是对这三个函数进行重定义,也就是需要重写函数来实现我们特定的功能。事前更重要一些,如果需要监控网络流量则需要在事前函数中做处理,而如果是监视则可以在事后做处理,既然要在事前进行处理,那么我们就来看看事前是如何处理的流量。当有新的网络数据包路由到事前函数时,程序中会通过如下案例直接得到我们所需要的数据包头,
/* File Kmd.cpp By WzrterFX */ #include "Kmd.h" namespace Kmd { NTSTATUS Kmd::Create(PDRIVER_OBJECT driverObject) { NTSTATUS status = STATUS_UNSUCCESSFUL; UNICODE_STRING deviceName { }; RtlInitUnicodeString(&deviceName, L"\\Device\\Kmd"); status = IoCreateDevice( driverObject, NULL, &deviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &_deviceObject ); if (!NT_SUCCESS(status)) { DbgPrintEx(0, 0, "Fatal, failed to create driver device.\n" ); return status; } UNICODE_STRING symbolicLink { }; RtlInitUnicodeString(&symbolicLink, L"\\DosDevices\\Kmd"); status = IoCreateSymbolicLink(&symbolicLink, &deviceName); if (!NT_SUCCESS(status)) { DbgPrintEx(0, 0, "Fatal, failed to establish driver link.\n" ); IoDeleteDevice(_deviceObject); return status; } SetFlag(_deviceObject->Flags, DO_BUFFERED_IO); driverObject->MajorFunction[IRP_MJ_CREATE] = [](PDEVICE_OBJECT, PIRP io) -> NTSTATUS { IoCompleteRequest(io, IO_NO_INCREMENT); return io->IoStatus.Status; }; driverObject->MajorFunction[IRP_MJ_CLOSE] = [](PDEVICE_OBJECT, PIRP io) -> NTSTATUS { IoCompleteRequest(io, IO_NO_INCREMENT); return io->IoStatus.Status; }; driverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = &this->KmdControl; ClearFlag(_deviceObject->Flags, DO_DEVICE_INITIALIZING); return STATUS_SUCCESS; } NTSTATUS Kmd::KmdControl(PDEVICE_OBJECT, PIRP io) { NTSTATUS status = STATUS_UNSUCCESSFUL; PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(io); if (!stack) { IoCompleteRequest(io, IO_NO_INCREMENT); DbgPrintEx(0, 0, "Fatal, missing driver stack location.\n" ); return status; } PKmdRequest request = reinterpret_cast<PKmdRequest>(io->AssociatedIrp.SystemBuffer); if (!request) { IoCompleteRequest(io, IO_NO_INCREMENT); DbgPrintEx(0, 0, "Fatal, missing driver associated request.\n" ); return status; } static PEPROCESS process { }; static SIZE_T reserved { }; switch (stack->Parameters.DeviceIoControl.IoControlCode) { case ::Kmd::_IoCtls::attach: { status = ::Kmd::_NtifsApi::PsLookupProcessByProcessId( request->attachRequest.process, &process ); break; } case ::Kmd::_IoCtls::read: { if (process) { status = ::Kmd::_NtifsApi::MmCopyVirtualMemory( process, request->copyMemoryRequest.from, PsGetCurrentProcess(), request->copyMemoryRequest.to, request->copyMemoryRequest.requested, MODE::KernelMode, &reserved ); } break; } case ::Kmd::_IoCtls::write: { if (process) { status = ::Kmd::_NtifsApi::MmCopyVirtualMemory( PsGetCurrentProcess(), request->copyMemoryRequest.to, process, request->copyMemoryRequest.from, request->copyMemoryRequest.requested, MODE::KernelMode, &reserved ); } break; } default: { status = STATUS_INVALID_DEVICE_REQUEST; break; } } io->IoStatus.Status = status; io->IoStatus.Information = sizeof(KmdRequest); IoCompleteRequest(io, IO_NO_INCREMENT); return status; } }帮我全部加上注释
03-22
status = ::Kmd::_NtifsApi::PsLookupProcessByProcessId( request->attachRequest.process, // 目标进程ID &process // 输出进程对象 ); break; } case ::Kmd::_IoCtls::read: { // 读取进程内存 if ...
CryptAcquireContext:MS_DEF_PROV Error of container opening: NTE_BAD_KEYSET
05-24
NTSTATUS status = NCryptOpenStorageProvider(&hProvider, MS_PLATFORM_CNG_RSA_PROVIDER, 0); if (status != ERROR_SUCCESS) { wprintf(L"Failed opening provider with code: 0x%lx\n", status); } // 创建/...
bool hook_function(void* target_function, void* hooked_function,void* trampoline, void** origin_function) { unsigned __int64 physical_address = MmGetPhysicalAddress(target_function).QuadPart; // // Check if function exist in physical memory // if (physical_address == NULL) { LogError("Requested virtual memory doesn't exist in physical one"); return false; } // // Check if page isn't already hooked // PLIST_ENTRY current = &g_vmm_context->ept_state->hooked_page_list; while (&g_vmm_context->ept_state->hooked_page_list != current->Flink) { current = current->Flink; __ept_hooked_page_info* hooked_page_info = CONTAINING_RECORD(current, __ept_hooked_page_info, hooked_page_list); if (hooked_page_info->pfn_of_hooked_page == GET_PFN(physical_address)) { LogInfo("Page already hooked"); __ept_hooked_function_info* hooked_function_info = pool_manager::request_pool<__ept_hooked_function_info*>(pool_manager::INTENTION_TRACK_HOOKED_FUNCTIONS, TRUE, sizeof(__ept_hooked_function_info)); if (hooked_function_info == nullptr) { LogError("There is no pre-allocated pool for hooked function struct"); return false; } // // If we are hooking code cave for second trampoline // then origin function in null and we don't have to get pool for trampoline // if(origin_function != nullptr) { hooked_function_info->first_trampoline_address = pool_manager::request_pool<unsigned __int8*>(pool_manager::INTENTION_EXEC_TRAMPOLINE, TRUE, 100); if (hooked_function_info->first_trampoline_address == nullptr) { pool_manager::release_pool(hooked_function_info); LogError("There is no pre-allocated pool for trampoline"); return false; } } hooked_function_info->virtual_address = target_function; hooked_function_info->second_trampoline_address = trampoline; hooked_function_info->fake_page_contents = hooked_page_info->fake_page_contents; if (hook_instruction_memory(hooked_function_info, target_function, hooked_function, trampoline, origin_function) == false) { if(hooked_function_info->first_trampoline_address != nullptr) pool_manager::release_pool(hooked_function_info->first_trampoline_address); pool_manager::release_pool(hooked_function_info); LogError("Hook failed"); return false; } // Track all hooked functions within page InsertHeadList(&hooked_page_info->hooked_functions_list, &hooked_function_info->hooked_function_list); return true; } } if (is_page_splitted(physical_address) == false) { void* split_buffer = pool_manager::request_pool<void*>(pool_manager::INTENTION_SPLIT_PML2, true, sizeof(__ept_dynamic_split)); if (split_buffer == nullptr) { LogError("There is no preallocated pool for split"); return false; } if (split_pml2(split_buffer, physical_address) == false) { pool_manager::release_pool(split_buffer); LogError("Split failed"); return false; } } __ept_pte* target_page = get_pml1_entry(physical_address); if (target_page == nullptr) { LogError("Failed to get PML1 entry of the target address"); return false; } __ept_hooked_page_info* hooked_page_info = pool_manager::request_pool<__ept_hooked_page_info*>(pool_manager::INTENTION_TRACK_HOOKED_PAGES, true, sizeof(__ept_hooked_page_info)); if (hooked_page_info == nullptr) { LogError("There is no preallocated pool for hooked page info"); return false; } InitializeListHead(&hooked_page_info->hooked_functions_list); __ept_hooked_function_info* hooked_function_info = pool_manager::request_pool<__ept_hooked_function_info*>(pool_manager::INTENTION_TRACK_HOOKED_FUNCTIONS, true, sizeof(__ept_hooked_function_info)); if (hooked_function_info == nullptr) { pool_manager::release_pool(hooked_page_info); LogError("There is no preallocated pool for hooked function info"); return false; } // // If we are hooking code cave for second trampoline // then origin function in null and we don't have to get pool for trampoline // if (origin_function != nullptr) { hooked_function_info->first_trampoline_address = pool_manager::request_pool<unsigned __int8*>(pool_manager::INTENTION_EXEC_TRAMPOLINE, TRUE, 100); if (hooked_function_info->first_trampoline_address == nullptr) { pool_manager::release_pool(hooked_page_info); pool_manager::release_pool(hooked_function_info); LogError("There is no pre-allocated pool for trampoline"); return false; } } hooked_page_info->pfn_of_hooked_page = GET_PFN(physical_address); hooked_page_info->pfn_of_fake_page_contents = GET_PFN(MmGetPhysicalAddress(hooked_page_info->fake_page_contents).QuadPart); hooked_page_info->entry_address = target_page; hooked_page_info->entry_address->execute = 0; hooked_page_info->entry_address->read = 1; hooked_page_info->entry_address->write = 1; hooked_page_info->original_entry = *target_page; hooked_page_info->changed_entry = *target_page; hooked_page_info->changed_entry.read = 0; hooked_page_info->changed_entry.write = 0; hooked_page_info->changed_entry.execute = 1; hooked_page_info->changed_entry.physical_address = hooked_page_info->pfn_of_fake_page_contents; RtlCopyMemory(&hooked_page_info->fake_page_contents, PAGE_ALIGN(target_function), PAGE_SIZE); hooked_function_info->virtual_address = target_function; hooked_function_info->second_trampoline_address = trampoline; hooked_function_info->fake_page_contents = hooked_page_info->fake_page_contents; if(hook_instruction_memory(hooked_function_info, target_function, hooked_function, trampoline, origin_function) == false) { if (hooked_function_info->first_trampoline_address != nullptr) pool_manager::release_pool(hooked_function_info->first_trampoline_address); pool_manager::release_pool(hooked_function_info); pool_manager::release_pool(hooked_page_info); LogError("Hook failed"); return false; } // Track all hooked functions InsertHeadList(&hooked_page_info->hooked_functions_list, &hooked_function_info->hooked_function_list); // Track all hooked pages InsertHeadList(&g_vmm_context->ept_state->hooked_page_list, &hooked_page_info->hooked_page_list); invept_single_context(g_vmm_context->ept_state->ept_pointer->all); return true; }
08-07
NTSTATUS status = MmGetPhysicalAddress(target_function, &physAddr, &pageSize); if (!NT_SUCCESS(status)) { return false; // 获取物理地址失败 } // 3. 设置EPT表项为不可执行(关键步骤) // 修改EPT...
/* File Kmd.h By WzrterFX */ #pragma once #ifndef KMD_H #define KMD_H #include <cstdint> #include <ntifs.h> namespace Kmd { namespace _NtifsApi { extern "C" __declspec(dllimport) NTSTATUS __stdcall IoCreateDriver( IN PUNICODE_STRING DriverName, IN PDRIVER_INITIALIZE InitializationFunction ); extern "C" __declspec(dllimport) NTSTATUS __stdcall PsLookupProcessByProcessId( IN HANDLE ProcessId, OUT PEPROCESS* Process ); extern "C" __declspec(dllimport) NTSTATUS __stdcall MmCopyVirtualMemory( IN PEPROCESS FromProcess, IN PVOID FromAddress, IN PEPROCESS ToProcess, IN PVOID ToAddress, IN SIZE_T BufferSize, IN KPROCESSOR_MODE PreviousMode, OUT PSIZE_T NumberOfBytesCopied ); } namespace _IoCtls { constexpr std::uint32_t attach = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x01, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ); constexpr std::uint32_t read = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x02, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ); constexpr std::uint32_t write = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x03, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ); } class Kmd { private: PDEVICE_OBJECT _deviceObject; typedef struct __AttachRequest { HANDLE process; } AttachRequest, * PAttachRequest; typedef struct __CopyMemoryRequest { PVOID from; PVOID to; SIZE_T requested; } CopyMemoryRequest, * PCopyMemoryRequest; typedef struct _KmdRequest { AttachRequest attachRequest; CopyMemoryRequest copyMemoryRequest; } KmdRequest, * PKmdRequest; static NTSTATUS KmdControl(PDEVICE_OBJECT deviceObject, PIRP io); public: NTSTATUS Create(PDRIVER_OBJECT driverObject); }; } #endif /* !KMD_H */添加注释
03-22
然后,代码进入Kmd命名空间,里面分为几个子命名空间:_NtifsApi和_IoCtls,以及一个Kmd类。我需要分别解释这些部分的作用。 在_NtifsApi命名空间中,声明了三个外部函数:IoCreateDriver、...
Linux查询防火墙放过的端口并额外增加需要通过的端口命令
weixin_56526539的博客
12-16 317
Linux查询防火墙放过的端口并额外增加需要通过的端口命令
c# 1216
最新发布
czhc1140075663的博客
12-17 219
已通过配置路径,添加收入 支出条目 重启软件后 原数据不见,但是打开软件后,收入没保存,日统计收支情况只显示支出,添加支出 收入后,日统计数据表格中无数据显示。收入数据未产生,只有支出数据。
mybatis-动态sql语句-<foreach>
m0_73879549的博客
12-16 267
循环遍历集合/数组,把集合元素拼接成sql片段,动态处理多个参数的场景就比如:简单场景的:构建IN条件、批量查询用户列表、一次插入多个用户,多对多关联表等等。
vben admin BasicTable组件
m0_58537749的博客
12-15 427
以下是 的常用使用指南,可作为日常开发的速查手册。 2. useTable 配置项(常用) 选项 说明 列定义,支持 等 Ant Design Table 属性 异步请求函数,返回 或自定义 映射 唯一标识,字符串或函数 表格标题,可配 斑马纹 边框 、 控制高度和滚动行为 / 序号列及其配置 操作列配置() false/对象/Ant Design Pagination 属性 + 内联搜索表单( schemas、l
IO练习——网络爬虫(爬取数据)
2401_84643729的博客
12-15 814
Java练习——IO流练习题
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值