Caused by: java.time.DateTimeException: Invalid value for MonthOfYear (valid values 1 - 12): 0 问题解决

本文介绍了一种解决Spring Boot项目中因引用包含openJDK代码的外部包而引起的校验错误的方法。通过升级springboot打包插件至2.2.6.RELEASE版本,成功解决了启动时报错的问题。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

引用自己写的另一个包到spring项目,由于包里面有其它openJDK的代码,导致校验不对启动报错,找了半天springboot插件的源码,最终发现2.2.6.RELEASE版本已经修复了这个问题,把springboot打包插件版本改成

2.2.6.RELEASE 就行

 

kd> ed nt!Kd_DEFAULT_Mask 0xFFFFFFFF kd> ed nt!Kd_IHVDRIVER_Mask 0xFFFFFFFF kd> g KDTARGET: Refreshing KD connection *** Fatal System Error: 0x0000007e (0xFFFFFFFFC0000005,0xFFFFF805802B1699,0xFFFFFC89CAC5A458,0xFFFFFC89CAC59C90) Break instruction exception - code 80000003 (first chance) A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked. A fatal system error has occurred. For analysis of this file, run !analyze -v nt!DbgBreakPointWithStatus: fffff805`7affd0b0 cc int 3 kd> !analyze -v Connected to Windows 10 19041 x64 target at (Tue Jul 15 22:09:55.446 2025 (UTC + 8:00)), ptr64 TRUE Loading Kernel Symbols ................................... Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. ............................ ................................................................ ..................................................... Loading User Symbols Loading unloaded module list ...... ERROR: FindPlugIns 8007007b ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common BugCheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff805802b1699, The address that the exception occurred at Arg3: fffffc89cac5a458, Exception Record Address Arg4: fffffc89cac59c90, Context Record Address Debugging Details: ------------------ Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. KEY_VALUES_STRING: 1 Key : AV.Type Value: Read Key : Analysis.CPU.mSec Value: 3609 Key : Analysis.Elapsed.mSec Value: 47643 Key : Analysis.IO.Other.Mb Value: 0 Key : Analysis.IO.Read.Mb Value: 3 Key : Analysis.IO.Write.Mb Value: 0 Key : Analysis.Init.CPU.mSec Value: 3734 Key : Analysis.Init.Elapsed.mSec Value: 52586 Key : Analysis.Memory.CommitPeak.Mb Value: 74 Key : Analysis.Version.DbgEng Value: 10.0.27829.1001 Key : Analysis.Version.Description Value: 10.2503.24.01 amd64fre Key : Analysis.Version.Ext Value: 1.2503.24.1 Key : Bugcheck.Code.KiBugCheckData Value: 0x7e Key : Bugcheck.Code.LegacyAPI Value: 0x7e Key : Bugcheck.Code.TargetModel Value: 0x7e Key : Failure.Bucket Value: AV_pte1!InitHookWin10 Key : Failure.Exception.Code Value: 0xc0000005 Key : Failure.Exception.IP.Address Value: 0xfffff805802b1699 Key : Failure.Exception.IP.Module Value: pte1 Key : Failure.Exception.IP.Offset Value: 0x1699 Key : Failure.Exception.Record Value: 0xfffffc89cac5a458 Key : Failure.Hash Value: {14fb13e5-207c-6ef8-f4d3-d7bd4cc8e1a3} Key : Hypervisor.Enlightenments.Value Value: 12576 Key : Hypervisor.Enlightenments.ValueHex Value: 0x3120 Key : Hypervisor.Flags.AnyHypervisorPresent Value: 1 Key : Hypervisor.Flags.ApicEnlightened Value: 0 Key : Hypervisor.Flags.ApicVirtualizationAvailable Value: 0 Key : Hypervisor.Flags.AsyncMemoryHint Value: 0 Key : Hypervisor.Flags.CoreSchedulerRequested Value: 0 Key : Hypervisor.Flags.CpuManager Value: 0 Key : Hypervisor.Flags.DeprecateAutoEoi Value: 1 Key : Hypervisor.Flags.DynamicCpuDisabled Value: 0 Key : Hypervisor.Flags.Epf Value: 0 Key : Hypervisor.Flags.ExtendedProcessorMasks Value: 0 Key : Hypervisor.Flags.HardwareMbecAvailable Value: 0 Key : Hypervisor.Flags.MaxBankNumber Value: 0 Key : Hypervisor.Flags.MemoryZeroingControl Value: 0 Key : Hypervisor.Flags.NoExtendedRangeFlush Value: 1 Key : Hypervisor.Flags.NoNonArchCoreSharing Value: 0 Key : Hypervisor.Flags.Phase0InitDone Value: 1 Key : Hypervisor.Flags.PowerSchedulerQos Value: 0 Key : Hypervisor.Flags.RootScheduler Value: 0 Key : Hypervisor.Flags.SynicAvailable Value: 1 Key : Hypervisor.Flags.UseQpcBias Value: 0 Key : Hypervisor.Flags.Value Value: 536632 Key : Hypervisor.Flags.ValueHex Value: 0x83038 Key : Hypervisor.Flags.VpAssistPage Value: 1 Key : Hypervisor.Flags.VsmAvailable Value: 0 Key : Hypervisor.RootFlags.AccessStats Value: 0 Key : Hypervisor.RootFlags.CrashdumpEnlightened Value: 0 Key : Hypervisor.RootFlags.CreateVirtualProcessor Value: 0 Key : Hypervisor.RootFlags.DisableHyperthreading Value: 0 Key : Hypervisor.RootFlags.HostTimelineSync Value: 0 Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled Value: 0 Key : Hypervisor.RootFlags.IsHyperV Value: 0 Key : Hypervisor.RootFlags.LivedumpEnlightened Value: 0 Key : Hypervisor.RootFlags.MapDeviceInterrupt Value: 0 Key : Hypervisor.RootFlags.MceEnlightened Value: 0 Key : Hypervisor.RootFlags.Nested Value: 0 Key : Hypervisor.RootFlags.StartLogicalProcessor Value: 0 Key : Hypervisor.RootFlags.Value Value: 0 Key : Hypervisor.RootFlags.ValueHex Value: 0x0 Key : SecureKernel.HalpHvciEnabled Value: 0 Key : WER.OS.Branch Value: vb_release Key : WER.OS.Version Value: 10.0.19041.1 BUGCHECK_CODE: 7e BUGCHECK_P1: ffffffffc0000005 BUGCHECK_P2: fffff805802b1699 BUGCHECK_P3: fffffc89cac5a458 BUGCHECK_P4: fffffc89cac59c90 FAULTING_THREAD: ffffbd0465f0f040 EXCEPTION_RECORD: fffffc89cac5a458 -- (.exr 0xfffffc89cac5a458) ExceptionAddress: fffff805802b1699 (pte1!InitHookWin10+0x0000000000000639) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 00000245cb781000 Attempt to read from address 00000245cb781000 CONTEXT: fffffc89cac59c90 -- (.cxr 0xfffffc89cac59c90) rax=0000000000000000 rbx=0000000000000000 rcx=00000000001ff000 rdx=0000000000000000 rsi=00000245cb781000 rdi=ffffdf7d0da01000 rip=fffff805802b1699 rsp=fffffc89cac5a690 rbp=0000000000000000 r8=fffffc89cac5a068 r9=7fffbd046545f688 r10=7ffffffffffffffc r11=ffffbd0465f0f040 r12=ffff8d005e2fa950 r13=ffffffff800020c4 r14=fffff805802b42a8 r15=ffffbd046b39fe30 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050246 pte1!InitHookWin10+0x639: fffff805`802b1699 f3a4 rep movs byte ptr [rdi],byte ptr [rsi] Resetting default scope PROCESS_NAME: System READ_ADDRESS: unable to get nt!PspSessionIdBitmap 00000245cb781000 ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p 0x%p %s EXCEPTION_CODE_STR: c0000005 EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 00000245cb781000 EXCEPTION_STR: 0xc0000005 STACK_TEXT: fffffc89`cac5a690 fffff805`802b1f7d : fffff805`7b266000 00000000`00001ec8 00000000`00000ca0 fffff805`7ae1cb26 : pte1!InitHookWin10+0x639 [C:\Users\17116\source\repos\pte1\pte1\Ô´.cpp @ 204] fffffc89`cac5a830 fffff805`802b20fb : ffffbd04`6b39fe30 ffffbd04`6575f000 ffffbd04`6575f000 ffffbd04`6cc53de0 : pte1!DriverEntry+0x9d [C:\Users\17116\source\repos\pte1\pte1\Ô´.cpp @ 349] fffffc89`cac5a890 fffff805`802b2030 : ffffbd04`6575f000 fffffc89`cac5aa60 ffffbd04`6c6aedd0 ffffbd04`6b39fe30 : pte1!FxDriverEntryWorker+0xbf [minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 360] fffffc89`cac5a8d0 fffff805`7b3538f4 : ffffbd04`6575f000 00000000`00000000 ffffbd04`6b39fe30 00000000`00000000 : pte1!FxDriverEntry+0x20 [minkernel\wdf\framework\kmdf\src\dynamic\stub\stub.cpp @ 249] fffffc89`cac5a900 fffff805`7b31e3cd : 00000000`0000000a 00000000`00000000 00000000`00000000 00000000`00001000 : nt!PnpCallDriverEntry+0x4c fffffc89`cac5a960 fffff805`7b364207 : 00000000`00000000 00000000`00000000 fffff805`7b925440 00000000`00000000 : nt!IopLoadDriver+0x4e5 fffffc89`cac5ab30 fffff805`7af034b5 : ffffbd04`00000000 ffffffff`800020c4 ffffbd04`65f0f040 ffffbd04`0000000c : nt!IopLoadUnloadDriver+0x57 fffffc89`cac5ab70 fffff805`7aea29a5 : ffffbd04`65f0f040 00000000`00000080 ffffbd04`6545f1c0 000fa067`b8bbbdff : nt!ExpWorkerThread+0x105 fffffc89`cac5ac10 fffff805`7affc868 : fffff805`75eaf180 ffffbd04`65f0f040 fffff805`7aea2950 00000000`00000000 : nt!PspSystemThreadStartup+0x55 fffffc89`cac5ac60 00000000`00000000 : fffffc89`cac5b000 fffffc89`cac55000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28 FAULTING_SOURCE_LINE: C:\Users\17116\source\repos\pte1\pte1\Ô´.cpp FAULTING_SOURCE_FILE: C:\Users\17116\source\repos\pte1\pte1\Ô´.cpp FAULTING_SOURCE_LINE_NUMBER: 204 FAULTING_SOURCE_CODE: 200: UnmapPhysicalMemory(Cr3Va); 201: return status; 202: } 203: > 204: RtlCopyMemory(LargePageBuf, OrigDataVa, 0x200000); 205: UnmapPhysicalMemory(OrigDataVa); 206: 207: // ?????????????? 208: PUCHAR HookLoc = (PUCHAR)LargePageBuf + (TargetVa & 0x1FFFFF) + Offset; 209: HookLoc[0] = 0x90; // NOP SYMBOL_NAME: pte1!InitHookWin10+639 MODULE_NAME: pte1 IMAGE_NAME: pte1.sys STACK_COMMAND: .cxr 0xfffffc89cac59c90 ; kb BUCKET_ID_FUNC_OFFSET: 639 FAILURE_BUCKET_ID: AV_pte1!InitHookWin10 OS_VERSION: 10.0.19041.1 BUILDLAB_STR: vb_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {14fb13e5-207c-6ef8-f4d3-d7bd4cc8e1a3} Followup: MachineOwner --------- #include <ntifs.h> #include <wdm.h> // 完整的页表项结构 typedef union _HARDWARE_PTE { struct { ULONG64 Valid : 1; ULONG64 Write : 1; ULONG64 Owner : 1; ULONG64 WriteThrough : 1; ULONG64 CacheDisable : 1; ULONG64 Accessed : 1; ULONG64 Dirty : 1; ULONG64 LargePage : 1; // 修复:添加缺失的LargePage ULONG64 Global : 1; ULONG64 CopyOnWrite : 1; ULONG64 Prototype : 1; ULONG64 reserved0 : 1; ULONG64 PageFrameNumber : 36; ULONG64 reserved1 : 4; ULONG64 SoftwareWsIndex : 11; ULONG64 NoExecute : 1; }; ULONG64 AsUINT64; // 添加联合体支持 } HARDWARE_PTE, * PHARDWARE_PTE; // 全局资源记录 typedef struct _HOOK_CONTEXT { PVOID NewPages[4]; // [0]PPE [1]PDE [2]PTE [3]Data ULONG_PTR OriginalPTE; BOOLEAN IsLargePage; } HOOK_CONTEXT, * PHOOK_CONTEXT; static HANDLE g_hSection = NULL; // 全局节对象句柄 NTSTATUS MapPhysicalMemory(IN PHYSICAL_ADDRESS PhysicalAddress, OUT PVOID* MappedVa) { SIZE_T size = PAGE_SIZE; NTSTATUS status = STATUS_SUCCESS; // 第一次调用时打开节对象 if (g_hSection == NULL) { UNICODE_STRING physName; RtlInitUnicodeString(&physName, L"\\Device\\PhysicalMemory"); OBJECT_ATTRIBUTES oa; InitializeObjectAttributes(&oa, &physName, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL); status = ZwOpenSection(&g_hSection, SECTION_ALL_ACCESS, &oa); if (!NT_SUCCESS(status)) { DbgPrint("ZwOpenSection failed: 0x%X\n", status); return status; } } // 映射物理内存 PHYSICAL_ADDRESS baseAddress = PhysicalAddress; status = ZwMapViewOfSection( g_hSection, NtCurrentProcess(), MappedVa, 0L, size, &baseAddress, &size, ViewUnmap, 0, PAGE_READWRITE ); if (!NT_SUCCESS(status)) { DbgPrint("ZwMapViewOfSection failed: 0x%X\n", status); } return status; } VOID UnmapPhysicalMemory(PVOID MappedVa) { if (MappedVa) { ZwUnmapViewOfSection(NtCurrentProcess(), MappedVa); } } NTSTATUS InitHookWin10(IN ULONG_PTR TargetVa, IN HANDLE Pid, IN ULONG_PTR Offset) { PEPROCESS Process = NULL; PHYSICAL_ADDRESS Cr3Pa = { 0 }; PVOID Cr3Va = NULL; HOOK_CONTEXT ctx = { 0 }; NTSTATUS status; // 1. 获取目标进程CR3 status = PsLookupProcessByProcessId(Pid, &Process); if (!NT_SUCCESS(status)) { DbgPrint("PsLookupProcessByProcessId failed: 0x%X\n", status); return status; } // 获取进程CR3 (Win10 10240偏移为0x28) Cr3Pa.QuadPart = *(ULONG_PTR*)((PUCHAR)Process + 0x28) & ~0xF; ObDereferenceObject(Process); // 2. 映射CR3 status = MapPhysicalMemory(Cr3Pa, &Cr3Va); if (!NT_SUCCESS(status)) { DbgPrint("MapPhysicalMemory for CR3 failed: 0x%X\n", status); return status; } // 3. 计算页表索引 (x64四级页表) ULONG Pml4Index = (TargetVa >> 39) & 0x1FF; ULONG PdptIndex = (TargetVa >> 30) & 0x1FF; ULONG PdIndex = (TargetVa >> 21) & 0x1FF; ULONG PtIndex = (TargetVa >> 12) & 0x1FF; // 4. 复制并修改PML4E (实际为PDPT) PHYSICAL_ADDRESS LowAddr = { 0 }; PHYSICAL_ADDRESS HighAddr = { 0 }; HighAddr.QuadPart = ~0ULL; // 修复:正确的初始化 ctx.NewPages[0] = MmAllocateContiguousMemorySpecifyCache( PAGE_SIZE, LowAddr, HighAddr, LowAddr, MmCached); if (ctx.NewPages[0] == NULL) { DbgPrint("MmAllocateContiguousMemorySpecifyCache for PPE failed\n"); UnmapPhysicalMemory(Cr3Va); return STATUS_INSUFFICIENT_RESOURCES; } PHARDWARE_PTE OrigPml4e = (PHARDWARE_PTE)((PUCHAR)Cr3Va + Pml4Index * sizeof(ULONG64)); PHYSICAL_ADDRESS PdptPa = { 0 }; PdptPa.QuadPart = OrigPml4e->PageFrameNumber << 12; PVOID PdptVa = NULL; status = MapPhysicalMemory(PdptPa, &PdptVa); if (!NT_SUCCESS(status)) { DbgPrint("MapPhysicalMemory for PDPT failed: 0x%X\n", status); MmFreeContiguousMemory(ctx.NewPages[0]); UnmapPhysicalMemory(Cr3Va); return status; } RtlCopyMemory(ctx.NewPages[0], PdptVa, PAGE_SIZE); // 复制原始PDPT UnmapPhysicalMemory(PdptVa); // 5. 处理PDPTE (实际为PD) ctx.NewPages[1] = MmAllocateContiguousMemorySpecifyCache( PAGE_SIZE, LowAddr, HighAddr, LowAddr, MmCached); if (ctx.NewPages[1] == NULL) { DbgPrint("MmAllocateContiguousMemorySpecifyCache for PDE failed\n"); MmFreeContiguousMemory(ctx.NewPages[0]); UnmapPhysicalMemory(Cr3Va); return STATUS_INSUFFICIENT_RESOURCES; } PHARDWARE_PTE OrigPdpte = (PHARDWARE_PTE)((PUCHAR)ctx.NewPages[0] + PdptIndex * sizeof(ULONG64)); PHYSICAL_ADDRESS PdPa = { 0 }; PdPa.QuadPart = OrigPdpte->PageFrameNumber << 12; PVOID PdVa = NULL; status = MapPhysicalMemory(PdPa, &PdVa); if (!NT_SUCCESS(status)) { DbgPrint("MapPhysicalMemory for PD failed: 0x%X\n", status); MmFreeContiguousMemory(ctx.NewPages[0]); MmFreeContiguousMemory(ctx.NewPages[1]); UnmapPhysicalMemory(Cr3Va); return status; } RtlCopyMemory(ctx.NewPages[1], PdVa, PAGE_SIZE); // 复制原始PD UnmapPhysicalMemory(PdVa); // 6. 检查大页 PHARDWARE_PTE OrigPde = (PHARDWARE_PTE)((PUCHAR)ctx.NewPages[1] + PdIndex * sizeof(ULONG64)); ctx.IsLargePage = OrigPde->LargePage; if (ctx.IsLargePage) { // 处理2MB大页 ULONG_PTR LargePageBase = TargetVa & ~0x1FFFFF; PHYSICAL_ADDRESS DataPa = { 0 }; DataPa.QuadPart = OrigPde->PageFrameNumber << 12; // 分配2MB对齐内存 PVOID LargePageBuf = MmAllocateContiguousMemorySpecifyCache( 0x200000, LowAddr, HighAddr, LowAddr, MmCached); if (LargePageBuf == NULL) { DbgPrint("Failed to allocate 2MB contiguous memory\n"); MmFreeContiguousMemory(ctx.NewPages[0]); MmFreeContiguousMemory(ctx.NewPages[1]); UnmapPhysicalMemory(Cr3Va); return STATUS_INSUFFICIENT_RESOURCES; } PHYSICAL_ADDRESS NewDataPa = MmGetPhysicalAddress(LargePageBuf); // 复制原始数据 PVOID OrigDataVa = NULL; status = MapPhysicalMemory(DataPa, &OrigDataVa); if (!NT_SUCCESS(status)) { DbgPrint("MapPhysicalMemory for large page data failed: 0x%X\n", status); MmFreeContiguousMemory(LargePageBuf); MmFreeContiguousMemory(ctx.NewPages[0]); MmFreeContiguousMemory(ctx.NewPages[1]); UnmapPhysicalMemory(Cr3Va); return status; } RtlCopyMemory(LargePageBuf, OrigDataVa, 0x200000); UnmapPhysicalMemory(OrigDataVa); // 修改新页面指令 PUCHAR HookLoc = (PUCHAR)LargePageBuf + (TargetVa & 0x1FFFFF) + Offset; HookLoc[0] = 0x90; // NOP HookLoc[1] = 0x90; // NOP HookLoc[2] = 0xC3; // RET // 更新PDE OrigPde = (PHARDWARE_PTE)((PUCHAR)ctx.NewPages[1] + PdIndex * sizeof(ULONG64)); OrigPde->PageFrameNumber = NewDataPa.QuadPart >> 12; ctx.NewPages[3] = LargePageBuf; } else { // 处理4KB页 ctx.NewPages[2] = MmAllocateContiguousMemorySpecifyCache( PAGE_SIZE, LowAddr, HighAddr, LowAddr, MmCached); if (ctx.NewPages[2] == NULL) { DbgPrint("MmAllocateContiguousMemorySpecifyCache for PTE failed\n"); MmFreeContiguousMemory(ctx.NewPages[0]); MmFreeContiguousMemory(ctx.NewPages[1]); UnmapPhysicalMemory(Cr3Va); return STATUS_INSUFFICIENT_RESOURCES; } PHYSICAL_ADDRESS PtPa = { 0 }; PtPa.QuadPart = OrigPde->PageFrameNumber << 12; PVOID PtVa = NULL; status = MapPhysicalMemory(PtPa, &PtVa); if (!NT_SUCCESS(status)) { DbgPrint("MapPhysicalMemory for PT failed: 0x%X\n", status); MmFreeContiguousMemory(ctx.NewPages[0]); MmFreeContiguousMemory(ctx.NewPages[1]); MmFreeContiguousMemory(ctx.NewPages[2]); UnmapPhysicalMemory(Cr3Va); return status; } RtlCopyMemory(ctx.NewPages[2], PtVa, PAGE_SIZE); // 复制原始PT UnmapPhysicalMemory(PtVa); // 处理PTE PHARDWARE_PTE OrigPte = (PHARDWARE_PTE)((PUCHAR)ctx.NewPages[2] + PtIndex * sizeof(ULONG64)); ctx.OriginalPTE = OrigPte->AsUINT64; // 使用联合体访问 PHYSICAL_ADDRESS DataPa = { 0 }; DataPa.QuadPart = OrigPte->PageFrameNumber << 12; // 分配新数据页 PVOID NewData = MmAllocateContiguousMemorySpecifyCache( PAGE_SIZE, LowAddr, HighAddr, LowAddr, MmCached); if (NewData == NULL) { DbgPrint("Failed to allocate data page\n"); MmFreeContiguousMemory(ctx.NewPages[0]); MmFreeContiguousMemory(ctx.NewPages[1]); MmFreeContiguousMemory(ctx.NewPages[2]); UnmapPhysicalMemory(Cr3Va); return STATUS_INSUFFICIENT_RESOURCES; } PHYSICAL_ADDRESS NewDataPa = MmGetPhysicalAddress(NewData); // 复制原始数据 PVOID OrigDataVa = NULL; status = MapPhysicalMemory(DataPa, &OrigDataVa); if (!NT_SUCCESS(status)) { DbgPrint("MapPhysicalMemory for data page failed: 0x%X\n", status); MmFreeContiguousMemory(NewData); MmFreeContiguousMemory(ctx.NewPages[0]); MmFreeContiguousMemory(ctx.NewPages[1]); MmFreeContiguousMemory(ctx.NewPages[2]); UnmapPhysicalMemory(Cr3Va); return status; } RtlCopyMemory(NewData, OrigDataVa, PAGE_SIZE); UnmapPhysicalMemory(OrigDataVa); // 修改新页面指令 PUCHAR HookLoc = (PUCHAR)NewData + (TargetVa & 0xFFF) + Offset; HookLoc[0] = 0x90; // NOP HookLoc[1] = 0x90; // NOP HookLoc[2] = 0xC3; // RET // 更新PTE OrigPte = (PHARDWARE_PTE)((PUCHAR)ctx.NewPages[2] + PtIndex * sizeof(ULONG64)); OrigPte->PageFrameNumber = NewDataPa.QuadPart >> 12; ctx.NewPages[3] = NewData; } // 7. 更新页表链 PHARDWARE_PTE NewPdpte = (PHARDWARE_PTE)((PUCHAR)ctx.NewPages[0] + PdptIndex * sizeof(ULONG64)); NewPdpte->PageFrameNumber = MmGetPhysicalAddress(ctx.NewPages[1]).QuadPart >> 12; PHARDWARE_PTE NewPml4e = (PHARDWARE_PTE)((PUCHAR)Cr3Va + Pml4Index * sizeof(ULONG64)); NewPml4e->PageFrameNumber = MmGetPhysicalAddress(ctx.NewPages[0]).QuadPart >> 12; // 8. 清理映射 UnmapPhysicalMemory(Cr3Va); // 保存上下文以便卸载(实际应保存到全局变量) // g_HookContext = ctx; return STATUS_SUCCESS; } // 驱动卸载时释放资源 VOID UninstallHook(PHOOK_CONTEXT ctx) { for (int i = 0; i < 4; i++) { if (ctx->NewPages[i] != NULL) { MmFreeContiguousMemory(ctx->NewPages[i]); ctx->NewPages[i] = NULL; } } } VOID DriverUnload(PDRIVER_OBJECT DriverObject) { HOOK_CONTEXT ctx = { 0 }; // 实际应从全局获取 UninstallHook(&ctx); if (g_hSection) { ZwClose(g_hSection); g_hSection = NULL; } DbgPrint("Driver unloaded\n"); } extern "C" NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) { DriverObject->DriverUnload = DriverUnload; // 获取NtOpenProcess地址 UNICODE_STRING funcName = RTL_CONSTANT_STRING(L"NtOpenProcess"); ULONG_PTR funcAddr = (ULONG_PTR)MmGetSystemRoutineAddress(&funcName); if (funcAddr == 0) { DbgPrint("Failed to get NtOpenProcess address\n"); return STATUS_NOT_FOUND; } ULONG_PTR pageBase = funcAddr & ~0xFFF; ULONG_PTR offset = funcAddr & 0xFFF; // 假设目标进程PID为1234 return InitHookWin10(pageBase, (HANDLE)7880, offset); } 这个是什么错误导致的
最新发布
07-16
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

tomMMMMMMMMMMM

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值