p; mov NtfsLocaIrp, eax
popad
}
if ( QueryFile == 0xfe8 )
{
_asm
{
pushad
mov edi, NtfsLocaIrp
mov eax, [edi+0x1c]
mov OldNtfsCompletionRuntine, eax
lea eax, NewNtfsCompletionRuntine
mov [edi+0x1c], eax
popad
}
}
Status = OldNtfsQueryDirectoryDispatch (
DeviceObject,
Irp );
_asm
{
pushad
mov edi, OldNtfsQueryDirectoryDispatch
mov eax, dword ptr CrackCodeNtfsQueryDirectoryDispatch[0]
mov [edi], eax
mov ax, word ptr CrackCodeNtfsQueryDirectoryDispatch[4]
mov [edi+4], ax
popad
}
return Status;
}
NTSTATUS NewFatQueryDirectoryDispatch (
IN PDEVICE_OBJECT DeviceObject,
IN OUT PIRP Irp )
{
NTSTATUS Status;
DWORD QueryFile;
_asm
{
pushad
mov edi, OldFatQueryDirectoryDispatch
mov eax, dword ptr ResumCodeFatQueryDirectoryDispatch[0]
mov [edi], eax
mov ax, word ptr ResumCodeFatQueryDirectoryDispatch[4]
mov [edi+4], ax
popad
}
_asm
{
pushad
mov edi, Irp
mov eax, [edi+0x60]
mov ecx, [edi+0x3c]
mov edi, [eax+4]
mov QueryFile, edi
mov FatUserbuf, ecx
mov FatLocaIrp, eax
popad
}
if ( QueryFile == 0xfe8 )
{
_asm
{
pushad
mov edi, FatLocaIrp
mov eax, [edi+0x1c]
mov OldFatCompletionRuntine, eax
lea eax, NewFatCompletionRuntine
mov [edi+0x1c], eax
popad
}
}
Status = OldFatQueryDirectoryDispatch (
DeviceObject,
Irp );
<< 上一页 [11] [12] [13] [14] [15] [16] [17] 下一页 |
