3/15/2005
---------------------------
2k3²еС,ҪһԴ:xidt.cpp:

--------------------------------------------------------------------------------
BOOL AdjustTocken(LPCTSTR tocken)
{
  HANDLE hToken = NULL;
  TOKEN_PRIVILEGES tkp;
  BOOL bRet = FALSE;

  tkp.PrivilegeCount = 1;
  tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

  if ( OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken) &&
    LookupPrivilegeValue(NULL, tocken, &tkp.Privileges[0].Luid) &&
    (SetLastError(0),TRUE) &&
    AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0) &&
    GetLastError() == 0)
  {
    bRet = TRUE;
  }
  if(hToken) CloseHandle(hToken);
  return bRet;
}

BOOL CXIdtApp::InitInstance()
{
  AdjustTocken(SE_LOAD_DRIVER_NAME);
--------------------------------------------------------------------------------

3/14/2005
-----------
- First release
ݼָIDTСߣ֧win2k/xp/2003

ĸť
show : 鿴ǰidt.
save : 浵浱ǰidtļ
load : ļжidt.
write: idtд뵽ϵͳУ

ʵ˵
ʵϣдһdll,krmem.dlldllĹܼܺ򵥣ں˶ڴںдڴ档ܣͿдidtˡʵϣдĺùߡ

krmem.dll
#define KRIMPORT __declspec(dllimport)
KRIMPORT BOOL WINAPI KmOperation(IN const PVOID pSrc,OUT PVOID pdst,SIZE_T len);
KRIMPORT BOOL WINAPI KReadMemory(IN const PVOID pSrc,OUT PVOID pdst,SIZE_T len);
KRIMPORT BOOL WINAPI KWriteMemory(OUT PVOID pdst,IN const PVOID pSrc,SIZE_T len);
KmOperation:൱memcpy,ֻcopyĵַpsrcpdstں˵ַ
KReadMemory:ȡڴ棬KmOperationʵֵġ
KWriteMemory:дڴ棬ҲKmOperationʵֵġ

ͨsidtָõidtַͨKReadMemoryKWriteMemoryʵidtĶȡд롣


ߣgoldenegg
ԭģhttp://bbs.pediy.com/showthread.php?s=&postid=76530#post76530