📄 -
字号:
文件监视驱动程序样例(监视C驱活动)
Step1:
运行DbgView.exe产生调试信息窗口;
Step2:
运行Load.exe,Ms-dos窗口出现提示:
Begin load driver:
Loading D:\driver\drv\MyFileSpy.sys...
OpenSCManager() OK
CreateService() OK
StartService() ok...
Open Driver MyFileSpy ok...
DeviceIoControl ok...
Press any key to continue...
Step3:
查看DbgView的输出:
HookDisk...
IoAttachDeviceToDeviceStack Ok,FileSystem=817ad020
IoCallDriver
IoCallDriver
HookDisk OK
IoCompleteReguest
IoCompleteReguest
IRP_MJ_CLOSE
IoCompleteReguest
IoCallDriver
IoCallDriver
IoCallDriver
IoCallDriver
FastIoRead
IoCallDriver
IoCallDriver
IoCallDriver
IoCallDriver
IoCallDriver
IoCallDriver
FastIoQueryBasicInfo
IoCallDriver
FastIoQueryBasicInfo
IoCallDriver
FastIoQueryBasicInfo
IoCallDriver
FastIoQueryBasicInfo
IoCallDriver
FastIoQueryBasicInfo
IoCallDriver
IoCallDriver
IoCallDriver
IoCallDriver
Unload
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -