nefarius/WDF-Utils
1
0
Fork 0
mirror of https://github.com/nefarius/WDF-Utils.git synced 2024-11-23 23:44:54 +01:00
Code

Enhanced example

Browse Source
This commit is contained in:
Benjamin Höglinger-Stelzer 2023-06-17 20:23:48 +02:00
parent db29d48ac5
commit bf2043d018
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Snippets/WDM/GetProcAddress.md
View File

@ -250,6 +250,16 @@ FindExportedFunctionAddress(
## Usage example ## Usage example
```c ```c
// prototype definition of function we wanna call dynamically
typedef VOID(NTAPI* t_WppRecorderReplay)(
_In_ PVOID WppCb,
_In_ TRACEHANDLE WppTraceHandle,
_In_ ULONG EnableFlags,
_In_ UCHAR EnableLevel
);
static t_WppRecorderReplay G_WppRecorderReplay = NULL;
// full path to module of interest (CAUTION: must be loaded!) // full path to module of interest (CAUTION: must be loaded!)
const STRING targetModuleName = RTL_CONSTANT_STRING("\\SystemRoot\\System32\\Drivers\\WppRecorder.sys"); const STRING targetModuleName = RTL_CONSTANT_STRING("\\SystemRoot\\System32\\Drivers\\WppRecorder.sys");
// exported function name // exported function name
@ -261,7 +271,10 @@ if (NT_SUCCESS(FindDriverBaseAddress(targetModuleName, &driverBaseAddress)))
{ {
if (NT_SUCCESS(FindExportedFunctionAddress(driverBaseAddress, functionName, &functionAddress))) if (NT_SUCCESS(FindExportedFunctionAddress(driverBaseAddress, functionName, &functionAddress)))
{ {
// Found imp_WppRecorderReplay, you can now safely call "functionAddress" // Found imp_WppRecorderReplay, you can now safely cast and call it
G_WppRecorderReplay = (t_WppRecorderReplay)functionAddress;
G_WppRecorderReplay(...);
} }
else else
{ {