Installing SSDT hook on Windows 7 32-bit VM returns system error 2
Question
I use the following code to create a driver that hooks Win7-32bit SSDT table. It is taken straight from Greg & Jamie's book. Please note that I don't even call the hooking code from main:
main.c http://pastebin.com/Ck8FSVbv
SSDT_Hook.h http://pastebin.com/y1ssD1ni
When I try to load it, sc.exe returns error 2.
But I can't figure out why. Couldn't find answers is similar questions.
1 answers
solution1
0 2016-12-16 08:53:53
It seems that system cannot find your driver file. You probably specified bad full path when installing the service. Look to the service registry key
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\<your_service_name>
for the ImagePath value. This value must contain full path to your driver file, either relative to the system root (usually C:\\Windows ), or "totally" absolute – starting with the \\??\\X: prefix ( X is the drive letter, \\??\\ makes the path absolute from the Object Manager point of view).
I assume you grabbed the code from the Rootkits: Subverting the Windows Kernel book. It's a great book, howerver, keep in mind the following:
1) it is kinda old and many of its codes do not work on multiprocessor machines,
2) it is a hacker book which means it does not tell you how to do things nicely, it just tells you how to make a code working somewhat. A code based on it may work but may be full of errors if you lack knowledge about Windows driver development.
That does not mean it is a bad book. It just is not a guide how you should write Windows drivers.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.