void InitializeObjectAttributes(OBJECT_ATTRIBUTES *InitializedAttributes, PUNICODE_STRING pObjectName, const ULONG uAttributes, const HANDLE hRootDirectory, SECURITY_DESCRIPTOR *pSecurityDescriptor) { InitializedAttributes->Length = sizeof(OBJECT_ATTRIBUTES); InitializedAttributes->ObjectName = pObjectName; InitializedAttributes->Attributes = uAttributes; InitializedAttributes->RootDirectory = hRootDirectory; InitializedAttributes->SecurityDescriptor = pSecurityDescriptor; InitializedAttributes->SecurityQualityOfService = NULL; } ... MyRtlInitUnicodeString(&PhysMemString, L"\\Device\\PhysicalMemory"); InitializeObjectAttributes(&Attr, &PhysMemString, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL); ZwOpenSection = (tag_ZwOpenSection) GetProcAddress( hntdll, "ZwOpenSection" ); ntStatus = ZwOpenSection(&mHandle, READ_CONTROL | WRITE_DAC, &Attr); //error ntStatus = 0xC000000D //An invalid parameter was passed to a service or function. Что не так и как с этим бороться?
Хотя без OBJ_KERNEL_HANDLE не откроется секция памяти как я понимаю. И с OBJ_KERNEL_HANDLE тоже не открывается)))
