Author:zhuwg
Learn object hook recently,Wrote a tool that is used to list MajorFunction, It can list drvice and driver.
00000000 0.00000000 [majorfunc] DriverEntry: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\majorfunc
00000001 0.00006956 [majorfunc] Device Name \Device\devmajorfunc
00000002 0.00013661 [majorfunc] SymbolicLink:\DosDevices\majorfunc
00000003 0.00020198 ObReferenceObjectByName ok!
00000004 0.00023411 \Driver\Atapi->MajorFunction[0]=F9998572
00000005 0.00025115 \Driver\Atapi->MajorFunction[1]=805041BE
00000006 0.00025869 \Driver\Atapi->MajorFunction[2]=F9998572
00000007 0.00026512 \Driver\Atapi->MajorFunction[3]=805041BE
00000008 0.00027154 \Driver\Atapi->MajorFunction[4]=805041BE
00000009 0.00027797 \Driver\Atapi->MajorFunction[5]=805041BE
00000010 0.00028411 \Driver\Atapi->MajorFunction[6]=805041BE
00000011 0.00029026 \Driver\Atapi->MajorFunction[7]=805041BE
00000012 0.00029669 \Driver\Atapi->MajorFunction[8]=805041BE
00000013 0.00030283 \Driver\Atapi->MajorFunction[9]=805041BE
00000014 0.00030926 \Driver\Atapi->MajorFunction[10]=805041BE
00000015 0.00031540 \Driver\Atapi->MajorFunction[11]=805041BE
00000016 0.00032183 \Driver\Atapi->MajorFunction[12]=805041BE
00000017 0.00032797 \Driver\Atapi->MajorFunction[13]=805041BE
00000018 0.00033440 \Driver\Atapi->MajorFunction[14]=F9998592
00000019 0.00034055 \Driver\Atapi->MajorFunction[15]=F99947B4
00000020 0.00034697 \Driver\Atapi->MajorFunction[16]=805041BE
00000021 0.00035312 \Driver\Atapi->MajorFunction[17]=805041BE
00000022 0.00035954 \Driver\Atapi->MajorFunction[18]=805041BE
00000023 0.00036569 \Driver\Atapi->MajorFunction[19]=805041BE
00000024 0.00037211 \Driver\Atapi->MajorFunction[20]=805041BE
00000025 0.00037826 \Driver\Atapi->MajorFunction[21]=805041BE
00000026 0.00038469 \Driver\Atapi->MajorFunction[22]=F99985BC
00000027 0.00039083 \Driver\Atapi->MajorFunction[23]=F999F164
00000028 0.00039726 \Driver\Atapi->MajorFunction[24]=805041BE
00000029 0.00040340 \Driver\Atapi->MajorFunction[25]=805041BE
00000030 0.00040983 \Driver\Atapi->MajorFunction[26]=805041BE
00000031 0.00042687 [atapi] HOOKed Success
00000032 0.00053359 IoGetDeviceObjectPointer ok
00000033 0.00056292 \Device\Afd->DriverObject->MajorFunction[0]=F8391D40
00000034 0.00058024 \Device\Afd->DriverObject->MajorFunction[1]=F8391D40
00000035 0.00058778 \Device\Afd->DriverObject->MajorFunction[2]=F8391D40
00000036 0.00059477 \Device\Afd->DriverObject->MajorFunction[3]=F8391D40
00000037 0.00060147 \Device\Afd->DriverObject->MajorFunction[4]=F8391D40
00000038 0.00060846 \Device\Afd->DriverObject->MajorFunction[5]=F8391D40
00000039 0.00061516 \Device\Afd->DriverObject->MajorFunction[6]=F8391D40
00000040 0.00062187 \Device\Afd->DriverObject->MajorFunction[7]=F8391D40
00000041 0.00062857 \Device\Afd->DriverObject->MajorFunction[8]=F8391D40
00000042 0.00063556 \Device\Afd->DriverObject->MajorFunction[9]=F8391D40
00000043 0.00064226 \Device\Afd->DriverObject->MajorFunction[10]=F8391D40
00000044 0.00064924 \Device\Afd->DriverObject->MajorFunction[11]=F8391D40
00000045 0.00065595 \Device\Afd->DriverObject->MajorFunction[12]=F8391D40
00000046 0.00066265 \Device\Afd->DriverObject->MajorFunction[13]=F8391D40
00000047 0.00066936 \Device\Afd->DriverObject->MajorFunction[14]=F8391280
00000048 0.00067634 \Device\Afd->DriverObject->MajorFunction[15]=F8391D40
00000049 0.00068305 \Device\Afd->DriverObject->MajorFunction[16]=F8391D40
00000050 0.00069003 \Device\Afd->DriverObject->MajorFunction[17]=F8391D40
00000051 0.00069674 \Device\Afd->DriverObject->MajorFunction[18]=F8391D40
00000052 0.00070344 \Device\Afd->DriverObject->MajorFunction[19]=F8391D40
00000053 0.00071015 \Device\Afd->DriverObject->MajorFunction[20]=F8391D40
00000054 0.00071713 \Device\Afd->DriverObject->MajorFunction[21]=F8391D40
00000055 0.00072384 \Device\Afd->DriverObject->MajorFunction[22]=F8391D40
00000056 0.00073082 \Device\Afd->DriverObject->MajorFunction[23]=F8391D40
00000057 0.00073752 \Device\Afd->DriverObject->MajorFunction[24]=F8391D40
00000058 0.00075792 \Device\Afd->DriverObject->MajorFunction[25]=F8391D40
00000059 0.00076602 \Device\Afd->DriverObject->MajorFunction[26]=F8391D40
00000001 0.00006956 [majorfunc] Device Name \Device\devmajorfunc
00000002 0.00013661 [majorfunc] SymbolicLink:\DosDevices\majorfunc
00000003 0.00020198 ObReferenceObjectByName ok!
00000004 0.00023411 \Driver\Atapi->MajorFunction[0]=F9998572
00000005 0.00025115 \Driver\Atapi->MajorFunction[1]=805041BE
00000006 0.00025869 \Driver\Atapi->MajorFunction[2]=F9998572
00000007 0.00026512 \Driver\Atapi->MajorFunction[3]=805041BE
00000008 0.00027154 \Driver\Atapi->MajorFunction[4]=805041BE
00000009 0.00027797 \Driver\Atapi->MajorFunction[5]=805041BE
00000010 0.00028411 \Driver\Atapi->MajorFunction[6]=805041BE
00000011 0.00029026 \Driver\Atapi->MajorFunction[7]=805041BE
00000012 0.00029669 \Driver\Atapi->MajorFunction[8]=805041BE
00000013 0.00030283 \Driver\Atapi->MajorFunction[9]=805041BE
00000014 0.00030926 \Driver\Atapi->MajorFunction[10]=805041BE
00000015 0.00031540 \Driver\Atapi->MajorFunction[11]=805041BE
00000016 0.00032183 \Driver\Atapi->MajorFunction[12]=805041BE
00000017 0.00032797 \Driver\Atapi->MajorFunction[13]=805041BE
00000018 0.00033440 \Driver\Atapi->MajorFunction[14]=F9998592
00000019 0.00034055 \Driver\Atapi->MajorFunction[15]=F99947B4
00000020 0.00034697 \Driver\Atapi->MajorFunction[16]=805041BE
00000021 0.00035312 \Driver\Atapi->MajorFunction[17]=805041BE
00000022 0.00035954 \Driver\Atapi->MajorFunction[18]=805041BE
00000023 0.00036569 \Driver\Atapi->MajorFunction[19]=805041BE
00000024 0.00037211 \Driver\Atapi->MajorFunction[20]=805041BE
00000025 0.00037826 \Driver\Atapi->MajorFunction[21]=805041BE
00000026 0.00038469 \Driver\Atapi->MajorFunction[22]=F99985BC
00000027 0.00039083 \Driver\Atapi->MajorFunction[23]=F999F164
00000028 0.00039726 \Driver\Atapi->MajorFunction[24]=805041BE
00000029 0.00040340 \Driver\Atapi->MajorFunction[25]=805041BE
00000030 0.00040983 \Driver\Atapi->MajorFunction[26]=805041BE
00000031 0.00042687 [atapi] HOOKed Success
00000032 0.00053359 IoGetDeviceObjectPointer ok
00000033 0.00056292 \Device\Afd->DriverObject->MajorFunction[0]=F8391D40
00000034 0.00058024 \Device\Afd->DriverObject->MajorFunction[1]=F8391D40
00000035 0.00058778 \Device\Afd->DriverObject->MajorFunction[2]=F8391D40
00000036 0.00059477 \Device\Afd->DriverObject->MajorFunction[3]=F8391D40
00000037 0.00060147 \Device\Afd->DriverObject->MajorFunction[4]=F8391D40
00000038 0.00060846 \Device\Afd->DriverObject->MajorFunction[5]=F8391D40
00000039 0.00061516 \Device\Afd->DriverObject->MajorFunction[6]=F8391D40
00000040 0.00062187 \Device\Afd->DriverObject->MajorFunction[7]=F8391D40
00000041 0.00062857 \Device\Afd->DriverObject->MajorFunction[8]=F8391D40
00000042 0.00063556 \Device\Afd->DriverObject->MajorFunction[9]=F8391D40
00000043 0.00064226 \Device\Afd->DriverObject->MajorFunction[10]=F8391D40
00000044 0.00064924 \Device\Afd->DriverObject->MajorFunction[11]=F8391D40
00000045 0.00065595 \Device\Afd->DriverObject->MajorFunction[12]=F8391D40
00000046 0.00066265 \Device\Afd->DriverObject->MajorFunction[13]=F8391D40
00000047 0.00066936 \Device\Afd->DriverObject->MajorFunction[14]=F8391280
00000048 0.00067634 \Device\Afd->DriverObject->MajorFunction[15]=F8391D40
00000049 0.00068305 \Device\Afd->DriverObject->MajorFunction[16]=F8391D40
00000050 0.00069003 \Device\Afd->DriverObject->MajorFunction[17]=F8391D40
00000051 0.00069674 \Device\Afd->DriverObject->MajorFunction[18]=F8391D40
00000052 0.00070344 \Device\Afd->DriverObject->MajorFunction[19]=F8391D40
00000053 0.00071015 \Device\Afd->DriverObject->MajorFunction[20]=F8391D40
00000054 0.00071713 \Device\Afd->DriverObject->MajorFunction[21]=F8391D40
00000055 0.00072384 \Device\Afd->DriverObject->MajorFunction[22]=F8391D40
00000056 0.00073082 \Device\Afd->DriverObject->MajorFunction[23]=F8391D40
00000057 0.00073752 \Device\Afd->DriverObject->MajorFunction[24]=F8391D40
00000058 0.00075792 \Device\Afd->DriverObject->MajorFunction[25]=F8391D40
00000059 0.00076602 \Device\Afd->DriverObject->MajorFunction[26]=F8391D40
No comments:
Post a Comment