Friday, September 2, 2011

Hook Specials 26 : Wrote a tool that is used to list MajorFunction

Author:zhuwg
Learn object hook recently,Wrote a tool that is used to list MajorFunction, It can list drvice and driver.

00000000  0.00000000  [majorfunc] DriverEntry: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\majorfunc 
00000001  0.00006956  [majorfunc] Device Name \Device\devmajorfunc 
00000002  0.00013661  [majorfunc] SymbolicLink:\DosDevices\majorfunc 
00000003  0.00020198  ObReferenceObjectByName ok! 
00000004  0.00023411  \Driver\Atapi->MajorFunction[0]=F9998572 
00000005  0.00025115  \Driver\Atapi->MajorFunction[1]=805041BE 
00000006  0.00025869  \Driver\Atapi->MajorFunction[2]=F9998572 
00000007  0.00026512  \Driver\Atapi->MajorFunction[3]=805041BE 
00000008  0.00027154  \Driver\Atapi->MajorFunction[4]=805041BE 
00000009  0.00027797  \Driver\Atapi->MajorFunction[5]=805041BE 
00000010  0.00028411  \Driver\Atapi->MajorFunction[6]=805041BE 
00000011  0.00029026  \Driver\Atapi->MajorFunction[7]=805041BE 
00000012  0.00029669  \Driver\Atapi->MajorFunction[8]=805041BE 
00000013  0.00030283  \Driver\Atapi->MajorFunction[9]=805041BE 
00000014  0.00030926  \Driver\Atapi->MajorFunction[10]=805041BE 
00000015  0.00031540  \Driver\Atapi->MajorFunction[11]=805041BE 
00000016  0.00032183  \Driver\Atapi->MajorFunction[12]=805041BE 
00000017  0.00032797  \Driver\Atapi->MajorFunction[13]=805041BE 
00000018  0.00033440  \Driver\Atapi->MajorFunction[14]=F9998592 
00000019  0.00034055  \Driver\Atapi->MajorFunction[15]=F99947B4 
00000020  0.00034697  \Driver\Atapi->MajorFunction[16]=805041BE 
00000021  0.00035312  \Driver\Atapi->MajorFunction[17]=805041BE 
00000022  0.00035954  \Driver\Atapi->MajorFunction[18]=805041BE 
00000023  0.00036569  \Driver\Atapi->MajorFunction[19]=805041BE 
00000024  0.00037211  \Driver\Atapi->MajorFunction[20]=805041BE 
00000025  0.00037826  \Driver\Atapi->MajorFunction[21]=805041BE 
00000026  0.00038469  \Driver\Atapi->MajorFunction[22]=F99985BC 
00000027  0.00039083  \Driver\Atapi->MajorFunction[23]=F999F164 
00000028  0.00039726  \Driver\Atapi->MajorFunction[24]=805041BE 
00000029  0.00040340  \Driver\Atapi->MajorFunction[25]=805041BE 
00000030  0.00040983  \Driver\Atapi->MajorFunction[26]=805041BE 
00000031  0.00042687  [atapi] HOOKed Success 
00000032  0.00053359  IoGetDeviceObjectPointer ok 
00000033  0.00056292  \Device\Afd->DriverObject->MajorFunction[0]=F8391D40 
00000034  0.00058024  \Device\Afd->DriverObject->MajorFunction[1]=F8391D40 
00000035  0.00058778  \Device\Afd->DriverObject->MajorFunction[2]=F8391D40 
00000036  0.00059477  \Device\Afd->DriverObject->MajorFunction[3]=F8391D40 
00000037  0.00060147  \Device\Afd->DriverObject->MajorFunction[4]=F8391D40 
00000038  0.00060846  \Device\Afd->DriverObject->MajorFunction[5]=F8391D40 
00000039  0.00061516  \Device\Afd->DriverObject->MajorFunction[6]=F8391D40 
00000040  0.00062187  \Device\Afd->DriverObject->MajorFunction[7]=F8391D40 
00000041  0.00062857  \Device\Afd->DriverObject->MajorFunction[8]=F8391D40 
00000042  0.00063556  \Device\Afd->DriverObject->MajorFunction[9]=F8391D40 
00000043  0.00064226  \Device\Afd->DriverObject->MajorFunction[10]=F8391D40 
00000044  0.00064924  \Device\Afd->DriverObject->MajorFunction[11]=F8391D40 
00000045  0.00065595  \Device\Afd->DriverObject->MajorFunction[12]=F8391D40 
00000046  0.00066265  \Device\Afd->DriverObject->MajorFunction[13]=F8391D40 
00000047  0.00066936  \Device\Afd->DriverObject->MajorFunction[14]=F8391280 
00000048  0.00067634  \Device\Afd->DriverObject->MajorFunction[15]=F8391D40 
00000049  0.00068305  \Device\Afd->DriverObject->MajorFunction[16]=F8391D40 
00000050  0.00069003  \Device\Afd->DriverObject->MajorFunction[17]=F8391D40 
00000051  0.00069674  \Device\Afd->DriverObject->MajorFunction[18]=F8391D40 
00000052  0.00070344  \Device\Afd->DriverObject->MajorFunction[19]=F8391D40 
00000053  0.00071015  \Device\Afd->DriverObject->MajorFunction[20]=F8391D40 
00000054  0.00071713  \Device\Afd->DriverObject->MajorFunction[21]=F8391D40 
00000055  0.00072384  \Device\Afd->DriverObject->MajorFunction[22]=F8391D40 
00000056  0.00073082  \Device\Afd->DriverObject->MajorFunction[23]=F8391D40 
00000057  0.00073752  \Device\Afd->DriverObject->MajorFunction[24]=F8391D40 
00000058  0.00075792  \Device\Afd->DriverObject->MajorFunction[25]=F8391D40 
00000059  0.00076602  \Device\Afd->DriverObject->MajorFunction[26]=F8391D40

No comments:

Post a Comment