use core::ffi::c_void;
use crate::{kernel_fucntion::get_kernel_export_symbol_address, string::str_to_unicode_string};
use wdk::println;
use wdk_sys::{ntddk::RtlCompareUnicodeString, POBJECT_TYPE};
use crate::feature_code_search::search_4bit_on_7bit_insrtuction;
#[allow(unused)]
extern "C" {
pub static mut IoDriverObjectType: *mut c_void;
pub static mut PsLoadedModuleList: *mut c_void;
}
#[derive(Debug)]
pub struct NotFind {}
pub fn get_object_type_by_name(name: &str) -> Result<POBJECT_TYPE, NotFind> {
let function_address =
get_kernel_export_symbol_address("ObGetObjectType").map_err(|_| NotFind {})?;
println!("obgetobjecttype:{:p}", function_address);
let r = search_4bit_on_7bit_insrtuction(function_address, 0x48, 0x8d, 0x0d, 0x100)
.map_err(|_| NotFind {})?;
let object_type_table: *mut u64 = r as _;
let mut table_item = unsafe { object_type_table.add(2) };
let mut target_name = str_to_unicode_string(name);
loop {
unsafe {
let value = *table_item;
if value == 0 {
return Err(NotFind {});
}
let object_type_name_point = value + 0x10;
if RtlCompareUnicodeString(object_type_name_point as _, target_name.as_ptr(), 0) == 0 {
break;
}
table_item = table_item.add(1);
}
}
Ok(unsafe { *table_item } as _)
}