Windows NT Driver >> Assembly
DriverUnload()
當驅動程式準備被系統卸載時,DriverUnload()會被系統呼叫,這是驅動程式最後可以釋放資源的地方,若沒有適當的釋放資源,則驅動程式無法被卸載,遇到這種狀況時,系統會提示需要重新開機才可以正確卸載驅動程式。
DriverUnload()副程式定義如下:
proto :PDRIVER_OBJECT
範例:
SYM_NAME word "\","D","o","s","D","e","v","i","c","e","s","\","M","y","D","r","i","v","e","r",0 Unload proc pOurDriver:PDRIVER_OBJECT local szSymName:UNICODE_STRING invoke RtlInitUnicodeString, addr szSymName, offset SYM_NAME invoke IoDeleteSymbolicLink, addr szSymName mov eax, pOurDriver invoke IoDeleteDevice, (DRIVER_OBJECT PTR [eax]).DeviceObject ret Unload endp