VC6下编译进Ring0代码的疑惑(3)

 if(dwRes=GetSecurityInfo(hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION, NULL,NULL,&pDacl,NULL,&pSD) != ERROR_SUCCESS)
 {
  printf( "GetSecurityInfo Error %u ", dwRes );
  goto CleanUp;
 }
 
 ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
 ea.grfAccessPermissions = SECTION_MAP_WRITE;
 ea.grfAccessMode = GRANT_ACCESS;
 ea.grfInheritance= NO_INHERITANCE;
 ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
 ea.Trustee.TrusteeType = TRUSTEE_IS_USER;
 ea.Trustee.ptstrName = "CURRENT_USER";
 
 if(dwRes=SetEntriesInAcl(1,&ea,pDacl,&pNewDacl)!=ERROR_SUCCESS)
 {
  printf( "SetEntriesInAcl %u ", dwRes );
  goto CleanUp;
 }
 
 if(dwRes=SetSecurityInfo(hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,pNewDacl,NULL)!=ERROR_SUCCESS)
 {
  printf("SetSecurityInfo %u ",dwRes);
  goto CleanUp;
 }
 
CleanUp:
 
 if(pSD)
  LocalFree(pSD);
 if(pNewDacl)
  LocalFree(pSD);
}
#define RING0PROC void __declspec (naked)

BOOL ExecRing0Proc(ULONG Entry,ULONG seglen)
{
 Gdtr_t gdt;
 __asm sgdt gdt;
 
 ULONG mapAddr=MiniMmGetPhysicalAddress(gdt.BaseHigh<<16U|gdt.BaseLow);
 if(!mapAddr) return 0;
 
 HANDLE hSection=NULL;
 NTSTATUS status;
 OBJECT_ATTRIBUTES objectAttributes;
 UNICODE_STRING objName;
 CALLGATE_DESCRIPTOR *cg;
 
 status = STATUS_SUCCESS;
 
 pRtlInitUnicodeString RtlInitUnicodeString;
 pZwOpenSection ZwOpenSection;
 pZwClose ZwClose;
 
 RtlInitUnicodeString=(pRtlInitUnicodeString)GetProcAddress(NTDLLHANDLE,"RtlInitUnicodeString");
 ZwOpenSection=(pZwOpenSection)GetProcAddress(NTDLLHANDLE,"ZwOpenSection");
 ZwClose=(pZwClose)GetProcAddress(NTDLLHANDLE,"ZwClose");