WUDFPlatform.dll中检测内核调试器函数实现

__int64 __fastcall _WudfIsKernelDebuggerPresent()
{
  unsigned int v0; // ebx
  char SystemInformation; // [rsp+30h] [rbp+8h] BYREF
  char v3; // [rsp+31h] [rbp+9h]

  v0 = 0;
  if ( NtQuerySystemInformation(SystemKernelDebuggerInformation, &SystemInformation, 2u, 0i64) >= 0
    && SystemInformation == 1
    && !v3 )
  {
    return 1;
  }
  return v0;
}