让自己闲置的时间太久了,每天除了上班就是上网看电影,
太无聊的日子。所以还是准备开始学点东西。
打算就从0开始学驱动吧。
学驱动很难,但起码能让生活不再如从前般无聊,
做点自己喜欢的事情总还是很有趣的。对照着书本和网络,写了一个列举进程的Hello World,
请大家点评一下代码的结构和注释,是否及格?谢谢!
代码:
#include "1.h"NTSTATUS EnumProcess()
{
int iCount = 1; //进程计数
NTSTATUS status; //返回值
PVOID pSi = NULL; /*指向SystemInformationClass的指针,此处为SystemProcessesAndThreadsInformation,即我们所要获取的信息*/
PSYSTEM_PROCESS_INFORMATION pSpiNext = NULL; //同上
ULONG uSize; //pSi的大小,以BYTE为单位
ULONG pNeededSize = 0; //系统返回所需长度,因在WIN2000下不会返回,故不使用,设置为0
BOOL bOver = FALSE; //标识是否列举完成 //设定pSi大小uSize初始为32K,并为pSi分配uSize的内存,根据返回值逐步累加uSize,步长为32K
for (uSize = 0x8000; ((pSi = ExAllocatePoolWithTag(NonPagedPool, uSize, 'tag1')) != NULL); uSize += 0x8000)
{
//检索指定的系统信息,这里是有关进程的信息
status = NtQuerySystemInformation(SystemProcessesAndThreadsInformation,
pSi,
uSize,
&pNeededSize);
if (STATUS_SUCCESS == status) //NtQuerySystemInformation返回成功
{
DbgPrint("[Aliwy] SUCCESS uSize = 0x%.8X, pNeededSize = 0x%.8X, status = 0x%.8X\n", uSize, pNeededSize, status);
pSpiNext = (PSYSTEM_PROCESS_INFORMATION)pSi; /*使用pSpiNext操作,pSi要留到后面释放所分配的内存*/
while (TRUE)
{
if (pSpiNext->ProcessId == 0)
{
DbgPrint("[Aliwy] %d - System Idle Process\n", pSpiNext->ProcessId); /*进程标识符为0的是System Idle Process,需手动标明*/
}
else
{
DbgPrint("[Aliwy] %d - %wZ\n", pSpiNext->ProcessId, &pSpiNext->ImageName); /*打印出进程标识符和进程名称*/
}
if (pSpiNext->NextEntryOffset == 0) //如果NextEntryOffset为0即表示进程已列举完
{
DbgPrint("[Aliwy] EnumProcess Over, Count is: %d\n", iCount);
bOver = TRUE; //标识进程列举已完成
break; //跳出列举循环(while循环)
}
pSpiNext = (PSYSTEM_PROCESS_INFORMATION)((ULONG)pSpiNext + pSpiNext->NextEntryOffset); //指向下一个进程的信息
iCount++; //计数累加
}
ExFreePool(pSi); //释放为sPi分配的内存
if (bOver) //进程列举完成
{
break; //跳出内存分配循环(for循环)
}
}
else
{
DbgPrint("[Aliwy] SUCCESS uSize = %.8X, pNeededSize = %.8X, status = %.8X\n", uSize, pNeededSize, status);
}
}
return STATUS_SUCCESS;
}//----------------DriverUnload------------------------------
VOID OnUnload( IN PDRIVER_OBJECT DriverObject )
{
DbgPrint("[Aliwy] OnUnload\n");
}
//----------------------------------------------------------
//==================== DriverEntry =========================
NTSTATUS DriverEntry( IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath )
{
DbgPrint("[Aliwy] DriverEntry\n");
EnumProcess();
theDriverObject->DriverUnload = OnUnload;
return STATUS_SUCCESS;
}
//==========================================================
代码:
#include <ntddk.h>#define DWORD unsigned long
#define BOOL int//---------系统信息结构---------
typedef enum _SYSTEM_INFORMATION_CLASS {
SystemBasicInformation,
SystemProcessorInformation,
SystemPerformanceInformation,
SystemTimeOfDayInformation,
SystemNotImplemented1,
SystemProcessesAndThreadsInformation,
SystemCallCounts,
SystemConfigurationInformation,
SystemProcessorTimes,
SystemGlobalFlag,
SystemNotImplemented2,
SystemModuleInformation,
SystemLockInformation,
SystemNotImplemented3,
SystemNotImplemented4,
SystemNotImplemented5,
SystemHandleInformation,
SystemObjectInformation,
SystemPagefileInformation,
SystemInstructionEmulationCounts,
SystemInvalidInfoClass1,
SystemCacheInformation,
SystemPoolTagInformation,
SystemProcessorStatistics,
SystemDpcInformation,
SystemNotImplemented6,
SystemLoadImage,
SystemUnloadImage,
SystemTimeAdjustment,
SystemNotImplemented7,
SystemNotImplemented8,
SystemNotImplemented9,
SystemCrashDumpInformation,
SystemExceptionInformation,
SystemCrashDumpStateInformation,
SystemKernelDebuggerInformation,
SystemContextSwitchInformation,
SystemRegistryQuotaInformation,
SystemLoadAndCallImage,
SystemPrioritySeparation,
SystemNotImplemented10,
SystemNotImplemented11,
SystemInvalidInfoClass2,
SystemInvalidInfoClass3,
SystemTimeZoneInformation,
SystemLookasideInformation,
SystemSetTimeSlipEvent,
SystemCreateSession,
SystemDeleteSession,
SystemInvalidInfoClass4,
SystemRangeStartInformation,
SystemVerifierInformation,
SystemAddVerifier,
SystemSessionProcessesInformation
} SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;
//------------------------------//---------线程信息结构---------
typedef struct _SYSTEM_THREAD {
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientId;
KPRIORITY Priority;
LONG BasePriority;
ULONG ContextSwitchCount;
ULONG State;
KWAIT_REASON WaitReason;
} SYSTEM_THREAD, *PSYSTEM_THREAD;
//------------------------------//---------进程信息结构---------
typedef struct _SYSTEM_PROCESS_INFORMATION {
ULONG NextEntryOffset;
ULONG NumberOfThreads;
LARGE_INTEGER Reserved[3];
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ImageName;
KPRIORITY BasePriority;
HANDLE ProcessId;
HANDLE InheritedFromProcessId;
ULONG HandleCount;
ULONG Reserved2[2];
ULONG PrivatePageCount;
VM_COUNTERS VirtualMemoryCounters;
IO_COUNTERS IoCounters;
SYSTEM_THREAD Threads[0];
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
//------------------------------//---------函数声明-------------
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySystemInformation(IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL);
//------------------------------
太无聊的日子。所以还是准备开始学点东西。
打算就从0开始学驱动吧。
学驱动很难,但起码能让生活不再如从前般无聊,
做点自己喜欢的事情总还是很有趣的。对照着书本和网络,写了一个列举进程的Hello World,
请大家点评一下代码的结构和注释,是否及格?谢谢!
代码:
#include "1.h"NTSTATUS EnumProcess()
{
int iCount = 1; //进程计数
NTSTATUS status; //返回值
PVOID pSi = NULL; /*指向SystemInformationClass的指针,此处为SystemProcessesAndThreadsInformation,即我们所要获取的信息*/
PSYSTEM_PROCESS_INFORMATION pSpiNext = NULL; //同上
ULONG uSize; //pSi的大小,以BYTE为单位
ULONG pNeededSize = 0; //系统返回所需长度,因在WIN2000下不会返回,故不使用,设置为0
BOOL bOver = FALSE; //标识是否列举完成 //设定pSi大小uSize初始为32K,并为pSi分配uSize的内存,根据返回值逐步累加uSize,步长为32K
for (uSize = 0x8000; ((pSi = ExAllocatePoolWithTag(NonPagedPool, uSize, 'tag1')) != NULL); uSize += 0x8000)
{
//检索指定的系统信息,这里是有关进程的信息
status = NtQuerySystemInformation(SystemProcessesAndThreadsInformation,
pSi,
uSize,
&pNeededSize);
if (STATUS_SUCCESS == status) //NtQuerySystemInformation返回成功
{
DbgPrint("[Aliwy] SUCCESS uSize = 0x%.8X, pNeededSize = 0x%.8X, status = 0x%.8X\n", uSize, pNeededSize, status);
pSpiNext = (PSYSTEM_PROCESS_INFORMATION)pSi; /*使用pSpiNext操作,pSi要留到后面释放所分配的内存*/
while (TRUE)
{
if (pSpiNext->ProcessId == 0)
{
DbgPrint("[Aliwy] %d - System Idle Process\n", pSpiNext->ProcessId); /*进程标识符为0的是System Idle Process,需手动标明*/
}
else
{
DbgPrint("[Aliwy] %d - %wZ\n", pSpiNext->ProcessId, &pSpiNext->ImageName); /*打印出进程标识符和进程名称*/
}
if (pSpiNext->NextEntryOffset == 0) //如果NextEntryOffset为0即表示进程已列举完
{
DbgPrint("[Aliwy] EnumProcess Over, Count is: %d\n", iCount);
bOver = TRUE; //标识进程列举已完成
break; //跳出列举循环(while循环)
}
pSpiNext = (PSYSTEM_PROCESS_INFORMATION)((ULONG)pSpiNext + pSpiNext->NextEntryOffset); //指向下一个进程的信息
iCount++; //计数累加
}
ExFreePool(pSi); //释放为sPi分配的内存
if (bOver) //进程列举完成
{
break; //跳出内存分配循环(for循环)
}
}
else
{
DbgPrint("[Aliwy] SUCCESS uSize = %.8X, pNeededSize = %.8X, status = %.8X\n", uSize, pNeededSize, status);
}
}
return STATUS_SUCCESS;
}//----------------DriverUnload------------------------------
VOID OnUnload( IN PDRIVER_OBJECT DriverObject )
{
DbgPrint("[Aliwy] OnUnload\n");
}
//----------------------------------------------------------
//==================== DriverEntry =========================
NTSTATUS DriverEntry( IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath )
{
DbgPrint("[Aliwy] DriverEntry\n");
EnumProcess();
theDriverObject->DriverUnload = OnUnload;
return STATUS_SUCCESS;
}
//==========================================================
代码:
#include <ntddk.h>#define DWORD unsigned long
#define BOOL int//---------系统信息结构---------
typedef enum _SYSTEM_INFORMATION_CLASS {
SystemBasicInformation,
SystemProcessorInformation,
SystemPerformanceInformation,
SystemTimeOfDayInformation,
SystemNotImplemented1,
SystemProcessesAndThreadsInformation,
SystemCallCounts,
SystemConfigurationInformation,
SystemProcessorTimes,
SystemGlobalFlag,
SystemNotImplemented2,
SystemModuleInformation,
SystemLockInformation,
SystemNotImplemented3,
SystemNotImplemented4,
SystemNotImplemented5,
SystemHandleInformation,
SystemObjectInformation,
SystemPagefileInformation,
SystemInstructionEmulationCounts,
SystemInvalidInfoClass1,
SystemCacheInformation,
SystemPoolTagInformation,
SystemProcessorStatistics,
SystemDpcInformation,
SystemNotImplemented6,
SystemLoadImage,
SystemUnloadImage,
SystemTimeAdjustment,
SystemNotImplemented7,
SystemNotImplemented8,
SystemNotImplemented9,
SystemCrashDumpInformation,
SystemExceptionInformation,
SystemCrashDumpStateInformation,
SystemKernelDebuggerInformation,
SystemContextSwitchInformation,
SystemRegistryQuotaInformation,
SystemLoadAndCallImage,
SystemPrioritySeparation,
SystemNotImplemented10,
SystemNotImplemented11,
SystemInvalidInfoClass2,
SystemInvalidInfoClass3,
SystemTimeZoneInformation,
SystemLookasideInformation,
SystemSetTimeSlipEvent,
SystemCreateSession,
SystemDeleteSession,
SystemInvalidInfoClass4,
SystemRangeStartInformation,
SystemVerifierInformation,
SystemAddVerifier,
SystemSessionProcessesInformation
} SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;
//------------------------------//---------线程信息结构---------
typedef struct _SYSTEM_THREAD {
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientId;
KPRIORITY Priority;
LONG BasePriority;
ULONG ContextSwitchCount;
ULONG State;
KWAIT_REASON WaitReason;
} SYSTEM_THREAD, *PSYSTEM_THREAD;
//------------------------------//---------进程信息结构---------
typedef struct _SYSTEM_PROCESS_INFORMATION {
ULONG NextEntryOffset;
ULONG NumberOfThreads;
LARGE_INTEGER Reserved[3];
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ImageName;
KPRIORITY BasePriority;
HANDLE ProcessId;
HANDLE InheritedFromProcessId;
ULONG HandleCount;
ULONG Reserved2[2];
ULONG PrivatePageCount;
VM_COUNTERS VirtualMemoryCounters;
IO_COUNTERS IoCounters;
SYSTEM_THREAD Threads[0];
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
//------------------------------//---------函数声明-------------
NTSYSAPI
NTSTATUS
NTAPI
NtQuerySystemInformation(IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL);
//------------------------------
解决方案 »
- ado调用oracle存储过程输出结果集
- 擦除icon图标
- 线程函数如何让屏幕重绘
- GDI + 的问题,也许有点诡异了
- 怎么用sdk或者stl库调用服务器端的webservice,请高手们赐教!!
- 子网掩码的问题,拜托各位大虾
- CPropertySheet的两个page里定义变量如何共享存取
- 能说说C++里复制文件的API吗??各种类型文件都可以吗?
- 谁能告诉我那里有visual c++ 6.0 技术内幕的光盘???
- 请问好多消息前面都有NC,和不带NC的有什么区别,比方说WM_DESTORY和WM_NCDESTORY
- 我已经在内存中新建了2个位图:
- C++ 里有没有 StrToTime 函数封装好的,谢谢
嗯,现在正在学IRP呢,呵呵~