当前位置: 首页>>代码示例>>C++>>正文


C++ KdPrint函数代码示例

本文整理汇总了C++中KdPrint函数的典型用法代码示例。如果您正苦于以下问题:C++ KdPrint函数的具体用法?C++ KdPrint怎么用?C++ KdPrint使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了KdPrint函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。

示例1: ddk_DispatchRoutine_CONTROL

NTSTATUS ddk_DispatchRoutine_CONTROL(IN PDEVICE_OBJECT pDevobj,IN PIRP pIrp	)
{   //
	ULONG info;
	int *pi=(int*)ExAllocatePool(PagedPool,sizeof(int));
	//得到当前栈指针
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);
	ULONG mf=stack->MajorFunction;//区分IRP
	switch (mf)
	{
	case IRP_MJ_DEVICE_CONTROL:
		{ 	KdPrint(("Enter myDriver_DeviceIOControl\n"));
		NTSTATUS status = STATUS_SUCCESS;	

		//得到输入缓冲区大小
		ULONG cbin = stack->Parameters.DeviceIoControl.InputBufferLength;
		//得到输出缓冲区大小
		ULONG cbout = stack->Parameters.DeviceIoControl.OutputBufferLength;
		//得到IOCTL码
		ULONG code = stack->Parameters.DeviceIoControl.IoControlCode;
		switch (code)
		{ 
		case add_code:
			{  		
				int a,b;
				KdPrint(("add_code 1111111111111111111\n"));
				//缓冲区方式IOCTL
				//获取缓冲区数据	a,b		
				int * InputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer;
				_asm
				{
					   mov eax,InputBuffer
						mov ebx,[eax]
						mov a,ebx
						mov ebx,[eax+4]
						mov b,ebx
				}
				KdPrint(("a=%d,b=%d \n", a,b));

				a=a+b;
				//C、驱动层返回数据至用户层
				//操作输出缓冲区
				int* OutputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer;
				_asm
				{
					    mov eax,a
						mov ebx,OutputBuffer
						mov [ebx],eax //bufferet=a+b

				}
				KdPrint(("a+b=%d \n",a));

				//设置实际操作输出缓冲区长度
				info = 4;
				break;
			}
		case hook_code:
			{  //从buffer获取MyPid 
				//获取缓冲区数据	a,b		
				int * InputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer;
				_asm
				{
					mov eax,InputBuffer
					mov ebx,[eax]
					mov MyPID,ebx
						 
				}
				int* OutputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer;
				_asm
				{
					mov eax,1
					mov ebx,OutputBuffer
					mov [ebx],eax //

				}
               info = 4;
				Hook();
				break;
			}
		case unhook_code:
			{   UnHook();
				break;
			}
		case sub_code:
			{
				break;
			}
		}//end code switch
		break;
		}
	case IRP_MJ_CREATE:
		{
			break;
		}
	case IRP_MJ_CLOSE:
		{
			break;
		}
	case IRP_MJ_READ:
		{
			break;
//.........这里部分代码省略.........
开发者ID:bittoy,项目名称:driver-leaning,代码行数:101,代码来源:mini_ddk.cpp

示例2: DriverUnload

// Çý¶¯Ð¶ÔØÀý³Ì
void DriverUnload(IN PDRIVER_OBJECT DriverObject)
{
	KdPrint(("hello DriverUnload \r\n"));		
}
开发者ID:friendan,项目名称:test,代码行数:5,代码来源:main.cpp

示例3: mt_malloc

void *
mt_malloc(ULONG size, const char *file, ULONG line)
{
	KIRQL irql;
	struct prefix *data;
	struct postfix *pd;

#if 1
	// check pool integrity
	KeAcquireSpinLock(&guard, &irql);
	
	for (data = first; data; data = data->next)
		check(data);
	
	for (data = last; data; data = data->prev)
		check(data);
	
	KeReleaseSpinLock(&guard, irql);
#endif

	if (size == 0) {
		KdPrint(("memtrack: mt_malloc: size == 0!\n"));
		INT_3;
		return NULL;
	}

	data = (struct prefix *)ExAllocatePool(NonPagedPool,
		sizeof(struct prefix) + size + sizeof(struct postfix));
	if (data == NULL)
		return NULL;

	data->magic = MAGIC;
	data->next = NULL;
	data->prev = NULL;
	data->size = size;
	data->file = file;
	data->line = line;

	memset(data->data, 0xcc, size);		// fill by 0xcc: new

	pd = (struct postfix *)(data->data + data->size);

	pd->size = size;
	pd->magic = MAGIC;

	KeAcquireSpinLock(&guard, &irql);
	
	if (last) {
		last->next = data;
		data->prev = last;
		last = data;
	}
	else {
		data->prev = NULL;
		first = last = data;
	}
	count++;

	KeReleaseSpinLock(&guard, irql);
	return data->data;
}
开发者ID:340211173,项目名称:hf-2011,代码行数:61,代码来源:memtrack.c

示例4: tdi_set_event_handler

int
tdi_set_event_handler(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion)
{
	PTDI_REQUEST_KERNEL_SET_EVENT r = (PTDI_REQUEST_KERNEL_SET_EVENT)&irps->Parameters;
	NTSTATUS status;
	struct ot_entry *ote_addr = NULL;
	KIRQL irql;
	int result = FILTER_DENY;
	TDI_EVENT_CONTEXT *ctx;

	KdPrint(("[tdi_fw] tdi_set_event_handler: [%s] devobj 0x%x; addrobj 0x%x; EventType: %d\n",
		r->EventHandler ? "(+)ADD" : "(-)REMOVE",
		irps->DeviceObject,
		irps->FileObject,
		r->EventType));

	ote_addr = ot_find_fileobj(irps->FileObject, &irql);
	if (ote_addr == NULL) {
		KdPrint(("[tdi_fw] tdi_set_event_handler: ot_find_fileobj(0x%x)\n", irps->FileObject));
		if (r->EventHandler == NULL) {
			 // for fileobjects loaded earlier than our driver allow removing
			result = FILTER_ALLOW;
		}
		goto done;
	}

	if (r->EventType < 0 || r->EventType >= MAX_EVENT) {
		KdPrint(("[tdi_fw] tdi_set_event_handler: unknown EventType %d!\n", r->EventType));
		result = FILTER_ALLOW;
		goto done;
	}

	ctx = &ote_addr->ctx[r->EventType];

	if (r->EventHandler != NULL) {
		/* add EventHandler */
		int i;

		for (i = 0; g_tdi_event_handlers[i].event != (ULONG)-1; i++)
			if (g_tdi_event_handlers[i].event == r->EventType)
				break;

		if (g_tdi_event_handlers[i].event == (ULONG)-1) {
			KdPrint(("[tdi_fw] tdi_set_event_handler: unknown EventType %d!\n", r->EventType));
			result = FILTER_ALLOW;
			goto done;
		}

		ctx->old_handler = r->EventHandler;
		ctx->old_context = r->EventContext;

		if (g_tdi_event_handlers[i].handler != NULL) {
			r->EventHandler = g_tdi_event_handlers[i].handler;
			r->EventContext = ctx;
		} else {
			r->EventHandler = NULL;
			r->EventContext = NULL;
		}

		KdPrint(("[tdi_fw] tdi_set_event_handler: old_handler 0x%x; old_context 0x%x\n",
			r->EventHandler, r->EventContext));

	} else {
		/* remove EventHandler */
		ctx->old_handler = NULL;
		ctx->old_context = NULL;
	}

	// change LISTEN state
	if (r->EventType == TDI_EVENT_CONNECT) {
		TA_ADDRESS *local_addr;

		if (r->EventHandler != NULL) {
			// add "LISTEN" info
			status = add_listen(ote_addr);
			if (status != STATUS_SUCCESS) {
				KdPrint(("[tdi_fw] tdi_set_event_handler: add_listen: 0x%x!\n", status));
				goto done;
			}
		} else if (ote_addr->listen_entry != NULL) {
			// remove "LISTEN" info
			del_listen_obj(ote_addr->listen_entry, FALSE);

			ote_addr->listen_entry = NULL;
		}
	
		// log it if address is not 127.0.0.1
		local_addr = (TA_ADDRESS *)(ote_addr->local_addr);
		if (ntohl(((TDI_ADDRESS_IP *)(local_addr->Address))->in_addr) != 0x7f000001) {
			struct flt_request request;
		
			memset(&request, 0, sizeof(request));

			request.struct_size = sizeof(request);

			request.type = (r->EventHandler != NULL) ? TYPE_LISTEN : TYPE_NOT_LISTEN;
			request.proto = IPPROTO_TCP;	// correct?

			if (r->EventHandler != NULL) {
				// for removing event handler ProcessNotifyProc can be already called
//.........这里部分代码省略.........
开发者ID:340211173,项目名称:hf-2011,代码行数:101,代码来源:disp_ev.c

示例5: ot_free

void
ot_free(void)
{
	KIRQL irql;
	int i;
	struct ot_entry *ote;

	if (g_ot_hash == NULL)
		return;					// have nothing to do

	// do cleanup for address & connection objects
	for (i = 0; i < HASH_SIZE; i++) {

		for (;;) {			// do it again and again
			PFILE_OBJECT connobj = NULL, event_addrobj;
			PVOID event_handler = NULL, event_context;
			int event_type;
			PDEVICE_OBJECT devobj;

			KeAcquireSpinLock(&g_ot_hash_guard, &irql);

			for (ote = g_ot_hash[i]; ote != NULL; ote = ote->next) {

				if (ote->fileobj == NULL)
					continue;				// skip processed items

#ifdef _USE_TDI_HOOKING
				devobj = ote->devobj;
#else
				devobj = get_original_devobj(ote->devobj, NULL);
#endif

				if (ote->type == FILEOBJ_ADDROBJ) {
					// find at least one event handler & remove it @ PASSIVE level
					int j;
					
					event_addrobj = ote->fileobj;
					
					for (j = 0; j < MAX_EVENT; j++)
						if (ote->ctx[j].old_handler != NULL) {
	
							event_type = j;
							event_handler = ote->ctx[j].old_handler;
							event_context = ote->ctx[j].old_context;

							KdPrint(("[tdi_fw] ot_free: got event handler to restore (addrobj: 0x%x; type: %d; handler: 0x%x; context: 0x%x\n",
								event_addrobj,
								event_type,
								event_handler,
								event_context));

							ote->ctx[j].old_handler = NULL;

							break;
						}

					if (event_handler != NULL)
						break;

					KdPrint(("[tdi_fw] ot_free: no event handlers for addrobj: 0x%x\n",
						ote->fileobj));

					// remove this addrobj from "LISTEN" state
					if (ote->listen_entry != NULL) {
						del_listen_obj(ote->listen_entry, FALSE);
						ote->listen_entry = NULL;
					}

					// no event handlers
					ote->fileobj = NULL;

				} else if (ote->type == FILEOBJ_CONNOBJ) {
					// check connobj is connected (remote addr is not 0)
					TA_ADDRESS *remote_addr = (TA_ADDRESS *)(ote->remote_addr);

					if (((TDI_ADDRESS_IP *)(remote_addr->Address))->in_addr == 0) {
						KdPrint(("[tdi_fw] ot_free: connobj 0x%x is not connected\n", connobj));

					} else {
						// disconnect this connection using TDI_DISCONNECT @ PASSIVE level
						connobj = ote->fileobj;
						
						KdPrint(("[tdi_fw] ot_free: got connobj 0x%x (%x:%x) to disconnect\n",
							connobj,
							((TDI_ADDRESS_IP *)(remote_addr->Address))->in_addr,
							((TDI_ADDRESS_IP *)(remote_addr->Address))->sin_port));
					}

					// remove this connobj from "CONNECTED" state
					if (ote->conn_entry != NULL) {
						del_tcp_conn_obj(ote->conn_entry, FALSE);
						ote->conn_entry = NULL;

						// TODO: check if state TCP_STATE_TIME_WAIT don't delete it
					}

					// skip this object next time
					ote->fileobj = NULL;
				}
			}
//.........这里部分代码省略.........
开发者ID:340211173,项目名称:hf-2011,代码行数:101,代码来源:obj_tbl.c

示例6: hpt_attach

static int hpt_attach(device_t dev)
{
	PHBA hba = (PHBA)device_get_softc(dev);
	HIM *him = hba->ldm_adapter.him;
	PCI_ID pci_id;
	HPT_UINT size;
	PVBUS vbus;
	PVBUS_EXT vbus_ext;
	
	KdPrint(("hpt_attach(%d/%d/%d)", pci_get_bus(dev), pci_get_slot(dev), pci_get_function(dev)));
	
#if __FreeBSD_version >=440000
	pci_enable_busmaster(dev);
#endif

	pci_id.vid = pci_get_vendor(dev);
	pci_id.did = pci_get_device(dev);
	pci_id.rev = pci_get_revid(dev);
	pci_id.subsys = (HPT_U32)(pci_get_subdevice(dev)) << 16 | pci_get_subvendor(dev);

	size = him->get_adapter_size(&pci_id);
	hba->ldm_adapter.him_handle = malloc(size, M_DEVBUF, M_WAITOK);
	if (!hba->ldm_adapter.him_handle)
		return ENXIO;

	hba->pcidev = dev;
	hba->pciaddr.tree = 0;
	hba->pciaddr.bus = pci_get_bus(dev);
	hba->pciaddr.device = pci_get_slot(dev);
	hba->pciaddr.function = pci_get_function(dev);

	if (!him->create_adapter(&pci_id, hba->pciaddr, hba->ldm_adapter.him_handle, hba)) {
		free(hba->ldm_adapter.him_handle, M_DEVBUF);
		return -1;
	}

	os_printk("adapter at PCI %d:%d:%d, IRQ %d",
		hba->pciaddr.bus, hba->pciaddr.device, hba->pciaddr.function, pci_get_irq(dev));

	if (!ldm_register_adapter(&hba->ldm_adapter)) {
		size = ldm_get_vbus_size();
		vbus_ext = malloc(sizeof(VBUS_EXT) + size, M_DEVBUF, M_WAITOK);
		if (!vbus_ext) {
			free(hba->ldm_adapter.him_handle, M_DEVBUF);
			return -1;
		}
		memset(vbus_ext, 0, sizeof(VBUS_EXT));
		vbus_ext->ext_type = EXT_TYPE_VBUS;
		ldm_create_vbus((PVBUS)vbus_ext->vbus, vbus_ext);
		ldm_register_adapter(&hba->ldm_adapter);
	}

	ldm_for_each_vbus(vbus, vbus_ext) {
		if (hba->ldm_adapter.vbus==vbus) {
			hba->vbus_ext = vbus_ext;
			hba->next = vbus_ext->hba_list;
			vbus_ext->hba_list = hba;
			break;
		}
	}	
	return 0;
}
开发者ID:dcui,项目名称:FreeBSD-9.3_kernel,代码行数:62,代码来源:hpt27xx_osm_bsd.c

示例7: hpt_async

static void hpt_async(void * callback_arg, u_int32_t code, struct cam_path * path, void * arg)
{
	KdPrint(("hpt_async"));
}
开发者ID:dcui,项目名称:FreeBSD-9.3_kernel,代码行数:4,代码来源:hpt27xx_osm_bsd.c

示例8: sizeof

//KeServiceDescriptorTable -- 包含了 SSDT,(其 Shadow SSDT 处都是NULL)
//KeServiceDescriptorTableShadow -- 包含了 SSDT + Shadow SSDT,因此GUI线程不用转换也能调用 SSDT 中的函数
SYSTEM_SERVICE_TABLE *GetKeServiceDescriptorTableShadowAddress ()
{ 
    //32位系统中导出了KeServiceDescriptorTable变量,
    //其后紧接着有未导出的 KeServiceDescriptorTableShadow, 其前部分的内容和 KeServiceDescriptorTable 内容一样
    //通过从 KeAddSystemServiceTable 导出函数开始搜索,并比较内存中的内容,从而找到 KeServiceDescriptorTableShadow,
    //通过搜索 操作SSDT的函数实现中的有效内存地址的办法 来查找 Shadow SSDT
    //TODO: 能取到 KeServiceDescriptorTable 导出变量的地址,返回 KeServiceDescriptorTable[1] 不就是 KeServiceDescriptorTableShadow 的地址了?

    // First, obtain a pointer to KeAddSystemServiceTable
    unsigned char *check = (unsigned char*)KeAddSystemServiceTable; 
    int i;
    //Initialize an instance of System Service Table, will be used to
    //obtain an address from KeAddSystemServiceTable
    SYSTEM_SERVICE_TABLE *rc=0; 

    if (g_pSystemServiceTable)
    {
        return g_pSystemServiceTable;
    }

    // Make 100 attempts to match a valid address with that of KeServiceDescriptorTable 
    for (i=0; i<4096; i++) {  //PAGE_SIZE
        __try { 
            // try to obtain an address from  KeAddSystemServiceTable 
            rc = *(SYSTEM_SERVICE_TABLE **)check; 
            // if this address is NOT valid OR it itself is the address of 
            //KeServiceDescriptorTable OR its first entry is NOT equal 
            //to the first entry of KeServiceDescriptorTable 
            if (!MmIsAddressValid (rc) 
                || (rc == (SYSTEM_SERVICE_TABLE *)KeServiceDescriptorTable) 
                || (memcmp (rc, KeServiceDescriptorTable, sizeof (*rc)) != 0)) { 
                    // Proceed with the next address 
                    check++; 
                    // don't forget to reset the old address 
                    rc = 0; 
            } 
        } __except (EXCEPTION_EXECUTE_HANDLER) 
        {
            rc = 0; 
        } 
        // when the loop is completed, check if it produced a valid address 
        if (rc) 
        {
            // because if it didn't, we failed to find the address of KeServiceDescriptorTableShadow 
            break; 
        }
    } 
    // otherwise, there is a valid address! So return it! 

    g_pSystemServiceTable = rc;

    if (g_pSystemServiceTable)
    {
        KdPrint(("g_pSystemServiceTable : %#x, SSDT EntryCount=%d, Shadow EntryCount=%d\n", 
            g_pSystemServiceTable, g_pSystemServiceTable[0].NumberOfServices, 
            g_pSystemServiceTable[1].NumberOfServices));
    }
    else
    {
        KdPrint(("!!! Find Shadow SSDT Failed from KeAddSystemServiceTable=%p\n", KeAddSystemServiceTable));
    }

    return g_pSystemServiceTable; 
}
开发者ID:moon-sky,项目名称:fishjam-template-library,代码行数:66,代码来源:KernelHelper_X86.c

示例9: OsrUsbIoctlGetInterruptMessage

VOID
OsrUsbIoctlGetInterruptMessage(
    _In_ WDFDEVICE Device,
    _In_ NTSTATUS  ReaderStatus
    )
/*++

Routine Description

    This method handles the completion of the pended request for the IOCTL
    IOCTL_OSRUSBFX2_GET_INTERRUPT_MESSAGE.

Arguments:

    Device - Handle to a framework device.

Return Value:

    None.

--*/
{
    NTSTATUS            status;
    WDFREQUEST          request;
    PDEVICE_CONTEXT     pDevContext;
    size_t              bytesReturned = 0;
    PSWITCH_STATE       switchState = NULL;

    pDevContext = GetDeviceContext(Device);

    do {

        //
        // Check if there are any pending requests in the Interrupt Message Queue.
        // If a request is found then complete the pending request.
        //
        status = WdfIoQueueRetrieveNextRequest(pDevContext->InterruptMsgQueue, &request);

        if (NT_SUCCESS(status)) {
            status = WdfRequestRetrieveOutputBuffer(request,
                                                    sizeof(SWITCH_STATE),
                                                    &switchState,
                                                    NULL);// BufferLength

            if (!NT_SUCCESS(status)) {

                TraceEvents(TRACE_LEVEL_ERROR, DBG_IOCTL,
                    "User's output buffer is too small for this IOCTL, expecting a SWITCH_STATE\n");
                bytesReturned = sizeof(SWITCH_STATE);

            } else {

                //
                // Copy the state information saved by the continuous reader.
                //
                if (NT_SUCCESS(ReaderStatus)) {
                    switchState->SwitchesAsUChar = pDevContext->CurrentSwitchState;
                    bytesReturned = sizeof(SWITCH_STATE);
                } else {
                    bytesReturned = 0;
                }
            }

            //
            // Complete the request.  If we failed to get the output buffer then 
            // complete with that status.  Otherwise complete with the status from the reader.
            //
            WdfRequestCompleteWithInformation(request, 
                                              NT_SUCCESS(status) ? ReaderStatus : status, 
                                              bytesReturned);
            status = STATUS_SUCCESS;

        } else if (status != STATUS_NO_MORE_ENTRIES) {
            KdPrint(("WdfIoQueueRetrieveNextRequest status %08x\n", status));
        }

        request = NULL;

    } while (status == STATUS_SUCCESS);

    return;

}
开发者ID:340211173,项目名称:Windows-driver-samples,代码行数:83,代码来源:ioctl.c

示例10: SepRmCommandServerThreadInit

BOOLEAN
SepRmCommandServerThreadInit(
    VOID
    )

/*++

Routine Description:

    This function performs initialization of the Reference Monitor Server
    thread.  The following steps are performed.

    o  Wait on the LSA signaling the event.  When the event is signaled,
       the LSA has already created the LSA Command Server LPC Port
    o  Close the LSA Init Event Handle.  The event is not used again.
    o  Listen for the LSA to connect to the Port
    o  Accept the connection.
    o  Connect to the LSA Command Server LPC Port

Arguments:

    None.

Return Value:

--*/

{
    NTSTATUS Status;
    UNICODE_STRING LsaCommandPortName;
    PORT_MESSAGE ConnectionRequest;
    SECURITY_QUALITY_OF_SERVICE DynamicQos;
    OBJECT_ATTRIBUTES ObjectAttributes;
    PORT_VIEW ClientView;
    REMOTE_PORT_VIEW LsaClientView;
    BOOLEAN BooleanStatus = TRUE;

    PAGED_CODE();

    //
    // Save a pointer to our process so we can get back into this process
    // to send commands to the LSA (using a handle to an LPC port created
    // below).
    //

    SepRmLsaCallProcess = PsGetCurrentProcess();

    ObReferenceObject(SepRmLsaCallProcess);

    //
    // Wait on the LSA signaling the event.  This means that the LSA
    // has created its command port, not that LSA initialization is
    // complete.
    //

    Status = ZwWaitForSingleObject(
                 SepRmState.LsaInitEventHandle,
                 FALSE,
                 NULL);

    if ( !NT_SUCCESS(Status) ) {

        KdPrint(("Security Rm Init: Waiting for LSA Init Event failed 0x%lx\n", Status));
        goto RmCommandServerThreadInitError;
    }

    //
    // Close the LSA Init Event Handle.  The event is not used again.
    //

    ZwClose(SepRmState.LsaInitEventHandle);

    //
    // Listen for a connection to be made by the LSA to the Reference Monitor
    // Command Port.  This connection will be made by the LSA process.
    //

    ConnectionRequest.u1.s1.TotalLength = sizeof(ConnectionRequest);
    ConnectionRequest.u1.s1.DataLength = (CSHORT)0;
    Status = ZwListenPort(
                 SepRmState.RmCommandServerPortHandle,
                 &ConnectionRequest
                 );

    if (!NT_SUCCESS(Status)) {

        KdPrint(("Security Rm Init: Listen to Command Port failed 0x%lx\n",
            Status));
        goto RmCommandServerThreadInitError;
    }

    //
    // Obtain a handle to the LSA process for use when auditing.
    //

    InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL );

    Status = ZwOpenProcess(
                 &SepLsaHandle,
                 PROCESS_VM_OPERATION | PROCESS_VM_WRITE,
//.........这里部分代码省略.........
开发者ID:BaoYu0721,项目名称:WRK-1.2,代码行数:101,代码来源:rmmain.c

示例11: SepRmCallLsa


//.........这里部分代码省略.........
                         );

                ReplyMessage.ReturnedStatus = STATUS_SUCCESS;

            } else {

                Status = ZwRequestWaitReplyPort(
                         SepRmState.LsaCommandPortHandle,
                         (PPORT_MESSAGE) &CommandMessage,
                         (PPORT_MESSAGE) &ReplyMessage
                         );
            }

            //
            // If the command was successful, copy the data back to the output
            // buffer.
            //

            if (NT_SUCCESS(Status)) {

                //
                // Move output from command (if any) to buffer.  Note that this
                // is done even if the command returns status, because some status
                // values are not errors.
                //

                if (ARGUMENT_PRESENT(WorkQueueItem->ReplyBuffer)) {

                    RtlCopyMemory(
                        WorkQueueItem->ReplyBuffer,
                        ReplyMessage.ReplyBuffer,
                        WorkQueueItem->ReplyBufferLength
                        );
                }

                //
                // Return status from command.
                //

                Status = ReplyMessage.ReturnedStatus;

                if (!NT_SUCCESS(Status)) {
                    KdPrint(("Security: Command sent from RM to LSA returned 0x%lx\n",
                        Status));
                }

            } else {

                KdPrint(("Security: Sending Command RM to LSA failed 0x%lx\n", Status));
            }

            //
            // On return from the LPC call to the LSA, we expect the called
            // LSA worker routine to have copied the Command Parameters
            // buffer (if any).  If a custom shared memory buffer was allocated,
            // free it now.
            //

            if (CommandMessage.CommandParamsMemoryType == SepRmLsaCustomSharedMemory) {

                RegionSize = 0;

                Status = ZwFreeVirtualMemory(
                             SepLsaHandle,
                             (PVOID *) &CommandMessage.CommandParams,
                             &RegionSize,
                             MEM_RELEASE
                             );

                ASSERT(NT_SUCCESS(Status));
            }

        }


        //
        // Clean up.  We must call the cleanup functions on its parameter
        // and then free the used WorkQueueItem itself.
        //

        if ( ARGUMENT_PRESENT( WorkQueueItem->CleanupFunction)) {

            (WorkQueueItem->CleanupFunction)(WorkQueueItem->CleanupParameter);
        }

        //
        // Determine if there is more work to do on this list
        //

        WorkQueueItem = SepDequeueWorkItem();
    }

    KeDetachProcess();

    if ( LocalListLength > SepLsaQueueLength ) {
        SepLsaQueueLength = LocalListLength;
    }

    return Status;
}
开发者ID:BaoYu0721,项目名称:WRK-1.2,代码行数:101,代码来源:rmmain.c

示例12: SeRmInitPhase1

BOOLEAN
SeRmInitPhase1(
    )

/*++

Routine Description:

    This function is called by Phase 1 System Initialization to initialize
    the Security Reference Monitor.  Note that initialization of the
    Reference Monitor Global State has already been performed in Phase 0
    initialization to allow access validation routines to operate without
    having to check that Reference Monitor Initialization is complete.

    The steps listed below are performed in this routine.  The remainder
    of Reference Monitor initialization requires the LSA subsystem to have run,
    so that initialization is performed in a separate thread (the RM Command
    Server Thread, see below), so that the present thread can create the
    Session Manager which execs the LSA.

    o Create the Reference Monitor Command LPC port.  The LSA subsystem sends
      commands (e.g. turn on auditing) which change the Reference Monitor
      Global State.
    o Create an Event for use in synchronizing with the LSA subsystem.  The
      LSA will signal the event when the portion of LSA initialization upon
      with the Reference Monitor depends is complete.  The Reference Monitor
      uses another LPC port, called the LSA Command Port to send commands
      to the LSA, so the RM must know that this port has been created before
      trying to connect to it.
    o Create the Reference Monitor Command Server Thread.  This thread is
      a permanent thread of the System Init process that fields the Reference
      Monitor State Change commands described above.


Arguments:

    None.

Return Value:

    BOOLEAN - TRUE if Rm Initialization (Phase 1) succeeded, else FALSE

--*/

{
    NTSTATUS Status;
    UNICODE_STRING RmCommandPortName;
    OBJECT_ATTRIBUTES ObjectAttributes;
    UNICODE_STRING LsaInitEventName;
    OBJECT_ATTRIBUTES LsaInitEventObjectAttributes;
    SECURITY_DESCRIPTOR LsaInitEventSecurityDescriptor;
    ULONG AclSize;

    PAGED_CODE();

    //
    // Create an LPC port called the Reference Monitor Command Port.
    // This will be used by the LSA to send commands to the Reference
    // Monitor to update its state data.
    //

    RtlInitUnicodeString( &RmCommandPortName, L"\\SeRmCommandPort" );

    InitializeObjectAttributes(
        &ObjectAttributes,
        &RmCommandPortName,
        0,
        NULL,
        NULL
        );

    Status = ZwCreatePort(
                 &SepRmState.RmCommandServerPortHandle,
                 &ObjectAttributes,
                 sizeof(SEP_RM_CONNECT_INFO),
                 sizeof(RM_COMMAND_MESSAGE),
                 sizeof(RM_COMMAND_MESSAGE) * 32
                 );

    if( !NT_SUCCESS(Status) ) {

        KdPrint(("Security: Rm Create Command Port failed 0x%lx\n", Status));
        return FALSE;
    }

    //
    // Prepare to create an event for synchronizing with the LSA.
    // First, build the Security Descriptor for the Init Event Object
    //

    Status = RtlCreateSecurityDescriptor(
                 &LsaInitEventSecurityDescriptor,
                 SECURITY_DESCRIPTOR_REVISION
                 );

    if (!NT_SUCCESS(Status)) {

        KdPrint(("Security:  Creating Lsa Init Event Desc failed 0x%lx\n",
                  Status));
        return FALSE;
//.........这里部分代码省略.........
开发者ID:BaoYu0721,项目名称:WRK-1.2,代码行数:101,代码来源:rmmain.c

示例13: SepRmCommandServerThread

VOID
SepRmCommandServerThread(
    IN PVOID StartContext
)

/*++

Routine Description:

    This function is executed indefinitely by a dedicated permanent thread
    of the Sysinit Process, called the Reference Monitor Server Thread.
    This thread updates Reference Monitor Global State Data by dispatching
    commands sent from the LSA through the the Reference Monitor LPC Command
    Port.  The following steps are repeated indefinitely:

    o  Initialize RM Command receive and reply buffer headers
    o  Perform remaining Reference Monitor initialization involving LSA
    o  Wait for RM command sent from LSA, send reply to previous command
       (if any)
    o  Validate command
    o  Dispatch to command worker routine to execute command.

Arguments:

    None.

Return Value:

    None.

--*/

{
    NTSTATUS Status;
    PRM_REPLY_MESSAGE Reply;
    RM_COMMAND_MESSAGE CommandMessage;
    RM_REPLY_MESSAGE ReplyMessage;

    PAGED_CODE();

    //
    // Perform the rest of the Reference Monitor initialization, involving
    // synchronization with the LSA or dependency on the LSA having run.
    //

    if (!SepRmCommandServerThreadInit()) {

        KdPrint(("Security: Terminating Rm Command Server Thread\n"));
        return;
    }

    Status = PoRequestShutdownEvent (NULL);
    if (!NT_SUCCESS (Status)) {
        ZwClose (SepRmState.RmCommandPortHandle);
        ZwClose (SepRmState.RmCommandServerPortHandle);
        ZwClose (SepRmState.LsaCommandPortHandle);
        ZwClose (SepLsaHandle);
        SepRmState.RmCommandPortHandle = NULL;
        SepRmState.RmCommandServerPortHandle = NULL;
        SepRmState.LsaCommandPortHandle = NULL;
        SepLsaHandle = NULL;
        return;
    }

    //
    // Initialize LPC port message header type and length fields for the
    // received command message.
    //

    CommandMessage.MessageHeader.u2.ZeroInit = 0;
    CommandMessage.MessageHeader.u1.s1.TotalLength =
        (CSHORT) sizeof(RM_COMMAND_MESSAGE);
    CommandMessage.MessageHeader.u1.s1.DataLength =
    CommandMessage.MessageHeader.u1.s1.TotalLength -
        (CSHORT) sizeof(PORT_MESSAGE);

    //
    // Initialize the LPC port message header type and data sizes for
    // for the reply message.
    //

    ReplyMessage.MessageHeader.u2.ZeroInit = 0;
    ReplyMessage.MessageHeader.u1.s1.TotalLength =
        (CSHORT) sizeof(RM_COMMAND_MESSAGE);
    ReplyMessage.MessageHeader.u1.s1.DataLength =
    ReplyMessage.MessageHeader.u1.s1.TotalLength -
        (CSHORT) sizeof(PORT_MESSAGE);

    //
    // First time through, there is no reply.
    //

    Reply = NULL;

    //
    // Now loop indefinitely, processing incoming Rm commands from the LSA.
    //

    for(;;) {

//.........这里部分代码省略.........
开发者ID:BaoYu0721,项目名称:WRK-1.2,代码行数:101,代码来源:rmmain.c

示例14: DriverEntry

extern "C" NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,PUNICODE_STRING B) //TYPEDEF LONG NTSTATUS
{  
	ULONG cur,old;
	JMPCODE JmpCode;
	
	cur=GetNt_CurAddr();//A
	old=GetNt_OldAddr();//C
	if (cur!=old)
	{   //hook
		ishook=true;
		//保存前5字节
		pcur=(PJMPCODE)(cur);//初始化指针
		oldCode.E9=pcur->E9;//1字节
		oldCode.JMPADDR=pcur->JMPADDR;//4字节
		//

		JmpCode.E9=0xE9; 
		JmpCode.JMPADDR=old-cur-5;   //jmp是偏移
	    KdPrint(("要写入的地址%X",JmpCode.JMPADDR));
        //写入JMP   C-A-5=B //实际要写入地址
		__asm //去掉页面保护
		{
			cli
				mov eax,cr0
				and eax,not 10000h //and eax,0FFFEFFFFh
				mov cr0,eax

		}
         
		 pcur->E9=0xE9;//jmp
		 pcur->JMPADDR=JmpCode.JMPADDR;//要跳转到的地址

		__asm //恢复页保护
		{
			mov eax,cr0
				or  eax,10000h //or eax,not 0FFFEFFFFh
				mov cr0,eax
				sti
		}

		KdPrint(("NtOpenProcess被HOOK了"));
	}
 /* ULONG SSDT_NtOpenProcess_Cur_Addr;
KdPrint(("驱动成功被加载...OK++++++++\n\n"));
 //读取SSDT表中 NtOpenProcess当前地址 KeServiceDescriptorTable
 // [[KeServiceDescriptorTable]+0x7A*4] 

__asm
{    int 3
	push ebx
	push eax
		mov ebx,KeServiceDescriptorTable
		mov ebx,[ebx] //表的基地址
		mov eax,0x7a
		shl eax,2//0x7A*4 //imul eax,eax,4//shl eax,2
		add ebx,eax//[KeServiceDescriptorTable]+0x7A*4
		mov ebx,[ebx]
        mov SSDT_NtOpenProcess_Cur_Addr,ebx
	pop  eax	
	pop  ebx
}
KdPrint(("SSDT_NtOpenProcess_Cur_Addr=%x\n\n",SSDT_NtOpenProcess_Cur_Addr));*/
 //注册派遣函数
pDriverObject->MajorFunction[IRP_MJ_CREATE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
pDriverObject->MajorFunction[IRP_MJ_CLOSE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
pDriverObject->MajorFunction[IRP_MJ_READ]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
pDriverObject->MajorFunction[IRP_MJ_CLOSE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
 CreateMyDevice(pDriverObject);//创建相应的设备
 pDriverObject->DriverUnload=DDK_Unload;
return (1);
}
开发者ID:bittoy,项目名称:driver-leaning,代码行数:72,代码来源:mini_ddk.cpp

示例15: RfsdCheckDismount

__drv_mustHoldCriticalRegion
BOOLEAN
RfsdCheckDismount (
    IN PRFSD_IRP_CONTEXT IrpContext,
    IN PRFSD_VCB         Vcb,
    IN BOOLEAN           bForce   )
{
    KIRQL   Irql;
    PVPB    Vpb = Vcb->Vpb;
    BOOLEAN bDeleted = FALSE;
    ULONG   UnCleanCount = 0;

    PAGED_CODE();

    ExAcquireResourceExclusiveLite(
        &RfsdGlobal->Resource, TRUE );

    ExAcquireResourceExclusiveLite(
        &Vcb->MainResource, TRUE );

    if ((IrpContext->MajorFunction == IRP_MJ_CREATE) &&
            (IrpContext->RealDevice == Vcb->RealDevice)) {
        UnCleanCount = 3;
    } else {
        UnCleanCount = 2;
    }

    IoAcquireVpbSpinLock (&Irql);

    if ((Vpb->ReferenceCount == UnCleanCount) || bForce) {

        if ((Vpb->ReferenceCount != UnCleanCount) && bForce) {
            KdPrint(("RfsdCheckDismount: force dismount ...\n"));
        }

        ClearFlag( Vpb->Flags, VPB_MOUNTED );
        ClearFlag( Vpb->Flags, VPB_LOCKED );

#ifdef _MSC_VER
#pragma prefast( suppress: 28175, "allowed in file system drivers" )
#endif
        if ((Vcb->RealDevice != Vpb->RealDevice) &&
                (Vcb->RealDevice->Vpb == Vpb)) {
            SetFlag( Vcb->RealDevice->Flags, DO_DEVICE_INITIALIZING );
            SetFlag( Vpb->Flags, VPB_PERSISTENT );
        }

        RfsdRemoveVcb(Vcb);

        ClearFlag(Vpb->Flags, VPB_MOUNTED);
        SetFlag(Vcb->Flags, VCB_DISMOUNT_PENDING);

        Vpb->DeviceObject = NULL;

        bDeleted = TRUE;
    }

    IoReleaseVpbSpinLock(Irql);

    ExReleaseResourceForThreadLite(
        &Vcb->MainResource,
        ExGetCurrentResourceThread() );

    ExReleaseResourceForThreadLite(
        &RfsdGlobal->Resource,
        ExGetCurrentResourceThread() );

    if (bDeleted) {
        KdPrint(("RfsdCheckDismount: now free the vcb ...\n"));
        RfsdFreeVcb(Vcb);
    }

    return bDeleted;
}
开发者ID:reactos,项目名称:reactos,代码行数:74,代码来源:fsctl.c


注:本文中的KdPrint函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。