本文整理汇总了C++中RtlInitUnicodeString函数的典型用法代码示例。如果您正苦于以下问题:C++ RtlInitUnicodeString函数的具体用法?C++ RtlInitUnicodeString怎么用?C++ RtlInitUnicodeString使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了RtlInitUnicodeString函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: TestIoVolumeDeviceToDosName
static
void
TestIoVolumeDeviceToDosName(void)
{
NTSTATUS Status;
ULONG VolumeNumber;
WCHAR VolumeDeviceNameBuffer[32];
UNICODE_STRING VolumeDeviceName;
PFILE_OBJECT FileObject;
PDEVICE_OBJECT DeviceObject;
UNICODE_STRING DosName;
UNICODE_STRING DosVolumePrefix = RTL_CONSTANT_STRING(L"\\\\?\\Volume");
RtlInitEmptyUnicodeString(&VolumeDeviceName,
VolumeDeviceNameBuffer,
sizeof(VolumeDeviceNameBuffer));
VolumeNumber = 0;
Status = STATUS_SUCCESS;
while (1)
{
Status = GetNextVolumeDevice(&VolumeDeviceName,
&VolumeNumber,
Status);
if (!NT_SUCCESS(Status))
{
trace("GetNextVolumeDevice(0x%lx) failed with %lx\n",
VolumeNumber, Status);
break;
}
RtlInitUnicodeString(&VolumeDeviceName, VolumeDeviceNameBuffer);
Status = IoGetDeviceObjectPointer(&VolumeDeviceName,
READ_CONTROL,
&FileObject,
&DeviceObject);
if (!NT_SUCCESS(Status))
{
trace("IoGetDeviceObjectPointer(%wZ) failed with %lx\n",
&VolumeDeviceName, Status);
continue;
}
Status = IoVolumeDeviceToDosName(DeviceObject, &DosName);
ok_eq_hex(Status, STATUS_SUCCESS);
if (!skip(NT_SUCCESS(Status), "No DOS name\n"))
{
trace("DOS name for %wZ is %wZ\n", &VolumeDeviceName, &DosName);
if (DosName.Length == 2 * sizeof(WCHAR))
{
ok(DosName.Buffer[0] >= L'A' &&
DosName.Buffer[0] <= L'Z' &&
DosName.Buffer[1] == L':',
"Unexpected drive letter: %wZ\n", &DosName);
}
else
{
ok(RtlPrefixUnicodeString(&DosVolumePrefix, &DosName, FALSE),
"Unexpected volume path: %wZ\n", &DosName);
}
RtlFreeUnicodeString(&DosName);
}
ObDereferenceObject(FileObject);
Status = STATUS_SUCCESS;
}
ok(VolumeNumber > 1, "No volumes found\n");
}示例2: CsampUnload
VOID
CsampUnload(
__in PDRIVER_OBJECT DriverObject
)
/*++
Routine Description:
Free all the allocated resources, etc.
Arguments:
DriverObject - pointer to a driver object.
Return Value:
VOID
--*/
{
PDEVICE_OBJECT deviceObject = DriverObject->DeviceObject;
UNICODE_STRING uniWin32NameString;
PDEVICE_EXTENSION devExtension = deviceObject->DeviceExtension;
PAGED_CODE();
CSAMP_KDPRINT(("CsampUnload Enter\n"));
//
// Set the Stop flag
//
devExtension->ThreadShouldStop = TRUE;
//
// Make sure the thread wakes up
//
KeReleaseSemaphore(&devExtension->IrpQueueSemaphore,
0, // No priority boost
1, // Increment semaphore by 1
TRUE );// WaitForXxx after this call
//
// Wait for the thread to terminate
//
KeWaitForSingleObject(devExtension->ThreadObject,
Executive,
KernelMode,
FALSE,
NULL );
ObDereferenceObject(devExtension->ThreadObject);
//
// Create counted string version of our Win32 device name.
//
RtlInitUnicodeString( &uniWin32NameString, CSAMP_DOS_DEVICE_NAME_U );
IoDeleteSymbolicLink( &uniWin32NameString );
ASSERT(!deviceObject->AttachedDevice);
IoDeleteDevice( deviceObject );
CSAMP_KDPRINT(("CsampUnload Exit\n"));
return;
}示例3: LfsFiltOpenControl
static
NTSTATUS
LfsFiltOpenControl (
OUT PHANDLE ControlFileHandle,
OUT PFILE_OBJECT *ControlFileObject
)
{
HANDLE controlFileHandle;
PFILE_OBJECT controlFileObject;
UNICODE_STRING nameString;
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK ioStatusBlock;
NTSTATUS status;
Bus_KdPrint_Def(BUS_DBG_SS_TRACE, ("Entered\n"));
//
// Init object attributes
//
RtlInitUnicodeString (&nameString, LFSFILT_CTLDEVICE_NAME);
InitializeObjectAttributes (
&objectAttributes,
&nameString,
0,
NULL,
NULL
);
status = ZwCreateFile(
&controlFileHandle,
GENERIC_READ,
&objectAttributes,
&ioStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
0,
0,
0,
NULL, // Open as control
0 //
);
if (!NT_SUCCESS(status)) {
Bus_KdPrint_Def(BUS_DBG_SS_ERROR, ("FAILURE, ZwCreateFile returned status code=%x\n", status));
*ControlFileHandle = NULL;
*ControlFileObject = NULL;
return status;
}
status = ioStatusBlock.Status;
if (!NT_SUCCESS(status)) {
Bus_KdPrint_Def(BUS_DBG_SS_ERROR, ("FAILURE, IoStatusBlock.Status contains status code=%x\n", status));
*ControlFileHandle = NULL;
*ControlFileObject = NULL;
return status;
}
status = ObReferenceObjectByHandle (
controlFileHandle,
0L,
NULL,
KernelMode,
(PVOID *) &controlFileObject,
NULL
);
if (!NT_SUCCESS(status)) {
Bus_KdPrint_Def(BUS_DBG_SS_ERROR, ("ObReferenceObjectByHandle() failed. STATUS=%08lx\n", status));
ZwClose(controlFileHandle);
*ControlFileHandle = NULL;
*ControlFileObject = NULL;
return status;
}
*ControlFileHandle = controlFileHandle;
*ControlFileObject = controlFileObject;
return status;
}示例4: HotKeyKrnlAttachDevices
NTSTATUS
HotKeyKrnlAttachDevices(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NTSTATUS status = 0;
UNICODE_STRING uniNtNameString;
PDEVICE_EXTENSION devExt;
PDEVICE_OBJECT pFilterDeviceObject = NULL;
PDEVICE_OBJECT pTargetDeviceObject = NULL;
PDEVICE_OBJECT pLowerDeviceObject = NULL;
PDRIVER_OBJECT KbdDriverObject = NULL;
extern POBJECT_TYPE *IoDriverObjectType; // Exported by ntoskrnl.exe, shit !
// ref kbdclass driver object
RtlInitUnicodeString(&uniNtNameString, KBD_DRIVER_NAME);
status = ObReferenceObjectByName(&uniNtNameString, OBJ_CASE_INSENSITIVE, NULL, 0, *IoDriverObjectType, KernelMode, NULL, &KbdDriverObject);
if(!NT_SUCCESS(status))
{
KdPrint(("[shadow] ObReferenceObjectByName failed,cann't access Kbdclass.\n"));
return status;
}
else
{
ObDereferenceObject(KbdDriverObject);
}
// 绑定该驱动对象中的所有设备对象
pTargetDeviceObject = KbdDriverObject->DeviceObject;
while (pTargetDeviceObject)
{
// 创建过滤设备
status = IoCreateDevice(DriverObject, sizeof(DEVICE_EXTENSION), NULL, pTargetDeviceObject->DeviceType, pTargetDeviceObject->Characteristics, FALSE, &pFilterDeviceObject);
if (!NT_SUCCESS(status))
{
KdPrint(("[shadow] IoCreateDevice(filter device) failed.\n"));
return status;
}
// 绑定
if(!(pLowerDeviceObject = IoAttachDeviceToDeviceStack(pFilterDeviceObject, pTargetDeviceObject)))
{
KdPrint(("[shadow] IoAttachDeviceToDeviceStack failed.\n"));
IoDeleteDevice(pFilterDeviceObject);
pFilterDeviceObject = NULL;
return status;
}
devExt = (PDEVICE_EXTENSION)(pFilterDeviceObject->DeviceExtension);
RtlZeroMemory(devExt, sizeof(DEVICE_EXTENSION));
devExt->NodeSize = sizeof(DEVICE_EXTENSION);
devExt->pFilterDeviceObject = pFilterDeviceObject;
devExt->TargetDeviceObject = pTargetDeviceObject;
devExt->LowerDeviceObject = pLowerDeviceObject;
pFilterDeviceObject->DeviceType = pLowerDeviceObject->DeviceType;
pFilterDeviceObject->Characteristics = pLowerDeviceObject->Characteristics;
pFilterDeviceObject->StackSize = pLowerDeviceObject->StackSize+1;
pFilterDeviceObject->Flags |= pLowerDeviceObject->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO | DO_POWER_PAGABLE);
pTargetDeviceObject = pTargetDeviceObject->NextDevice;
}
return status;
} 示例5: ndisprotRegisterExCallBack
BOOLEAN
ndisprotRegisterExCallBack()
{
OBJECT_ATTRIBUTES ObjectAttr;
UNICODE_STRING CallBackObjectName;
NTSTATUS Status;
BOOLEAN bResult = TRUE;
DEBUGP(DL_LOUD, ("--> ndisprotRegisterExCallBack\n"));
PAGED_CODE();
do {
RtlInitUnicodeString(&CallBackObjectName, NDISPROT_CALLBACK_NAME);
InitializeObjectAttributes(&ObjectAttr,
&CallBackObjectName,
OBJ_CASE_INSENSITIVE | OBJ_PERMANENT,
NULL,
NULL);
Status = ExCreateCallback(&CallbackObject,
&ObjectAttr,
TRUE,
TRUE);
if (!NT_SUCCESS(Status)) {
DEBUGP(DL_ERROR, ("RegisterExCallBack: failed to create callback %lx\n", Status));
bResult = FALSE;
break;
}
CallbackRegisterationHandle = ExRegisterCallback(CallbackObject,
ndisprotCallback,
(PVOID)NULL);
if (CallbackRegisterationHandle == NULL) {
DEBUGP(DL_ERROR,("RegisterExCallBack: failed to register a Callback routine%lx\n", Status));
bResult = FALSE;
break;
}
ExNotifyCallback(CallbackObject,
(PVOID)CALLBACK_SOURCE_NDISPROT,
(PVOID)NULL);
}WHILE(FALSE);
if(!bResult) {
if (CallbackRegisterationHandle) {
ExUnregisterCallback(CallbackRegisterationHandle);
CallbackRegisterationHandle = NULL;
}
if (CallbackObject) {
ObDereferenceObject(CallbackObject);
CallbackObject = NULL;
}
}
DEBUGP(DL_LOUD, ("<-- ndisprotRegisterExCallBack\n"));
return bResult;
}示例6: ObInitSystem
BOOLEAN
INIT_FUNCTION
NTAPI
ObInitSystem(VOID)
{
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING Name;
OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
OBP_LOOKUP_CONTEXT Context;
HANDLE Handle;
PKPRCB Prcb = KeGetCurrentPrcb();
PLIST_ENTRY ListHead, NextEntry;
POBJECT_HEADER Header;
POBJECT_HEADER_CREATOR_INFO CreatorInfo;
POBJECT_HEADER_NAME_INFO NameInfo;
NTSTATUS Status;
/* Check if this is actually Phase 1 initialization */
if (ObpInitializationPhase != 0) goto ObPostPhase0;
/* Initialize the OBJECT_CREATE_INFORMATION List */
ExInitializeSystemLookasideList(&ObpCreateInfoLookasideList,
NonPagedPool,
sizeof(OBJECT_CREATE_INFORMATION),
'ICbO',
32,
&ExSystemLookasideListHead);
/* Set the captured UNICODE_STRING Object Name List */
ExInitializeSystemLookasideList(&ObpNameBufferLookasideList,
PagedPool,
248,
'MNbO',
16,
&ExSystemLookasideListHead);
/* Temporarily setup both pointers to the shared list */
Prcb->PPLookasideList[LookasideCreateInfoList].L = &ObpCreateInfoLookasideList;
Prcb->PPLookasideList[LookasideCreateInfoList].P = &ObpCreateInfoLookasideList;
Prcb->PPLookasideList[LookasideNameBufferList].L = &ObpNameBufferLookasideList;
Prcb->PPLookasideList[LookasideNameBufferList].P = &ObpNameBufferLookasideList;
/* Initialize the security descriptor cache */
ObpInitSdCache();
/* Initialize the Default Event */
KeInitializeEvent(&ObpDefaultObject, NotificationEvent, TRUE);
/* Initialize the Dos Device Map mutex */
KeInitializeGuardedMutex(&ObpDeviceMapLock);
/* Setup default access for the system process */
PsGetCurrentProcess()->GrantedAccess = PROCESS_ALL_ACCESS;
PsGetCurrentThread()->GrantedAccess = THREAD_ALL_ACCESS;
/* Setup the Object Reaper */
ExInitializeWorkItem(&ObpReaperWorkItem, ObpReapObject, NULL);
/* Initialize default Quota block */
PsInitializeQuotaSystem();
/* Create kernel handle table */
PsGetCurrentProcess()->ObjectTable = ExCreateHandleTable(NULL);
ObpKernelHandleTable = PsGetCurrentProcess()->ObjectTable;
/* Create the Type Type */
RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
RtlInitUnicodeString(&Name, L"Type");
ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
ObjectTypeInitializer.ValidAccessMask = OBJECT_TYPE_ALL_ACCESS;
ObjectTypeInitializer.UseDefaultObject = TRUE;
ObjectTypeInitializer.MaintainTypeList = TRUE;
ObjectTypeInitializer.PoolType = NonPagedPool;
ObjectTypeInitializer.GenericMapping = ObpTypeMapping;
ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(OBJECT_TYPE);
ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK;
ObjectTypeInitializer.DeleteProcedure = ObpDeleteObjectType;
ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &ObpTypeObjectType);
/* Create the Directory Type */
RtlInitUnicodeString(&Name, L"Directory");
ObjectTypeInitializer.ValidAccessMask = DIRECTORY_ALL_ACCESS;
ObjectTypeInitializer.CaseInsensitive = TRUE;
ObjectTypeInitializer.MaintainTypeList = FALSE;
ObjectTypeInitializer.GenericMapping = ObpDirectoryMapping;
ObjectTypeInitializer.DeleteProcedure = NULL;
ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(OBJECT_DIRECTORY);
ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &ObDirectoryType);
/* Create 'symbolic link' object type */
RtlInitUnicodeString(&Name, L"SymbolicLink");
ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(OBJECT_SYMBOLIC_LINK);
ObjectTypeInitializer.GenericMapping = ObpSymbolicLinkMapping;
ObjectTypeInitializer.ValidAccessMask = SYMBOLIC_LINK_ALL_ACCESS;
ObjectTypeInitializer.ParseProcedure = ObpParseSymbolicLink;
ObjectTypeInitializer.DeleteProcedure = ObpDeleteSymbolicLink;
ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &ObSymbolicLinkType);
/* Phase 0 initialization complete */
ObpInitializationPhase++;
//.........这里部分代码省略.........
示例7: NetpRdrFsControlTree
//.........这里部分代码省略.........
// /Device/LanManRedirector / server/share \0
#ifdef UNICODE
( ( STRLEN((LPTSTR)DD_NFS_DEVICE_NAME_U) + 1 + STRLEN(TreeName) + 1 ) )
#else
( ( STRLEN((LPTSTR)DD_NFS_DEVICE_NAME) + 1 + STRLEN(TreeName) + 1 ) )
#endif
* sizeof(TCHAR);
pszTreeConn = (LPTSTR)NetpMemoryAllocate( NameSize );
}
if (pszTreeConn == NULL) {
return (ERROR_NOT_ENOUGH_MEMORY);
}
//
// Build the tree connect name.
//
#ifdef UNICODE
(void) STRCPY(pszTreeConn, (LPTSTR) DD_NFS_DEVICE_NAME_U);
#else
(void) STRCPY(pszTreeConn, (LPTSTR) DD_NFS_DEVICE_NAME);
#endif
//
// NOTE: We add 1, (not sizeof(TCHAR)) because pointer arithmetic is done
// in terms of multiples of sizeof(*pointer), not bytes
//
(void) STRCAT(pszTreeConn, TreeName+1); // \server\share
#ifdef UNICODE
RtlInitUnicodeString(&ucTreeConn, pszTreeConn);
#else
RtlInitString( & strTreeConn, pszTreeConn);
(void) RtlOemStringToUnicodeString(&ucTreeConn, &strTreeConn, TRUE);
#endif
IF_DEBUG(RDRFSCTL) {
NetpKdPrint(( PREFIX_NETLIB
"NetpRdrFsControlTree: UNICODE name is " FORMAT_LPWSTR
".\n", ucTreeConn.Buffer ));
}
//
// Calculate the number of bytes needed for the EA buffer.
// This may have the transport name. For regular sessions, the user
// name, password, and domain name are implicit. For null sessions, we
// must give 0-len user name, 0-len password, and 0-len domain name.
//
if (ARGUMENT_PRESENT(TransportName)) {
ASSERT(ConnectionType == USE_IPC);
#ifdef UNICODE
UnicodeTransportName = TransportName;
#else
UnicodeTransportName = NetpAllocWStrFromStr(TransportName);
if (UnicodeTransportName == NULL) {
NetpMemoryFree(pszTreeConn);
示例8: process
/**********************************************************************
* SmCreateUserProcess/5
*
* DESCRIPTION
*
* ARGUMENTS
* ImagePath: absolute path of the image to run;
* CommandLine: arguments and options for ImagePath;
* Flags: Wait flag: Set for boot time processes and unset for
* subsystems bootstrapping;
* 1Mb reserve flag: Set for subsystems, unset for everything
* else
* Timeout: optional: used if WaitForIt==TRUE;
* ProcessHandle: optional: a duplicated handle for
the child process (storage provided by the caller).
*
* RETURN VALUE
* NTSTATUS:
*
*/
NTSTATUS NTAPI
SmCreateUserProcess (LPWSTR ImagePath,
LPWSTR CommandLine,
ULONG Flags,
PLARGE_INTEGER Timeout OPTIONAL,
PRTL_USER_PROCESS_INFORMATION UserProcessInfo OPTIONAL)
{
UNICODE_STRING ImagePathString = { 0, 0, NULL };
UNICODE_STRING CommandLineString = { 0, 0, NULL };
UNICODE_STRING SystemDirectory = { 0, 0, NULL };
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = NULL;
RTL_USER_PROCESS_INFORMATION ProcessInfo = {0};
PRTL_USER_PROCESS_INFORMATION pProcessInfo = & ProcessInfo;
NTSTATUS Status = STATUS_SUCCESS;
DPRINT("SM: %s called\n", __FUNCTION__);
if (NULL != UserProcessInfo)
{
pProcessInfo = UserProcessInfo;
}
RtlInitUnicodeString (& ImagePathString, ImagePath);
RtlInitUnicodeString (& CommandLineString, CommandLine);
SystemDirectory.MaximumLength = (wcslen(SharedUserData->NtSystemRoot) * sizeof(WCHAR)) + sizeof(szSystemDirectory);
SystemDirectory.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
0,
SystemDirectory.MaximumLength);
if (SystemDirectory.Buffer == NULL)
{
Status = STATUS_NO_MEMORY;
DPRINT1("SM: %s: Allocating system directory string failed (Status=0x%08lx)\n",
__FUNCTION__, Status);
return Status;
}
Status = RtlAppendUnicodeToString(& SystemDirectory,
SharedUserData->NtSystemRoot);
if (!NT_SUCCESS(Status))
{
goto FailProcParams;
}
Status = RtlAppendUnicodeToString(& SystemDirectory,
szSystemDirectory);
if (!NT_SUCCESS(Status))
{
goto FailProcParams;
}
Status = RtlCreateProcessParameters(& ProcessParameters,
& ImagePathString,
NULL,
& SystemDirectory,
& CommandLineString,
SmSystemEnvironment,
NULL,
NULL,
NULL,
NULL);
RtlFreeHeap(RtlGetProcessHeap(),
0,
SystemDirectory.Buffer);
if (!NT_SUCCESS(Status))
{
FailProcParams:
DPRINT1("SM: %s: Creating process parameters failed (Status=0x%08lx)\n",
__FUNCTION__, Status);
return Status;
}
/* Reserve lower 1Mb, if requested */
if (Flags & SM_CREATE_FLAG_RESERVE_1MB)
ProcessParameters->Flags |= RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB;
/* Create the user process */
//.........这里部分代码省略.........
示例9: RtlCreateUserProcess
//.........这里部分代码省略.........
ZwClose( File );
if ( !NT_SUCCESS( Status ) ) {
return( Status );
}
//
// Create the user mode process, defaulting the parent process to the
// current process if one is not specified. The new process will not
// have a name nor will the handle be inherited by other processes.
//
if (!ARGUMENT_PRESENT( ParentProcess )) {
ParentProcess = NtCurrentProcess();
}
InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL,
ProcessSecurityDescriptor );
if ( RtlGetNtGlobalFlags() & FLG_ENABLE_CSRDEBUG ) {
if ( wcsstr(NtImagePathName->Buffer,L"csrss") ||
wcsstr(NtImagePathName->Buffer,L"CSRSS")
) {
//
// For Hydra we don't name the CSRSS process to avoid name
// collissions when multiple CSRSS's are started
//
if (ISTERMINALSERVER()) {
InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL,
ProcessSecurityDescriptor );
} else {
RtlInitUnicodeString(&Unicode,L"\\WindowsSS");
InitializeObjectAttributes( &ObjectAttributes, &Unicode, 0, NULL,
ProcessSecurityDescriptor );
}
}
}
if ( !InheritHandles ) {
ProcessParameters->CurrentDirectory.Handle = NULL;
}
Status = ZwCreateProcess( &ProcessInformation->Process,
PROCESS_ALL_ACCESS,
&ObjectAttributes,
ParentProcess,
InheritHandles,
Section,
DebugPort,
ExceptionPort
);
if ( !NT_SUCCESS( Status ) ) {
ZwClose( Section );
return( Status );
}
//
// Retrieve the interesting information from the image header
//
Status = ZwQuerySection( Section,
SectionImageInformation,
&ProcessInformation->ImageInformation,示例10: PgDumpTimerTable
/************************************************************************
*************************************** PgDumpTimerTable
*************************************************************************
Description:
All PatchGuard 2 related timers will wear the "suspect" sttribute.
ATTENTION: The code uses undocumented kernel APIs. Please keep in mind
that you shouldn't change the code logic and remember that during
enumeration your code will run at DISPATCH_LEVEL!
*/
NTSTATUS PgDumpTimerTable()
{
KIRQL OldIrql;
ULONG Index;
PKSPIN_LOCK_QUEUE LockQueue;
PKTIMER_TABLE_ENTRY TimerListHead;
PLIST_ENTRY TimerList;
PKTIMER Timer;
PKDPC TimerDpc;
CHAR LogEntryText[2048];
NTSTATUS Result = STATUS_SUCCESS;
HANDLE hLogFile;
UNICODE_STRING LogFileName;
OBJECT_ATTRIBUTES ObjAttr;
IO_STATUS_BLOCK IOStatus;
ULONG LogEntryTextLen;
SINGLE_LIST_ENTRY LogListHead = {NULL};
PSINGLE_LIST_ENTRY LogList;
LOGENTRY* LogEntry;
ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL);
/*
Open log file...
*/
RtlInitUnicodeString(&LogFileName, L"\\??\\C:\\patchguard.log");
InitializeObjectAttributes(
&ObjAttr,
&LogFileName,
OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
NULL, NULL)
if(!NT_SUCCESS(Result = ZwCreateFile(
&hLogFile,
GENERIC_WRITE,
&ObjAttr,
&IOStatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OVERWRITE_IF,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE,
NULL, 0)))
{
KdPrint(("\r\n" "ERROR: Unable to open file \"\\??\\C:\\patchguard.log\". (NTSTATUS: 0x%p)\r\n", (void*)Result));
return Result;
}
/*
Lock the dispatcher database and loop through the timer list...
*/
Result = STATUS_SUCCESS;
OldIrql = KiAcquireDispatcherLockRaiseToSynch();
for(Index = 0; Index < TIMER_TABLE_SIZE; Index++)
{
// we have to emulate the windows timer bug "Index & 0xFF" for this to work...
LockQueue = KeTimerIndexToLockQueue((UCHAR)(Index & 0xFF));
KeAcquireQueuedSpinLockAtDpcLevel(LockQueue);
// now we can work with the timer list...
TimerListHead = &KiTimerTableListHead[Index];
TimerList = TimerListHead->Entry.Flink;
while(TimerList != (PLIST_ENTRY)TimerListHead)
{
Timer = CONTAINING_RECORD(TimerList, KTIMER, TimerListEntry);
TimerDpc = PgDeobfuscateTimerDpc(Timer);
TimerList = TimerList->Flink;
if(TimerDpc != NULL)
{
memset(LogEntryText, 0, sizeof(LogEntryText));
LogEntryTextLen = _snprintf(LogEntryText, sizeof(LogEntryText) - 1,
"<timer address=\"%p\" index=\"%d\" period=\"0x%p\" hand=\"%d\" duetime=\"0x%p\">\r\n"
"%s"
" <dpc>\r\n"
" <DeferredContext value=\"0x%p\">%s</DeferredContext>\r\n"
" <DeferredRoutine>0x%p</DeferredRoutine>\r\n"
" <DpcListBlink value=\"0x%p\">%s</DpcListBlink>\r\n"
" <DpcListFlink value=\"0x%p\">%s</DpcListFlink>\r\n"
" <DpcData value=\"0x%p\">%s</DpcData>\r\n"
//.........这里部分代码省略.........
示例11: FlushRingBuffre
PVOID FlushRingBuffre(){
IO_STATUS_BLOCK ioStatusBlock;
HANDLE handle;
NTSTATUS ntstatus;
NTSTATUS FlushingToFile;
OBJECT_ATTRIBUTES ObjAttr;
UNICODE_STRING pathBuffer;
size_t cb;
PVOID pEvent;
NTSTATUS Status;
HANDLE hEvent;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING us;
__debugbreak();
RtlInitUnicodeString(
&pathBuffer,
L"\\DosDevices\\C:\\MyBufferLogger.txt");
InitializeObjectAttributes(
&ObjAttr,
&pathBuffer, //ObjectName
OBJ_CASE_INSENSITIVE, //Attributes
NULL, //RootDirectory
NULL); //SecurityDescriptor
// Do not try to perform any file operations at higher IRQL levels.
// Instead, you may use a work item or a system worker thread to perform file operations.
if(KeGetCurrentIrql() != PASSIVE_LEVEL)
// return STATUS_INVALID_DEVICE_STATE;
DbgPrint("STATUS_INVALID_DEVICE_STATE\n");
ntstatus = ZwCreateFile(&handle,
GENERIC_WRITE,
&ObjAttr,
&ioStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OVERWRITE_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL, 0);
RtlInitUnicodeString(
&us,
L"\\BaseNamedObjects\\TestEvent");
InitializeObjectAttributes(
&oa,
&us, //ObjectName
OBJ_CASE_INSENSITIVE, //Attributes
NULL, //RootDirectory
NULL); //SecurityDescriptor
FlushingToFile=ZwWriteFile(
handle,
NULL,
NULL,
NULL,
&ioStatusBlock,
RingBuffer.tail,
RingBuffer.head-RingBuffer.tail,
NULL,
NULL
);
if(FlushingToFile!=STATUS_SUCCESS){
DbgPrint("Writing to file problem");
}else{
DbgPrint("I do not know why");
}
ZwClose(handle);
}示例12: MyThreadStart
VOID
MyThreadStart(__in PVOID StartContext){
HANDLE handle;//Create File handle
NTSTATUS ntstatus;
NTSTATUS timerStatus;
//IO_STATUS_BLOCK ioStatusBlock;
//OBJECT_ATTRIBUTES ObjAttr;
//UNICODE_STRING path;
LARGE_INTEGER timeout;
//#define BUFFER_SIZE 30
// CHAR buffer[BUFFER_SIZE];
//size_t cb;
NTSTATUS Status;
HANDLE hEvent;
//OBJECT_ATTRIBUTES oa;
//UNICODE_STRING us;
int counter=20;
SIZE_T BytesNUM;
char* dataPtr;
__debugbreak();
dataPtr="123";
BytesNUM=strlen(dataPtr)*sizeof(char);
WriteToRingBuffer(&dataPtr, BytesNUM);
FlushRingBuffre();
RtlInitUnicodeString(
&path,
L"\\DosDevices\\C:\\MyLogger.txt");
InitializeObjectAttributes(
&ObjAttr,
&path, //ObjectName
OBJ_CASE_INSENSITIVE, //Attributes
NULL, //RootDirectory
NULL); //SecurityDescriptor
// Do not try to perform any file operations at higher IRQL levels.
// Instead, you may use a work item or a system worker thread to perform file operations.
if(KeGetCurrentIrql() != PASSIVE_LEVEL)
// return STATUS_INVALID_DEVICE_STATE;
DbgPrint("STATUS_INVALID_DEVICE_STATE\n");
ntstatus = ZwCreateFile(&handle,
GENERIC_WRITE,
&ObjAttr, &ioStatusBlock, NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OVERWRITE_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL, 0);
timeout.QuadPart = -5 * 1000000;
RtlInitUnicodeString(
&us,
L"\\BaseNamedObjects\\TestEvent");
InitializeObjectAttributes(
&oa,
&us, //ObjectName
OBJ_CASE_INSENSITIVE, //Attributes
NULL, //RootDirectory
NULL); //SecurityDescriptor
Status = ZwCreateEvent(&hEvent,
EVENT_ALL_ACCESS,
&oa,
NotificationEvent,
FALSE);
if(NT_SUCCESS(Status)){
DbgPrint("Event created");
} else {
DbgPrint("Event Not created");
}
Status = ObReferenceObjectByHandle(
hEvent, //Handle
EVENT_ALL_ACCESS, //DesiredAccess
NULL, //ObjectType
KernelMode, //AccessMode
&pEvent, //Object
NULL); //HandleInformation
if (!NT_SUCCESS(Status)) {
ZwClose(hEvent);
DbgPrint("Failed to reference event \n");
//return Status;
};
while(counter!=0){
timerStatus = KeWaitForSingleObject(
pEvent,
Executive,
KernelMode,
FALSE,
//.........这里部分代码省略.........
示例13: vxtdev_open
vxtctrlr_handle_t
vxtdev_open(char * device, unsigned int permissions)
{
HANDLE filehandle;
OBJECT_ATTRIBUTES objattrs;
NTSTATUS status;
IO_STATUS_BLOCK iostatus;
UNICODE_STRING cwsname;
wchar_t wszname[1024];
wchar_t *wcp;
wchar_t wc;
const char *cp;
vxtctrlr_handle_t vh;
vxt_fd_struct_t vps;
vh = malloc(sizeof(*vh));
/*
* form a Unicode pathname. If the object directory is not
* given (the name does not begin with / or \) then prefix
* with the raw volume object directory.
*/
if (device[0] != '/' && device[0] != '\\') {
wcscpy(wszname, L"\\Device\\Vxt\\");
wcp = wszname + wcslen(wszname);
} else {
wcp = wszname;
}
for (cp = device; (wc = (wchar_t)(uchar_t)*cp) != 0; cp++) {
if (wc == L'/') {
wc = L'\\';
}
*wcp++ = wc;
}
*wcp = 0;
RtlInitUnicodeString(&cwsname, wszname);
/*
* open the device. If the open fails, then return NULL and
* set volnt_devfile_errno to indicate the error
*/
InitializeObjectAttributes(&objattrs, &cwsname, OBJ_CASE_INSENSITIVE,
NULL, NULL);
status = NtOpenFile(&(vh->handle),
SYNCHRONIZE | FILE_READ_DATA | FILE_WRITE_DATA,
&objattrs, &iostatus,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_ALERT);
if (status != STATUS_SUCCESS) {
return VXT_INVALID_DEV_OBJ;
}
if (iostatus.Status != STATUS_SUCCESS || vh->handle == NULL) {
if (vh->handle) {
NtClose(vh->handle);
}
free(vh);
return VXT_INVALID_DEV_OBJ;
}
vh->privdata = vh->vde = NULL;
if(vxtdev_ioctl(vh, IOCTL_FD_OPEN, &vps)){
NtClose(vh->handle);
free(vh);
return VXT_INVALID_DEV_OBJ;
}
vh->privdata = vps.private_data;
vh->vde = vps.vde;
return vh;
}示例14: TdProtectNameCallback
NTSTATUS TdProtectNameCallback (
_In_ PTD_PROTECTNAME_INPUT pProtectName
)
{
NTSTATUS Status = STATUS_SUCCESS;
if (!pProtectName) {
DbgPrintEx (
DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL,
"ObCallbackTest: TdProtectNameCallback: name to protect/filter NULL pointer\n"
);
}
else {
DbgPrintEx (
DPFLTR_IHVDRIVER_ID, DPFLTR_TRACE_LEVEL,
"ObCallbackTest: TdProtectNameCallback: entering name to protect/filter %ls\n", pProtectName->Name
);
}
KeAcquireGuardedMutex (&TdCallbacksMutex);
// Need to copy out the name and then set the flag to filter
// This will allow process creation to watch for the process to be created and get the PID
// and then prevent any other process from opening up that PID to terminate
memcpy(TdwProtectName, pProtectName->Name, sizeof(TdwProtectName));
DbgPrintEx (
DPFLTR_IHVDRIVER_ID, DPFLTR_TRACE_LEVEL,
"ObCallbackTest: name copied %ls\n", TdwProtectName
);
// Need to enable the OB callbacks
// once the process is matched to a newly created process, the callbacks will protect the process
if (bCallbacksInstalled == FALSE) {
DbgPrintEx (
DPFLTR_IHVDRIVER_ID, DPFLTR_TRACE_LEVEL,
"ObCallbackTest: TdProtectNameCallback: installing callbacks\n"
);
// Setup the Ob Registration calls
CBOperationRegistrations[0].ObjectType = PsProcessType;
CBOperationRegistrations[0].Operations |= OB_OPERATION_HANDLE_CREATE;
CBOperationRegistrations[0].Operations |= OB_OPERATION_HANDLE_DUPLICATE;
CBOperationRegistrations[0].PreOperation = CBTdPreOperationCallback;
CBOperationRegistrations[0].PostOperation = CBTdPostOperationCallback;
CBOperationRegistrations[1].ObjectType = PsThreadType;
CBOperationRegistrations[1].Operations |= OB_OPERATION_HANDLE_CREATE;
CBOperationRegistrations[1].Operations |= OB_OPERATION_HANDLE_DUPLICATE;
CBOperationRegistrations[1].PreOperation = CBTdPreOperationCallback;
CBOperationRegistrations[1].PostOperation = CBTdPostOperationCallback;
RtlInitUnicodeString (&CBAltitude, L"1000");
CBObRegistration.Version = OB_FLT_REGISTRATION_VERSION;
CBObRegistration.OperationRegistrationCount = 2;
CBObRegistration.Altitude = CBAltitude;
CBObRegistration.RegistrationContext = &CBCallbackRegistration;
CBObRegistration.OperationRegistration = CBOperationRegistrations;
Status = ObRegisterCallbacks (
&CBObRegistration,
&pCBRegistrationHandle // save the registration handle to remove callbacks later
);
if (!NT_SUCCESS (Status)) {
DbgPrintEx (
DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL,
"ObCallbackTest: installing OB callbacks failed status 0x%x\n", Status
);
KeReleaseGuardedMutex (&TdCallbacksMutex); // Release the lock before exit
goto Exit;
}
bCallbacksInstalled = TRUE;
}
KeReleaseGuardedMutex (&TdCallbacksMutex);
DbgPrintEx (
DPFLTR_IHVDRIVER_ID, DPFLTR_TRACE_LEVEL,
"ObCallbackTest: TdProtectNameCallback: name to protect/filter %ls\n", TdwProtectName
);
Exit:
DbgPrintEx (
DPFLTR_IHVDRIVER_ID, DPFLTR_TRACE_LEVEL,
"ObCallbackTest: TdProtectNameCallback: exiting status 0x%x\n", Status
);
return Status;
}示例15: OpenDevice
MMRESULT
OpenDevice(
DeviceInfo** private_data,
MIDIOPENDESC* open_desc,
DWORD flags)
{
NTSTATUS status;
HANDLE heap;
HANDLE kernel_device;
UNICODE_STRING beep_device_name;
OBJECT_ATTRIBUTES attribs;
IO_STATUS_BLOCK status_block;
/* One at a time.. */
if ( the_device )
{
DPRINT("Already allocated\n");
return MMSYSERR_ALLOCATED;
}
/* Make the device name into a unicode string and open it */
RtlInitUnicodeString(&beep_device_name,
L"\\Device\\Beep");
InitializeObjectAttributes(&attribs,
&beep_device_name,
0,
NULL,
NULL);
status = NtCreateFile(&kernel_device,
FILE_READ_DATA | FILE_WRITE_DATA,
&attribs,
&status_block,
NULL,
0,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN_IF,
0,
NULL,
0);
if ( ! NT_SUCCESS(status) )
{
DPRINT("Could not connect to BEEP device - %d\n", (int) GetLastError());
return MMSYSERR_ERROR;
}
DPRINT("Opened!\n");
/* Allocate and initialize the device info */
heap = GetProcessHeap();
the_device = HeapAlloc(heap, HEAP_ZERO_MEMORY, sizeof(DeviceInfo));
if ( ! the_device )
{
DPRINT("Out of memory\n");
return MMSYSERR_NOMEM;
}
/* Initialize */
the_device->kernel_device = kernel_device;
the_device->playing_notes_count = 0;
the_device->note_list = NULL;
the_device->thread_handle = 0;
the_device->terminate_thread = FALSE;
the_device->running_status = 0;
// TODO
the_device->mme_handle = (HDRVR) open_desc->hMidi;
the_device->callback = open_desc->dwCallback;
the_device->instance = open_desc->dwInstance;
the_device->flags = flags;
/* Store the pointer in the user data */
*private_data = the_device;
/* This is threading-related code */
#ifdef CONTINUOUS_NOTES
the_device->work_available = CreateEvent(NULL, TRUE, FALSE, NULL);
if ( ! the_device->work_available )
{
DPRINT("CreateEvent failed\n");
HeapFree(heap, 0, the_device);
return MMSYSERR_NOMEM;
}
the_device->thread_handle = CreateThread(NULL,
0,
ProcessPlayingNotes,
(PVOID) the_device,
0,
NULL);
if ( ! the_device->thread_handle )
{
//.........这里部分代码省略.........