|
[求助]有办法在程序运行过程中打印函数调用堆栈不?谢谢!
这里有: http://bbs.pediy.com/showthread.php?t=110024&highlight=%E5%87%BD%E6%95%B0+%E6%95%B0%E8%B0%83+%E8%B0%83%E7%94%A8+%E7%94%A8%E6%A0%88+%E6%A0%88 |
|
[讨论]sizeof('A')=1 还是4
C语言的表达式中变量会做隐式类型转换 |
|
[求助]如何知道当前irp最初是那个进程发出的?
求人不如求己啊,为什么就没有朋友指点一下呢? PEPROCESS IoGetRequestorProcess( IN PIRP Irp ) /*++ Routine Description: This routine returns a pointer to the process that originally requested the specified I/O operation. Arguments: Irp - Pointer to the I/O Request Packet. Return Value: The function value is a pointer to the original requesting process. --*/ { // // Return the address of the process that requested the I/O operation. // PETHREAD thread = Irp->Tail.Overlay.Thread; if (thread) { // // The thread was not attached when the IRP was issued. So get // the original process. Note that this API could be called from // another process or thread. // if (Irp->ApcEnvironment == OriginalApcEnvironment) { return (THREAD_TO_PROCESS(thread)); // // The thread was attached when the IRP was issued. In this case // give the process to which the thread is currently attached. Note that // this only works if the thread that issued the IO request while it was // attached does not attach again. This is not allowed. // } else if (Irp->ApcEnvironment == AttachedApcEnvironment) { return (CONTAINING_RECORD(((thread)->Tcb.ApcState.Process),EPROCESS,Pcb)); } else { return NULL; } } else { return NULL; } } |
|
[求助]如何知道当前irp最初是那个进程发出的?
新人区好无聊,求教问题没人回答(只有一个打酱油的),郁闷! |
|
[求助]如何知道当前irp最初是那个进程发出的?
我看到了NtReadFile中有这么一段代码: irp = IopAllocateIrp( deviceObject->StackSize, !synchronousIo ); if (!irp) { // // An IRP could not be allocated. Cleanup and return an appropriate // error status code. // IopAllocateIrpCleanup( fileObject, eventObject ); return STATUS_INSUFFICIENT_RESOURCES; } irp->Tail.Overlay.OriginalFileObject = fileObject; [COLOR="Red"]irp->Tail.Overlay.Thread = CurrentThread;[/COLOR] irp->Tail.Overlay.AuxiliaryBuffer = (PVOID) NULL; irp->RequestorMode = requestorMode; irp->PendingReturned = FALSE; irp->Cancel = FALSE; irp->CancelRoutine = (PDRIVER_CANCEL) NULL; // // Fill in the service independent parameters in the IRP. // irp->UserEvent = eventObject; irp->UserIosb = IoStatusBlock; irp->Overlay.AsynchronousParameters.UserApcRoutine = ApcRoutine; irp->Overlay.AsynchronousParameters.UserApcContext = ApcContext; // // Get a pointer to the stack location for the first driver. This will be // used to pass the original function codes and parameters. Note that // setting the major function here also sets: // // MinorFunction = 0; // Flags = 0; // Control = 0; // irpSp = IoGetNextIrpStackLocation( irp ); majorFunction = (PULONG) (&irpSp->MajorFunction); *majorFunction = IRP_MJ_READ; irpSp->FileObject = fileObject; 不知道irp中这个字段Tail.Overlay.Thread 是否一直有效?它位于一个联合体。 |
|
[求助]如何知道当前irp最初是那个进程发出的?
好奇怪,这个问题应该不会太难吧?有驱动开发经验的都应该知道吧?为什么没有人指点一下呢? 我是刚开始学习内核开发的,为什么大家就不能帮助一下呢? 到底可以还是不可以,如果可以应该怎样做? 谢谢! |
|
[求助]如何知道当前irp最初是那个进程发出的?
也就是说,是否能够通过Irp得到发起该请求的进程句柄呢? |
|
[求助]如何知道当前irp最初是那个进程发出的?
如果能够保证内核的一段代码总能够运行在正确的进程上下文中,内核的这段代码就可以随意访问用户空间了。 也许有人说这是很难做到的,假如我们的驱动被过滤了,那么鬼知道过滤驱动会不会从一个系统线程给我们发送io请求。 但是这种担心似乎也没有必要,既然是过滤驱动,它一定要服从被过滤驱动的要求,否则该过滤驱动本身有问题。 所以大多数情况我们还是很清楚自己的代码是否总能够运行在一个正确的进程上下文中,是吗? 现在想知道的是否有方法通过代码知道现在的那个irp最初是由那个进程发起的,求高人作答,谢谢! |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值