能力值:
( LV3,RANK:20 )
|
-
-
2 楼
驱动直接写到日志。。。
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
简要代码如下:
应用层
for (;;)
{
Sleep(nSleeptime);
DWORD dwTimeF = GetTickCount();
for (;;)
{
StatsLen = 0;
OutputDebugString("向下发控制码得到文件日志开始\n");
if ( ! DeviceIoControl(g_hDevice, IOCTL_FILEMON_GETSTATS,
NULL, 0, &Stats, sizeof Stats,
&StatsLen, NULL ) )
{
OutputDebugString("向下发控制码得到文件日志失败\n");
return 0;
}
OutputDebugString("向下发控制码得到文件日志\n");
// 该判断方法来自于FileMon
if ( StatsLen < sizeof(int)+2 )
break;
g_fnCallBack(StatsLen,Stats,0);
if( GetTickCount() - dwTimeF > 1000 )
{
nSleeptime = nSleeptime*2;
OutputDebugString("我被执行一次了!\n");
break;
}
}
OutputDebugString("向下发控制码得到文件日志线程空转\n");
}
驱动层
FilemonFastIoDeviceControl()
{
case IOCTL_FILEMON_GETSTATS: //获取统计信息,与应用交互,把数据传给应用
if( LOGBUFSIZE > OutputBufferLength )
{
IoStatus->Status = STATUS_BUFFER_TOO_SMALL;
return FALSE;
}
//
// Probe the output buffer
//
__try
{
ProbeForWrite( OutputBuffer,
OutputBufferLength,
sizeof( UCHAR ));
} __except( EXCEPTION_EXECUTE_HANDLER )
{
IoStatus->Status = STATUS_INVALID_PARAMETER;
return FALSE;
}
//
// We're okay, lock the buffer pool
//
ExAcquireFastMutex( &LogMutex );
if( CurrentLog->Len || CurrentLog->Next )
{
//
// Start output to a new output buffer
//
FilemonAllocateLog();
//
// Fetch the oldest to give to user
//
oldLog = FilemonGetOldestLog();
if( oldLog != CurrentLog )
{
logMutexReleased = TRUE;
ExReleaseFastMutex( &LogMutex );
}
else
{
logMutexReleased = FALSE;
}
//
// Copy it to the caller's buffer
//
memcpy( OutputBuffer, oldLog->Data, oldLog->Len );
//
// Return length of copied info
//
IoStatus->Information = oldLog->Len;
//
// Deallocate buffer - unless its the last one
//
if( logMutexReleased )
{
ExFreePool( oldLog );
}
else
{
CurrentLog->Len = 0;
ExReleaseFastMutex( &LogMutex );
}
}
else
{
//
// There is no unread data
//
ExReleaseFastMutex( &LogMutex );
IoStatus->Information = 0;
}
break;
}
|
|
|
|
