-
-
[求助]驱动通信---结贴搞定
-
发表于: 2009-6-12 18:30
-
typedef struct _INFOR
{
ULONG addr; //进程对象指针,指向EPROCESS
ULONG pid; //进程PID
UCHAR name[16]; //进程名
UCHAR Path[256]; //进程全路径
}INFOR;
INFOR *t;
case IOCTL_LIST:
{
t=(INFOR *)ExAllocatePoolWithTag(NonPagedPool,sizeof(INFOR),MEM_TAG);
GetProcessInformation();
//填充数据
p=head->next;
t->pid=p->pid;
t->addr=p->addr;
strcpy(t->name,p->name);
strcpy(t->Path,p->Path);
KdPrint(("[1100]%s\n",t->Path)); //打印验证
//复制进IRP缓冲区
RtlCopyMemory(pIoBuffer,t,sizeof(INFOR));
//释放t结构内存
ExFreePool(t);
status = STATUS_SUCCESS;
}break;
把RtlCopyMemory(pIoBuffer,t,sizeof(INFOR));注释掉不蓝屏,加上就蓝屏而且显示KdPrint(("[1100]%s\n",t->Path)); //打印验证
句话蓝屏?
不懂啊
{
ULONG addr; //进程对象指针,指向EPROCESS
ULONG pid; //进程PID
UCHAR name[16]; //进程名
UCHAR Path[256]; //进程全路径
}INFOR;
INFOR *t;
case IOCTL_LIST:
{
t=(INFOR *)ExAllocatePoolWithTag(NonPagedPool,sizeof(INFOR),MEM_TAG);
GetProcessInformation();
//填充数据
p=head->next;
t->pid=p->pid;
t->addr=p->addr;
strcpy(t->name,p->name);
strcpy(t->Path,p->Path);
KdPrint(("[1100]%s\n",t->Path)); //打印验证
//复制进IRP缓冲区
RtlCopyMemory(pIoBuffer,t,sizeof(INFOR));
//释放t结构内存
ExFreePool(t);
status = STATUS_SUCCESS;
}break;
把RtlCopyMemory(pIoBuffer,t,sizeof(INFOR));注释掉不蓝屏,加上就蓝屏而且显示KdPrint(("[1100]%s\n",t->Path)); //打印验证
句话蓝屏?
不懂啊
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
