2.1.hello world
Inf2Cat->General->Run Inf2Cat 改成否
Driver Settings->General->Traget OS VERSION和Target Platform改成对一个的平台
C/C++ -->常规->警告等级改为3,将警告视为错误改成否
C/C++ -->代码生成-->Spectre Mitigation改为Disabled
4.helloworld.c
#include <ntifs.h>
VOID DriverUnload(PDRIVER_OBJECT pDriverObject)
{
DbgPrint("卸载驱动\r\n");
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriver, PUNICODE_STRING pReg)
{
pDriver->DriverUnload = DriverUnload;
DbgPrint("加载驱动\r\n");
DbgPrint("注册表路劲:%wZ\r\n",pReg);
return STATUS_SUCCESS;
}
1.字符串函数
1.RtiInitString初始化多字节ascii
2.RtiInitUnicodestring初始化宽字符
3.RtlFreeUnicodeString释放uncode字符串
4.RtlStringCbPrintfA格式化输出记得引用#include <ntstrsafe.h
5.RtiCoipareunicodestring字特串比较
2.申请内存
ExAllocatePool #申请内存
ExFreePool #释放内存
3.创建线程
PsCreateSystemThread #创建线程
2.3.链表
LIST_ENTRY
typedef struct _LIST_ENTRY {
struct _LIST_ENTRY *Flink;
struct _LIST_ENTRY *Blink;
} LIST_ENTRY, *PLIST_ENTRY, *RESTRICTED_POINTER PRLIST_ENTRY;
节点
struct MYNODE{
LIST_ENTRY ListEntry;
int data;
};
操作
InitializeListHead 初始化链表头
IsListEmpty 判断链表是否为空
InsertHeadList 从链表头部插入节点
InsertTailList 从链表尾部插入节点
RemoveHeadList 从链表头部删除节点
RemoveTailList 从链表尾部删除节点
二叉树
#include <ntifs.h>
typedef struct _AAA
{
int id;
int y;
int x;
}AAA,*PAAA;
RTL_GENERIC_TABLE gTABLE = {0};
RTL_GENERIC_COMPARE_RESULTS NTAPI GenericCmp(
_In_ struct _RTL_GENERIC_TABLE *Table,
_In_ PVOID FirstStruct,
_In_ PVOID SecondStruct
)
{
PAAA a1 = (PAAA)FirstStruct;
PAAA a2 = (PAAA)SecondStruct;
if (a1->id == a2->id)
{
return GenericEqual;
}
if (a1->id > a2->id) return GenericGreaterThan;
return GenericLessThan;
}
PVOID NTAPI GenericAllocate(
_In_ struct _RTL_GENERIC_TABLE *Table,
_In_ CLONG ByteSize
)
{
return ExAllocatePool(NonPagedPool, ByteSize);
}
VOID NTAPI GenericFree(
_In_ struct _RTL_GENERIC_TABLE *Table,
_In_ __drv_freesMem(Mem) _Post_invalid_ PVOID Buffer
)
{
ExFreePool(Buffer);
}
VOID DriverUnload(PDRIVER_OBJECT pDriver)
{
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriver, PUNICODE_STRING pReg)
{
AAA aaa = { 1,2,3 };
AAA aaa1 = { 2,4,5 };
AAA aaa2 = { 3,6,7 };
AAA aaa3 = {4,8,9};
//初始化二叉树
RtlInitializeGenericTable(&gTABLE, GenericCmp, GenericAllocate, GenericFree, NULL);
BOOLEAN newE = FALSE;
//插入
RtlInsertElementGenericTable(&gTABLE, &aaa, sizeof(AAA), &newE);
RtlInsertElementGenericTable(&gTABLE, &aaa1, sizeof(AAA), &newE);
RtlInsertElementGenericTable(&gTABLE, &aaa2, sizeof(AAA), &newE);
RtlInsertElementGenericTable(&gTABLE, &aaa3, sizeof(AAA), &newE);
AAA node = {3,0,0};
//查找
AAA * xxx = RtlLookupElementGenericTable(&gTABLE, &node);
//获取元素个数
int number = RtlNumberGenericTableElements(&gTABLE);
AAA *RestartKey = NULL;
AAA* xx = 0;
//判断树是否空
if (!RtlIsGenericTableEmpty(&gTABLE))
{
//遍历
for (xx = RtlEnumerateGenericTableWithoutSplaying(&gTABLE, &RestartKey);
xx != NULL;
xx = RtlEnumerateGenericTableWithoutSplaying(&gTABLE, &RestartKey))
{
DbgPrintEx(77, 0, "%x\r\