驅動中的當前路徑的一些處理操作

由於入口有保存了驅動註冊表信息，可以直接獲取絕對路徑：
讀取註冊表項值函數

//讀取註冊表項值
 NTSTATUS GetRegKeyValue(IN PWCHAR pwcReg , IN PWCHAR pwcKey , IN ULONG ulType , IN OUT PBYTE pbyValue , IN ULONG ulSize)
 {
     NTSTATUS iStatus = STATUS_SUCCESS;
     HANDLE hKey = NULL;
     UNICODE_STRING usStr = {0};
     OBJECT_ATTRIBUTES stAtrrib = {0};
     ULONG  ulTmp = 0;
     PKEY_VALUE_PARTIAL_INFORMATION pValueInfo = NULL;

     UNREFERENCED_PARAMETER(ulType);
     do
     {

         //打開
         RtlInitUnicodeString(&usStr , pwcReg);
         InitializeObjectAttributes(&stAtrrib , &usStr , OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE , NULL , NULL);
         iStatus = ZwOpenKey(&hKey , MAXIMUM_ALLOWED , &stAtrrib);
         if(!NT_SUCCESS(iStatus))
         {
             break;
         }

         ulTmp = sizeof(KEY_VALUE_PARTIAL_INFORMATION) + ulSize;
         pValueInfo = ExAllocatePoolWithTag(NonPagedPool , ulTmp , 'Keys');
         if(NULL == pValueInfo)
         {
             iStatus = STATUS_INSUFFICIENT_RESOURCES;
             break;
         }

         //查詢
         RtlInitUnicodeString(&usStr , pwcKey);
         iStatus = ZwQueryValueKey(hKey , &usStr , KeyValuePartialInformation , pValueInfo , ulTmp , &ulTmp);
         if(!NT_SUCCESS(iStatus))
         {
             break;
         }

         if(ulSize > pValueInfo->DataLength)
         {
             ulSize = pValueInfo->DataLength;
         }
         RtlCopyMemory(pbyValue , pValueInfo->Data , ulSize);

     } while(FALSE);

     if(NULL != pValueInfo)
     {
         ExFreePoolWithTag(pValueInfo , 'Keys');
         pValueInfo = NULL;
     }

     if(NULL != hKey)
     {
         ZwClose(hKey);
         hKey = NULL;
     }

     return iStatus;
 }

字符串轉換函數：


//  Ansi轉換爲Unicode
VOID Ansi2Unicode(PCHAR AnsiString,PWCHAR UnicodeString,USHORT dwSize)
{
    ANSI_STRING         as;
    UNICODE_STRING      us;

    RtlInitAnsiString(&as,AnsiString);
    us.Buffer = UnicodeString;
    us.Length = dwSize-2;
    us.MaximumLength = dwSize-2;
    RtlAnsiStringToUnicodeString(&us,&as,FALSE);

    //  截斷
    UnicodeString[us.Length/2] = 0;
}
//  Unicode轉換爲Ansi
VOID Unicode2Ansi(PWCHAR UnicodeString,PCHAR AnsiString,USHORT dwSize)
{
    ANSI_STRING         as;
    UNICODE_STRING      us;

    RtlInitUnicodeString(&us,UnicodeString);
    as.Buffer = AnsiString;
    as.Length = dwSize-1;
    as.MaximumLength = dwSize-1;
    RtlUnicodeStringToAnsiString(&as,&us,FALSE);

    //  截斷
    AnsiString[as.Length] = 0;
}

操作
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriver, PUNICODE_STRING Registry)

NTSTATUS status = STATUS_SUCCESS;
    UNREFERENCED_PARAMETER(pDriver);
    //UNREFERENCED_PARAMETER(Registry);
    KdPrint(("Registry%wZ\n", &Registry));
    KdPrint(("current n %wZ\n", Registry->Buffer));
    KdPrint(("current n %S\n", Registry->Buffer));
    KdPrint(("current n %ws\n", Registry->Buffer));
    WCHAR BufferValue[512] = { 0 };
    GetRegKeyValue(Registry->Buffer, L"ImagePath", NULL, BufferValue, sizeof(BufferValue));
    KdPrint(("current n %ws\n", BufferValue));
    WCHAR* tmep = BufferValue;
    tmep += 4;
    KdPrint(("current n %ws\n", tmep));
    CHAR AnsiString[512] = { 0 };
     Unicode2Ansi( tmep, AnsiString, sizeof(AnsiString));
    CHAR* temp=strrchr(AnsiString, '\\');
    *temp = '\0';
    KdPrint(("Unicode2Ansi n %s\n", AnsiString));

效果：

驅動中的當前路徑的一些處理操作

android studio 報錯解決

mac os x顯示任務線程詳細信息

mac os x絕對時間與時鐘時間之間轉換

mac os x通過Carbon Multiprocessing Services允許創建搶佔式任務

mac os x顯示進程產生的Mach與BSD系統調用的數量

Mac下配置sublime實現LaTeX

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結