C++ 遍历DPC源码
测试没有问题,可以正常遍历哦。
#include<ntddk.h>
typedef struct _KTIMER_TABLE_ENTRY
{
ULONG Lock;
LIST_ENTRY Entry;
ULARGE_INTEGER Time;
} KTIMER_TABLE_ENTRY, *PKTIMER_TABLE_ENTRY;
PKTIMER_TABLE_ENTRY timeTable;
PKTIMER pkTimer;
PLIST_ENTRY plist;
VOID EnumDpcTimer()
{
ULONG kPrcb=0;
ULONG index = 0;
__asm push eax;
__asm mov eax,fs:;
__asm add eax,0x19A0
__asm mov kPrcb,eax;
__asm pop eax;
//timeTable = (PKTIMER_TABLE_ENTRY)(kPrcb+0x19A0);
timeTable = (PKTIMER_TABLE_ENTRY)(kPrcb);
for (index; index < 0x100; index++)
{
plist=timeTable.Entry.Flink;
if (!MmIsAddressValid(plist))
{
continue;
}
while (plist!=&timeTable.Entry)
{
//pkTimer=(PKTIMER)((ULONG)plist-0x18);
pkTimer=(PKTIMER)CONTAINING_RECORD(plist,KTIMER,TimerListEntry);
if (MmIsAddressValid(pkTimer)&&MmIsAddressValid(pkTimer->Dpc))
{
if (pkTimer->Period&0xF0000000)
{
break;
}
KdPrint(("0x%08x ,0x%08x , %d\n",pkTimer,pkTimer->Dpc->DeferredRoutine,pkTimer->Period));
}else
{
break;
}
plist=plist->Flink;
}
}
}
VOID DdkUnload(IN PDRIVER_OBJECT objDriver)
{
// 2. 删除设备对象
if ( objDriver->DeviceObject )
IoDeleteDevice(objDriver->DeviceObject);
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
UNREFERENCED_PARAMETER(RegistryPath);
EnumDpcTimer();
// 5. 设置卸载函数
DriverObject->DriverUnload = DdkUnload;
return STATUS_SUCCESS;
}
页:
[1]