jiurlpdptsee.h

来自「关于win2000核心编程的文章」· C头文件 代码 · 共 60 行

#include <windows.h>

typedef struct _MEMORY_INFO {
	unsigned int    ProcessId;
	void*           StartVa;
	unsigned int    nBytes;
} MEMORY_INFO, *PMEMORY_INFO;

#define PAGE_DIRECTORY_BASE 0xC0300000
#define PAGE_TABLE_BASE 0xC0000000

// -----------------------------------------------------------------

#define CTL_CODE( DeviceType, Function, Method, Access ) (                 \
    ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \
)
#define FILE_ANY_ACCESS                 0
#define METHOD_BUFFERED                 0

#define FILE_DEVICE_JIURL   0x8000
#define JIURL_FUNCTION_BASE 0x0800

// 不用担心你的 IOCTL 的值与别人定义的值相同。
// 不要忘了，我们在应用程序中是要打开某个特定驱动程序的句柄的
// 所以这个值一定会发到你的驱动程序，由你的驱动程序来解释这个值

// -----------------------------------------------------------------

#define JIURL_IO(_code)								\
		CTL_CODE((FILE_DEVICE_JIURL),				\
				 ((JIURL_FUNCTION_BASE)+(_code)),	\
				 (METHOD_BUFFERED),					\
				 (FILE_ANY_ACCESS))

// -----------------------------------------------------------------

#define IOCTL_MEM_OUTPUT           JIURL_IO(0)
#define IOCTL_PROCESS_NAME_OUTPUT  JIURL_IO(1)

// -----------------------------------------------------------------

BOOL JiurlReadProcessMemory(
  HANDLE hDevice,
  DWORD pid,
  LPVOID lpBaseAddress,       // base of memory area
  LPVOID lpBuffer,             // data buffer
  DWORD nSize,                 // number of bytes to read
  LPDWORD lpNumberOfBytesRead  // number of bytes read
);

BOOL JiurlGetProcessName(HANDLE hDevice, DWORD pid, LPVOID lpBuffer);

void JiurlPageDirectorySee(HANDLE hDevice,DWORD pid,DWORD type);

void JiurlPageTableSee(HANDLE hDevice,DWORD pid,
					   DWORD PageTableAddress,DWORD type);

void CmdManager(HANDLE hDevice);

void CmdHelp();