deviceextension.txt

来自「驱动开发过程中要注意的一些要点以及一些基本资料」· 文本 代码 · 共 77 行

typedef struct _DEVICE_EXTENSION 
{
    PDEVICE_OBJECT DeviceObject;
    HANDLE  ProcessHandle;
    PKEVENT ProcessEvent;
    HANDLE  ThreadHandle;
    PKEVENT ThreadEvent;
    HANDLE  ImageHandle;
    PKEVENT ImageEvent;

    HANDLE  PParentId;
    HANDLE  PProcessId;
    BOOLEAN PCreate;

    HANDLE  TProcessId;
    HANDLE  TThreadId;
    BOOLEAN TCreate;

    UCHAR   ImageNameA[255];
    HANDLE  IProcessId;
    IMAGE_INFO ImageInfo;
} DEVICE_EXTENSION, *PDEVICE_EXTENSION;

PDEVICE_OBJECT gpDeviceObject;

NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, 
                     IN PUNICODE_STRING RegistryPath)
{
    PDEVICE_OBJECT    pDeviceObject;
    PDEVICE_EXTENSION extension;
// Create and initialize device object
    ntStatus = IoCreateDevice(DriverObject,
                              sizeof(DEVICE_EXTENSION),
                              &uszDriverString,
                              FILE_DEVICE_UNKNOWN,
                              0,
                              FALSE,
                              &pDeviceObject);
	extension = pDeviceObject->DeviceExtension;
	gpDeviceObject = pDeviceObject;
	RtlInitUnicodeString(&uszProcessEventString, 
                         L"\\BaseNamedObjects\\ProcViewProcessEvent");
    	extension->ProcessEvent = IoCreateNotificationEvent(&uszProcessEventString,&extension->ProcessHandle);

	KeClearEvent(extension->ProcessEvent);
  }

VOID ProcViewProcessCallback(IN HANDLE ParentId, IN HANDLE ProcessId, 
                             IN BOOLEAN Create)
{
    PDEVICE_EXTENSION extension;
// Assign extension variable...
    extension = gpDeviceObject->DeviceExtension;

KeSetEvent(extension->ProcessEvent, 0, FALSE);
    KeClearEvent(extension->ProcessEvent);
}