?? deviceextension.txt
字號:
typedef struct _DEVICE_EXTENSION
{
PDEVICE_OBJECT DeviceObject;
HANDLE ProcessHandle;
PKEVENT ProcessEvent;
HANDLE ThreadHandle;
PKEVENT ThreadEvent;
HANDLE ImageHandle;
PKEVENT ImageEvent;
HANDLE PParentId;
HANDLE PProcessId;
BOOLEAN PCreate;
HANDLE TProcessId;
HANDLE TThreadId;
BOOLEAN TCreate;
UCHAR ImageNameA[255];
HANDLE IProcessId;
IMAGE_INFO ImageInfo;
} DEVICE_EXTENSION, *PDEVICE_EXTENSION;
PDEVICE_OBJECT gpDeviceObject;
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
{
PDEVICE_OBJECT pDeviceObject;
PDEVICE_EXTENSION extension;
// Create and initialize device object
ntStatus = IoCreateDevice(DriverObject,
sizeof(DEVICE_EXTENSION),
&uszDriverString,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&pDeviceObject);
extension = pDeviceObject->DeviceExtension;
gpDeviceObject = pDeviceObject;
RtlInitUnicodeString(&uszProcessEventString,
L"\\BaseNamedObjects\\ProcViewProcessEvent");
extension->ProcessEvent = IoCreateNotificationEvent(&uszProcessEventString,&extension->ProcessHandle);
KeClearEvent(extension->ProcessEvent);
}
VOID ProcViewProcessCallback(IN HANDLE ParentId, IN HANDLE ProcessId,
IN BOOLEAN Create)
{
PDEVICE_EXTENSION extension;
// Assign extension variable...
extension = gpDeviceObject->DeviceExtension;
KeSetEvent(extension->ProcessEvent, 0, FALSE);
KeClearEvent(extension->ProcessEvent);
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -