工作线程的使用

#include<stdio.h>
#include<stdlib.h>
#include "ntddk.h"
#define DEVICE_NAME L"\\Device\\MyDevice"
PUCHAR PsGetProcessImageFileName(PEPROCESS Process);
BOOLEAN ThreadRunFlags = TRUE;

#define WRITE_FILE_INTERVAL    -10000 * 1000 * 10
typedef struct my_info {
	int age;
	int weight;
	char* name;
	PIO_WORKITEM item;
}myInfo, *PmyInfo;
PDEVICE_OBJECT DeviceObject;
HANDLE hThread;

NTSTATUS
GetLocalTime(OUT PTIME_FIELDS  timeFields)
{
	NTSTATUS        status = STATUS_SUCCESS;
	LARGE_INTEGER   sysTime, locTime;

	KeQuerySystemTime(&sysTime);
	ExSystemTimeToLocalTime(&sysTime, &locTime);
	RtlTimeToTimeFields(&locTime, timeFields);

	return STATUS_SUCCESS;

}

VOID TestFile(IN PDEVICE_OBJECT  DeviceObject,
	IN PmyInfo pmyInfo)

{
	TIME_FIELDS time;
	UNICODE_STRING string;
	HANDLE hFile;
	IO_STATUS_BLOCK iostatus;
	NTSTATUS status;
	WCHAR pBuffer[200];
	OBJECT_ATTRIBUTES objattr;
	LARGE_INTEGER  ByteOffset;
	KIRQL irql;

	RtlInitUnicodeString(&string, L"\\??\\C:\\1.log");
	InitializeObjectAttributes(&objattr, &string, OBJ_CASE_INSENSITIVE, NULL, NULL);
	GetLocalTime(&time);
	irql = KeGetCurrentIrql();
	KdPrint(("工作线程中的irql=%d", irql));
	//打开文件
	status = ZwCreateFile(&hFile, FILE_APPEND_DATA,
		&objattr, &iostatus,
		NULL, FILE_ATTRIBUTE_NORMAL,
		FILE_SHARE_WRITE,
		FILE_OPEN_IF, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);

	swprintf(pBuffer, L"[%d-%d-%d-%d-%d-%d]",
		time.Year,
		time.Month,
		time.Day,
		time.Hour,
		time.Minute,
		time.Second);
	KdPrint(("%S age is %d ,weight is %d,name is %s\n",
		pBuffer,pmyInfo->age, pmyInfo->weight, pmyInfo->name));
	//写文件
	status = ZwWriteFile(hFile, NULL, NULL, NULL, &iostatus,
		pBuffer, wcslen(pBuffer) * sizeof(WCHAR), NULL, NULL);
	//写入换行符
	status = ZwWriteFile(hFile, NULL, NULL, NULL, &iostatus,
		L"\n", sizeof(WCHAR), NULL, NULL);

	//关闭文件句柄
	ZwClose(hFile);
	//释放内存
	IoFreeWorkItem(pmyInfo->item);
}

VOID WaitMicroSecond(ULONG ulMircoSecond)
{
	KEVENT kEvent;
	//初始化一个未激发的内核事件
	KeInitializeEvent(&kEvent, SynchronizationEvent, FALSE);

	//等待时间的单位是100纳秒，将微秒转换成这个单位
	//负数代表是从此刻到未来的某个时刻
	LARGE_INTEGER timeout = RtlConvertLongToLargeInteger(-10 * ulMircoSecond);

	//在经过timeout后，线程继续运行
	KeWaitForSingleObject(&kEvent,
		Executive,
		KernelMode,
		FALSE,
		&timeout);
}


VOID ThreadStart(IN PVOID StartContext)
{

	PmyInfo pmyInfo;
	DbgPrint("Process: %s IRQL:%d\n",
		PsGetProcessImageFileName(PsGetCurrentProcess()), KeGetCurrentIrql());
	pmyInfo = ExAllocatePool(NonPagedPool, sizeof(myInfo));
	pmyInfo->age = 30;
	pmyInfo->weight = 80;
	pmyInfo->name = "yxp";

	while (1 == 1)
	{
		if (ThreadRunFlags==FALSE)
		{
			PsTerminateSystemThread(0);
		}
		//使用IoAllocateWorkItem分配一个ioworkitem
		PIO_WORKITEM pIoWorkItem = IoAllocateWorkItem(DeviceObject);
		if (pIoWorkItem)
		{
			pmyInfo->item = pIoWorkItem;

			//插入一个workitem， 其中TestFile就是我要写文件的函数，第四个参数也是该函数的参数
			IoQueueWorkItem(pIoWorkItem, (PIO_WORKITEM_ROUTINE)TestFile, NormalWorkQueue, pmyInfo);

		}
		WaitMicroSecond(1000 * 1000);
	}
	return;
}

VOID DriverUnload(IN PDRIVER_OBJECT DriverObject)
{
	ThreadRunFlags = FALSE;
	WaitMicroSecond(1000*1000*5);
	IoDeleteDevice(DriverObject->DeviceObject);
}

NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath)
{

	OBJECT_ATTRIBUTES ObjectAttributes;
	CLIENT_ID  CID;
	NTSTATUS status;
	UNICODE_STRING DeviceName, Win32Device;

	//创建设备名称
	RtlInitUnicodeString(&DeviceName, DEVICE_NAME);

	//创建设备  让三环的API能够找到，才能实现通信
	status = IoCreateDevice(DriverObject, 0, &DeviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &DeviceObject);
	if (status != STATUS_SUCCESS)
	{
		DbgPrint("创建设备失败! status=%x\r\n", status);
		return status;
	}

	DriverObject->DriverUnload = DriverUnload;
	InitializeObjectAttributes(&ObjectAttributes, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);
	//创建一个系统线程
	status = PsCreateSystemThread(
		&hThread,
		GENERIC_READ | GENERIC_WRITE,
		&ObjectAttributes,
		NtCurrentProcess(),
		&CID,
		(PKSTART_ROUTINE)ThreadStart,
		NULL
	);
	if (!NT_SUCCESS(status))
	{
		return 0;
	}
	ZwClose(hThread);
	return STATUS_SUCCESS;
}