#pragma once
#include <ntifs.h>
#define MAX_PATH 260
#define BUFFER_SIZE 0x400
/********************************************/
/* 初始化 */
/********************************************/
void Sub_1(); //常量内存
void Sub_2(); //栈区内存
void Sub_3(); //动态内存
void Sub_4();//利用WCHAR
void SubI_1();//初始化常数字符串的一个宏
void Sub_9();//初始化为空
/************************************************************************/
/* 拷贝操作 */
/************************************************************************/
void Sub_5();
/************************************************************************/
/*//字符串串联 */
/************************************************************************/
void Sub_10();
/************************************************************************/
/*//字符串打印 */
/************************************************************************/
void Sub_11();
/************************************************************************/
/* 转换 */
/************************************************************************/
BOOLEAN UnicodeStringToChar(char* DestinationString, PUNICODE_STRING SourceString);
BOOLEAN IsUnicodeStringValid(PUNICODE_STRING SourceString);
VOID DriverUnload(PDRIVER_OBJECT DriverObject);
#include "UnicodeString(Kernel).h"
//bp MyDriver1!DriverEntry
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegisterPath)
{
NTSTATUS Status = STATUS_SUCCESS;
PDEVICE_OBJECT DeviceObject = NULL;
DriverObject->DriverUnload = DriverUnload;
//Sub_1();
Sub_10();
return Status;
}
void Sub_1()
{
UNICODE_STRING v1;
RtlInitUnicodeString(&v1, L"HelloWorld");
CHAR v2[20] = { 0 };
/*
v1.Buffer = 常量指针
v1.Length = 20
v1.MaximumLength = 22
*/
UnicodeStringToChar(v2, &v1);
DbgPrint("%s\r\n", v2);
DbgPrint("%wZ\r\n", &v1); //UNICODE_STRING要用 wZ输出 记住!!!
}
void Sub_2()
{
UNICODE_STRING v1;
WCHAR BufferData[] = L"HelloWorld";
v1.Buffer = BufferData;
v1.Length = wcslen(BufferData)*sizeof(WCHAR);
v1.MaximumLength = (wcslen(BufferData)+1)*sizeof(WCHAR);
DbgPrint("%wZ\r\n", &v1);
}
void Sub_3()
{
UNICODE_STRING v1;
WCHAR BufferData[] = L"HelloWorld";
v1.Length = wcslen(BufferData) * sizeof(WCHAR);
v1.MaximumLength = (wcslen(BufferData) + 1) * sizeof(WCHAR);
v1.Buffer = ExAllocatePool(PagedPool, v1.MaximumLength);
RtlZeroMemory(v1.Buffer, v1.MaximumLength);
RtlCopyMemory(v1.Buffer,BufferData,v1.Length);
DbgPrint("%wZ\r\n", &v1);
if (v1.Buffer!=NULL)
{
ExFreePool(v1.Buffer);
v1.Buffer = NULL;
v1.Length = v1.MaximumLength = 0;
}
}
void Sub_4()
{
UNICODE_STRING str = { 0 };
WCHAR strBuf[128] = { 0 };
str.Buffer = strBuf;
wcscpy(str.Buffer, L"hello");
str.Length = str.MaximumLength = wcslen(L"hello") * sizeof(WCHAR);
DbgPrint("%wZ\r\n", &str);
}
void SubI_1()
{
UNICODE_STRING str = RTL_CONSTANT_STRING(L"hello");//用于初始化常数字符串的一个宏
DbgPrint("%wZ\r\n", &str);
}
void Sub_9()//初始化为拥有缓冲长度为256的UNICODE_STRING空串
{
UNICODE_STRING str;
WCHAR str_buf[256] ;
RtlInitEmptyUnicodeString(&str, str_buf ,256 * sizeof(WCHAR));
}
//拷贝操作
void Sub_5()
{
UNICODE_STRING SourceString;
RtlInitUnicodeString(&SourceString, L"HelloWorld");
UNICODE_STRING DestinationString = { 0 };
DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE);
DestinationString.MaximumLength = BUFFER_SIZE;
RtlCopyUnicodeString(&DestinationString, &SourceString);
KdPrint(("SourceString:%wZ\n", &SourceString));
KdPrint(("DestinationString:%wZ\n", &DestinationString));
RtlFreeUnicodeString(&DestinationString);
}
//字符串串联
void Sub_10()
{
UNICODE_STRING SourceString;
RtlInitUnicodeString(&SourceString, L"HelloWorld");
UNICODE_STRING DestinationString = { 0 };
DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE);
DestinationString.MaximumLength = BUFFER_SIZE;
RtlCopyUnicodeString(&DestinationString, &SourceString);
KdPrint(("SourceString:%wZ\n", &SourceString));
KdPrint(("DestinationString:%wZ\n", &DestinationString));
RtlAppendUnicodeStringToString(&DestinationString, &SourceString);
KdPrint(("DestinationString:%wZ\n", &DestinationString));
DbgPrint("%wZ\r\n", &DestinationString);
RtlFreeUnicodeString(&DestinationString);
}
//字符串打印
void Sub_11()
{
//在不能保证字符串的结尾为空时,尽量不要用%ws %s来打印
UNICODE_STRING SourceString;
RtlInitUnicodeString(&SourceString, L"HelloWorld");
UNICODE_STRING DestinationString = { 0 };
DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE);
DestinationString.MaximumLength = BUFFER_SIZE;
RtlCopyUnicodeString(&DestinationString, &SourceString);
KdPrint(("SourceString:%wZ\n", &SourceString));
KdPrint(("DestinationString:%wZ\n", &DestinationString));
RtlAppendUnicodeStringToString(&DestinationString, &SourceString);
KdPrint(("DestinationString:%wZ\n", &DestinationString));//Dbgprint无论是发行般还是调试般都有效,可以定义个宏 即 Kdprint(a)要用双重括号
DbgPrint("%wZ\r\n", &DestinationString);//必须是PASSIVE_LEVEL
RtlFreeUnicodeString(&DestinationString);
}
VOID DriverUnload(PDRIVER_OBJECT DriverObject)
{
DbgPrint("DriverUnload()\r\n");
}
BOOLEAN UnicodeStringToChar(char* DestinationString, PUNICODE_STRING SourceString)
{
ANSI_STRING v1;
NTSTATUS Status;
char* v2 = NULL;
__try
{
Status = RtlUnicodeStringToAnsiString(&v1, SourceString, TRUE);
if (v1.Length < MAX_PATH)
{
v2 = (PCHAR)v1.Buffer;
strcpy(DestinationString, _strupr(v2));
}
RtlFreeAnsiString(&v1);
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
return FALSE;
}
return TRUE;
}
BOOLEAN IsUnicodeStringValid(PUNICODE_STRING SourceString)
{
ULONG i = 0;
__try
{
if (!MmIsAddressValid(SourceString))
{
return FALSE;
}
if (SourceString->Buffer == NULL || SourceString->Length == 0)
{
return FALSE;
}
for (i = 0; i < SourceString->Length; i++)
{
if (!MmIsAddressValid((PUCHAR)SourceString->Buffer + i))
{
return FALSE;
}
}
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
return FALSE;
}
return TRUE;
}
typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWCHAR Buffer;
}UNICODE_STRING,*PUNICODE_STRING;
kd> dt v1
dtx is unsupported for this scenario. It only recognizes dtx [<type>] [<address>] with -a, -h, and -r. Reverting to dt.
Local var @ 0x8df079c0 Type _UNICODE_STRING
"HelloWorld"
+0x000 Length : 0x14
+0x002 MaximumLength : 0x16
+0x004 Buffer : 0xa60e4082 "HelloWorld"
kd> db 0xa60e4082
a60e4082 48 00 65 00 6c 00 6c 00-6f 00 57 00 6f 00 72 00 H.e.l.l.o.W.o.r.
a60e4092 6c 00 64 00 00 00 25 77-5a 0d 0a 00 44 72 69 76 l.d...%wZ...Driv
a60e40a2 65 72 55 6e 6c 6f 61 64-28 29 0d 0a 00 00 00 00 erUnload()......
a60e40b2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
a60e40c2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
a60e40d2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
a60e40e2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
a60e40f2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................