Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to get the driver object of the kernel module and print out the values of the fields below the driver object". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to get the driver object of the kernel module and print out the values of the fields below the driver object.

# include / / this header file contains declarations for all exported functions of WDK

/ / function function: custom tool function

/ / function module: device stack module information

/ / function: get the driver object of the kernel module and print out the values of the fields below the driver object

VOID GetDriverObjectInfo (IN PDRIVER_OBJECT driver)

{

PDRIVER_OBJECT driverObject

If (driver = = NULL)

{

DbgPrint ("DiverObject is NULLINGO")

Return

}

DriverObject = driver

/ / the following are the values of each field in the driver object

/ / driver name

If (driverObject- > DriverName.Buffer)

{

DbgPrint ("Diver Name:% S", driverObject- > DriverName.Buffer)

}

/ / Information of the driver device object

If (driverObject- > DeviceObject | | driverObject- > Flags)

{

DbgPrint ("Device Address: 0x%x-Extensible flag location:% ld/n", driverObject- > DeviceObject, driverObject- > Flags)

}

/ / driver loading information

DbgPrint ("DriverStart Address: 0x%x-DriverSize:% ld-DriverSection: 0x%x-DriverExtension Address: 0x%x/n", driverObject- > DriverStart, driverObject- > DriverSize, driverObject- > DriverSection, driverObject- > DriverExtension)

/ / Registration information

DbgPrint ("The path to the hardware information in the registry: 0x%x/n", driverObject- > HardwareDatabase)

/ /.... Omit it. It's too troublesome.

}

/ / provide a Unload function only so that the program can be loaded dynamically and is convenient for debugging

VOID DriverUnload (PDRIVER_OBJECT driver)

{

/ / but in fact we do nothing but print a sentence:

DbgPrint ("first: Our driver is unloading … / rzone")

}

/ / DriverEntry, entry function. Equivalent to main.

NTSTATUS DriverEntry (PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)

{

# if DBG

_ asm int 3

# endif

/ / this is the entrance to our kernel module, where we can write what we want to write.

DbgPrint ("first: Hello, my salary!")

GetDriverObjectInfo (driver)

/ / set an unload function to make it easy for this function to exit.

Driver- > DriverUnload = DriverUnload

Return STATUS_SUCCESS

}

At this point, I believe you have a deeper understanding of "how to get the driver object of the kernel module and print out the values of the fields below the driver object". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.