Reusable drive code snippet
Drive the trouble in the operation of the file, the trouble! I didn't have it before. I didn't do it yesterday afternoon. I saw Native API for reference last night. I only used the DDK data type and introduced NTDLL.DLL to write a routine. , Compile commissioning, passing to the driver. Summarizing a good debugging driver method, most of the program clips related to the Native API (API in ZWXXX) can write debugging in Ring3 (more convenient!), Introducing ntdll.dll, but there is a point need Note that the flag parameters such as Kernel often need to be set in KMD, otherwise an error. In addition, the synchronization in the KMD is not Win32, so you can do it, and you will do it!
Prototype: NTSTATUS WRITELOGFILE (LPWSTATUS WRITELOGFILE (LPWSTATUSZLOGFILE (LPWSTR LPSZLOGFILE, PVOID BUFFER, ULONG ULENGTH)
Function uses synchronous write, no asynchronous mechanism
LPSZLOGFILE: For file name, for example /// ?//d://test.txt, if it is not confirmed to release / systemroot /
Buffer: For the buffer, it is the content you want to write.
Ulength: is the length of the buffer
NTSTATUS WRITELOGFILE (LPWSTR LPSZLOGFILE, PVOID BUFFER, ULONG ULENGTH)
{
Handle Hfile = NULL;
Unicode_string usfileObj = {0};
Object_attributes oa = {0};
IO_STATUS_BLOCK IOSTATUS = {0};
NTSTATUS NS = 0xffffffff;
FILE_STANDARD_INFORMATION FSI = {0};
File_position_information fpi = {0};
RtlinitunicodeString (& USFileObj, lpszlogfile);
InitializeObjectAttributes (& OA, & USFileObj, Obj_case_insensitive, null, null);
NS = ZWCREATEFILE (& Hfile,
Generic_Write | SYNCHRONIZE,
& OA,
& iostatus,
NULL,
0,
File_share_read | file_share_write,
File_open_if,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
IF (NT_Success (NS))
{
NS = ZwQueryInformationFile (Hfile, & Iostatus, (Pvoid) & fsi, sizeof (fsi), filestandardinformation;
// If the file has content, point to the end of the file.
IF (NT_Success (NS))
{
fpi.currentbyteoffset = fsi.endoffile;
ZWsetInformationFile (HFile, & Iostatus, (PVOID) & FPI, SizeOf (FPI), FilePositionInformation;
}
NS = Zwwritefile (HFile, Null, Null, Null, & Iostatus, Buffer, Ulength, Null, NULL)
NS = NT_SUCCESS (NS)? ZWClose (HFile): Zwclose (HFile), NS;
}
Return ns;
}
Call the code snippet:
Void AddRecord (PSTR LPSZAPPLICATION, PWSTR LPSZOPERATION, PWSTR LPSZFILE) {
PVOID PPOOL = NULL;
Ulong usize = strlen (lpszApplication) (lpszoperation) WCSLEN (LPSZFILE) * SIZEOF (WCHAR);
// If you do not set a log file
IF (! wcslen (gchlogfile))
Return;
// Slightly optimize, align the size to Page_Size, the accesses will be somewhat
USIZE = SizeOf (lad_integer) - (USIZE% SIZEOF (Large_INTEGER);
USIZE = USIZE
PPOOL = ExallocatePool (PagedPool, USIZE);
IF (PPOOL)
{
__TRY
{
_Snprintf ((char *) PPOOL, USIZE, "% s:% s:% s / r / n", lpszapplication, lpszoperty, lpszfile;
DPRINTF ("% s", ppool);
Writelogfile (Gchlogfile, PPOOL, Strlen ((char *) ppool);
}
__except (1)
{
DPRINTF ("Exception in Add AddRecord");
}
EXFREEPOOL (PPOOL);
}
// Else Out of memory
Permanently
