UnicodeString基本操作(Ring0)
// 纯粹做个记录,微软源码
1 #include "Unicode_String_Ring0.h" 2 3 //bp Unicode_String_Ring0!DriverEntry 4 NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegisterPath) 5 { 6 NTSTATUS Status = STATUS_SUCCESS; 7 PDEVICE_OBJECT DeviceObject = NULL; 8 9 DriverObject->DriverUnload = DriverUnload; 10 11 Test(); 12 13 return Status; 14 } 15 16 17 void Test() 18 { 19 //初始化 20 //StringInitTest(); 21 22 //拷贝操作 23 //StringCopyTest(); 24 25 //字符串比较 26 //StringCompareTest(); 27 28 //字符串变大写 29 //StringToUpperTest(); 30 31 //字符串与整型相互转化 32 //StringToIntegerTest(); 33 34 35 //ANSI_STRING字符串与UNICODE_STRING字符串相互转换 36 StringConverTest(); 37 38 39 } 40 41 //初始化 42 void StringInitTest() 43 { 44 //Sub_1();//常量初始化 45 //Sub_2(); 46 Sub_3();//堆 47 } 48 void Sub_1() 49 { 50 //UNICODE_STRING 51 //常量初始化 52 UNICODE_STRING v1; 53 RtlInitUnicodeString(&v1, L"HelloWorld"); 54 55 //v1.Buffer = 常量指针 56 //v1.Length = 20 57 //v1.MaximumLength = 22 58 59 DbgPrint("%wZ\r\n", &v1);//Unicode打印L"" 60 61 62 /* 63 //常量初始化ANSI_STRING 64 //(1)用RtlInitAnsiString初始化字符串 65 ANSI_STRING AnsiString; 66 CHAR * string = "hello"; 67 //初始化ANSI_STRING字符串 68 RtlInitAnsiString(&AnsiString, string); 69 DbgPrint("AnsiString:%Z\n", &AnsiString); 70 */ 71 } 72 void Sub_2() 73 { 74 UNICODE_STRING v1; 75 WCHAR BufferData[] = L"HelloWorld"; 76 v1.Buffer = BufferData; 77 v1.Length = wcslen(BufferData) * sizeof(WCHAR); 78 v1.MaximumLength = (wcslen(BufferData) + 1) * sizeof(WCHAR); 79 80 DbgPrint("%wZ\r\n", &v1); 81 } 82 void Sub_3() 83 { 84 UNICODE_STRING v1; 85 WCHAR BufferData[] = L"HelloWorld"; 86 87 v1.Length = wcslen(BufferData) * sizeof(WCHAR); 88 v1.MaximumLength = (wcslen(BufferData) + 1) * sizeof(WCHAR); 89 v1.Buffer = ExAllocatePool(PagedPool, v1.MaximumLength); 90 91 RtlZeroMemory(v1.Buffer, v1.MaximumLength); 92 RtlCopyMemory(v1.Buffer, BufferData, v1.Length); 93 94 DbgPrint("%wZ\r\n", &v1); 95 96 if (v1.Buffer != NULL) 97 { 98 ExFreePool(v1.Buffer); 99 v1.Buffer = NULL; 100 v1.Length = v1.MaximumLength = 0; 101 } 102 } 103 104 //拷贝操作 105 void StringCopyTest() 106 { 107 UNICODE_STRING SourceString; 108 RtlInitUnicodeString(&SourceString, L"HelloWorld"); 109 110 UNICODE_STRING DestinationString = { 0 }; 111 DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE); 112 DestinationString.MaximumLength = BUFFER_SIZE; 113 114 RtlCopyUnicodeString(&DestinationString, &SourceString); 115 116 DbgPrint("SourceString:%wZ\r\n", &SourceString); 117 DbgPrint("DestinationString:%wZ\n", &DestinationString); 118 119 RtlFreeUnicodeString(&DestinationString); 120 } 121 122 //字符串比较 123 void StringCompareTest() 124 { 125 //初始化UnicodeString1 126 UNICODE_STRING UnicodeString1; 127 RtlInitUnicodeString(&UnicodeString1,L"HELLOWORLD"); 128 129 //初始化UnicodeString2 130 UNICODE_STRING UnicodeString2; 131 //RtlInitUnicodeString(&UnicodeString2, L"Hello"); 132 //RtlInitUnicodeString(&UnicodeString2, L"HELLOWORLD"); 133 RtlInitUnicodeString(&UnicodeString2, L"helloworld"); 134 135 136 if (RtlEqualUnicodeString( 137 &UnicodeString1, 138 &UnicodeString2, 139 TRUE 140 //If TRUE, 141 //case should be ignored when doing the comparison. 142 ) 143 ) 144 { 145 DbgPrint("UnicodeString1 and UnicodeString2 are equal\n"); 146 } 147 else 148 { 149 DbgPrint("UnicodeString1 and UnicodeString2 are NOT equal\n"); 150 } 151 152 153 154 155 156 } 157 158 //字符串变大写 159 void StringToUpperTest() 160 { 161 UNICODE_STRING SourceString; 162 RtlInitUnicodeString(&SourceString, L"Hello World"); 163 164 UNICODE_STRING DestinationString; 165 DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE); 166 DestinationString.MaximumLength = BUFFER_SIZE; 167 168 //变化前 169 DbgPrint("变化前:%wZ\n", &SourceString); 170 //变大写 171 RtlUpcaseUnicodeString( 172 &DestinationString, //DestinationString 173 &SourceString, //SourceString 174 FALSE//Specifies if RtlUpcaseUnicodeString is to allocate the buffer space for the DestinationString. 175 //If it does, the buffer must be deallocated by calling RtlFreeUnicodeString. 176 ); 177 178 //变化后 179 DbgPrint("变化后:%wZ\n", &DestinationString); 180 181 RtlFreeUnicodeString(&DestinationString); 182 } 183 184 185 186 //字符串与整型相互转化 187 void StringToIntegerTest() 188 { 189 //(1)字符串转换成数字 190 UNICODE_STRING UnicodeString1; 191 RtlInitUnicodeString(&UnicodeString1, L"-100"); 192 193 ULONG lNumber; 194 NTSTATUS Status = 195 RtlUnicodeStringToInteger(//第二个参数Base 196 &UnicodeString1, 197 //10,//-100是10进制 //输出-100 198 //16,//-100是16进制 //输出-256 199 8, //-100是8进制 //输出-64 200 &lNumber 201 ); 202 203 if (NT_SUCCESS(Status)) 204 { 205 DbgPrint("Conver to integer succussfully!\n"); 206 DbgPrint("Result:%d\n", lNumber); 207 } 208 else 209 { 210 DbgPrint("Conver to integer unsuccessfully!\n"); 211 } 212 //(2)数字转换成字符串 213 UNICODE_STRING UnicodeString2 = { 0 }; 214 UnicodeString2.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE); 215 UnicodeString2.MaximumLength = BUFFER_SIZE; 216 217 Status = RtlIntegerToUnicodeString(//同上 第二参数是Base 218 200, 219 //10, //输出200 220 //8, //输出310 221 16, //输出 C8 222 &UnicodeString2 223 ); 224 225 /* 226 HEX C8 227 DEC 200 228 OCT 310 229 */ 230 231 if (NT_SUCCESS(Status)) 232 { 233 DbgPrint("Conver to string succussfully!\n"); 234 DbgPrint("Result:%wZ\n", &UnicodeString2); 235 } 236 else 237 { 238 DbgPrint("Conver to string unsuccessfully!\n"); 239 } 240 241 //销毁UnicodeString2 242 //注意!!UnicodeString1不用销毁 243 RtlFreeUnicodeString(&UnicodeString2); 244 245 246 } 247 248 249 250 //ANSI_STRING字符串与UNICODE_STRING字符串相互 251 void StringConverTest() 252 { 253 //(1)将UNICODE_STRING字符串转换成ANSI_STRING字符串 254 //初始化UnicodeString1 255 UNICODE_STRING UnicodeString1; 256 RtlInitUnicodeString(&UnicodeString1, L"HelloWorld"); 257 258 ANSI_STRING AnsiString1; 259 NTSTATUS Status = RtlUnicodeStringToAnsiString( 260 &AnsiString1, 261 &UnicodeString1, 262 TRUE 263 //TRUE if this routine is to allocate the buffer space for the DestinationString. 264 //If it does, the buffer must be deallocated by calling RtlFreeAnsiString. 265 ); 266 267 if (NT_SUCCESS(Status)) 268 { 269 DbgPrint("Conver succussfully!\n"); 270 DbgPrint("Result:%Z\n", &AnsiString1); 271 } 272 else 273 { 274 DbgPrint("Conver unsuccessfully!\n"); 275 } 276 277 //销毁AnsiString1 278 RtlFreeAnsiString(&AnsiString1); 279 280 //(2)将ANSI_STRING字符串转换成UNICODE_STRING字符串 281 282 ANSI_STRING AnsiString2; 283 RtlInitString(&AnsiString2, "HelloWorld"); 284 285 UNICODE_STRING UnicodeString2; 286 Status = RtlAnsiStringToUnicodeString( 287 &UnicodeString2, 288 &AnsiString2, 289 TRUE 290 //Specifies if this routine should allocate the buffer space for the destination string. 291 //If it does, the caller must deallocate the buffer by calling RtlFreeUnicodeString. 292 293 294 ); 295 296 if (NT_SUCCESS(Status)) 297 { 298 DbgPrint("Conver succussfully!\n"); 299 DbgPrint("Result:%wZ\n", &UnicodeString2); 300 } 301 else 302 { 303 DbgPrint("Conver unsuccessfully!\n"); 304 } 305 306 //销毁UnicodeString2 307 RtlFreeUnicodeString(&UnicodeString2); 308 } 309 310 VOID DriverUnload(PDRIVER_OBJECT DriverObject) 311 { 312 DbgPrint("DriverUnload()\r\n"); 313 }
1 #include <ntifs.h> 2 3 4 #define BUFFER_SIZE 0x400 5 6 void Test(); 7 8 //初始化操作 9 void StringInitTest(); 10 void Sub_1();//常量初始化 11 void Sub_2(); 12 void Sub_3(); 13 14 //拷贝操作 15 void StringCopyTest(); 16 17 //字符串比较 18 void StringCompareTest(); 19 20 //字符串变大写 21 void StringToUpperTest(); 22 23 //字符串与整型相互转化 24 void StringToIntegerTest(); 25 26 //ANSI_STRING字符串与UNICODE_STRING字符串相互 27 void StringConverTest(); 28 29 30 VOID DriverUnload(PDRIVER_OBJECT DriverObject);
Ring3层的话不能直接使用UnicodeString、AnsiString,需要自己定义出来,并且部分相关的函数需要自己实现,得参照微软的源代码,本人正在写,写好了发出来,也是Ring0的这些基本的操作。
老实说字符串操作是很大的一个部分,之前就被一个String的输出到txt文件的问题卡过,还是要好好总结这些基础的东西,感觉要是能有完全的手册就好了MSDN。。。String Manipulation (CRT)。。。。唉看英语还是慢,个人琐碎。
vs自动生成的ReadMe.txt是UTF-8 开头有EF BB BF
