_UNICODE_STRING - CrisCzy


#pragma once
#include <ntifs.h>

#define  MAX_PATH 260
#define  BUFFER_SIZE 0x400
/********************************************/
/* 初始化                                    */
/********************************************/
void Sub_1(); //常量内存
void Sub_2(); //栈区内存
void Sub_3(); //动态内存
void Sub_4();//利用WCHAR
void SubI_1();//初始化常数字符串的一个宏
void Sub_9();//初始化为空

/************************************************************************/
/* 拷贝操作                                                             */
/************************************************************************/
void Sub_5();


/************************************************************************/
/*//字符串串联                                                         */
/************************************************************************/
void Sub_10();

/************************************************************************/
/*//字符串打印                                                       */
/************************************************************************/
void Sub_11();

/************************************************************************/
/* 转换                                                                 */
/************************************************************************/

BOOLEAN UnicodeStringToChar(char* DestinationString, PUNICODE_STRING SourceString);




BOOLEAN IsUnicodeStringValid(PUNICODE_STRING SourceString);


VOID DriverUnload(PDRIVER_OBJECT DriverObject);

#include "UnicodeString(Kernel).h"
//bp MyDriver1!DriverEntry


NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegisterPath)
{
	NTSTATUS Status = STATUS_SUCCESS;

	PDEVICE_OBJECT  DeviceObject = NULL;
	

	DriverObject->DriverUnload = DriverUnload;
	//Sub_1();
	Sub_10();
	return Status;
}

void Sub_1()
{
	UNICODE_STRING v1;
	RtlInitUnicodeString(&v1, L"HelloWorld");
	CHAR v2[20] = { 0 };
	/*
	v1.Buffer = 常量指针
	v1.Length = 20
	v1.MaximumLength = 22
	*/
	UnicodeStringToChar(v2, &v1);
	DbgPrint("%s\r\n", v2);
	DbgPrint("%wZ\r\n", &v1); //UNICODE_STRING要用 wZ输出 记住！！！
}

void Sub_2()
{
	UNICODE_STRING v1;
	WCHAR BufferData[] = L"HelloWorld";
	v1.Buffer = BufferData;
	v1.Length = wcslen(BufferData)*sizeof(WCHAR);
	v1.MaximumLength = (wcslen(BufferData)+1)*sizeof(WCHAR);
	DbgPrint("%wZ\r\n", &v1);

}

void Sub_3()
{
	UNICODE_STRING v1;
	WCHAR BufferData[] = L"HelloWorld";
	v1.Length = wcslen(BufferData) * sizeof(WCHAR);
	v1.MaximumLength = (wcslen(BufferData) + 1) * sizeof(WCHAR);
	v1.Buffer = ExAllocatePool(PagedPool, v1.MaximumLength);
	RtlZeroMemory(v1.Buffer, v1.MaximumLength);
	RtlCopyMemory(v1.Buffer,BufferData,v1.Length);

	DbgPrint("%wZ\r\n", &v1);
	if (v1.Buffer!=NULL)
	{
		ExFreePool(v1.Buffer);
		v1.Buffer = NULL;
		v1.Length = v1.MaximumLength = 0;
	}
}
void Sub_4()
{
	UNICODE_STRING str = { 0 };
	WCHAR strBuf[128] = { 0 };
	str.Buffer = strBuf;
	wcscpy(str.Buffer, L"hello");
	str.Length = str.MaximumLength = wcslen(L"hello") * sizeof(WCHAR);
	DbgPrint("%wZ\r\n", &str);
}
void SubI_1()
{
	UNICODE_STRING str = RTL_CONSTANT_STRING(L"hello");//用于初始化常数字符串的一个宏
	DbgPrint("%wZ\r\n", &str);
}
void Sub_9()//初始化为拥有缓冲长度为256的UNICODE_STRING空串
{
	UNICODE_STRING str;
	WCHAR str_buf[256] ;
	RtlInitEmptyUnicodeString(&str, str_buf ,256 * sizeof(WCHAR));
}

//拷贝操作
void Sub_5()
{
	UNICODE_STRING SourceString;
	RtlInitUnicodeString(&SourceString, L"HelloWorld");


	UNICODE_STRING DestinationString = { 0 };
	DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE);
	DestinationString.MaximumLength = BUFFER_SIZE;


    RtlCopyUnicodeString(&DestinationString, &SourceString);
	KdPrint(("SourceString:%wZ\n", &SourceString));
	KdPrint(("DestinationString:%wZ\n", &DestinationString));
	RtlFreeUnicodeString(&DestinationString);

}




//字符串串联

void Sub_10()
{
	UNICODE_STRING SourceString;
	RtlInitUnicodeString(&SourceString, L"HelloWorld");


	UNICODE_STRING DestinationString = { 0 };
	DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE);
	DestinationString.MaximumLength = BUFFER_SIZE;


    RtlCopyUnicodeString(&DestinationString, &SourceString);
	KdPrint(("SourceString:%wZ\n", &SourceString));
	KdPrint(("DestinationString:%wZ\n", &DestinationString));
	RtlAppendUnicodeStringToString(&DestinationString, &SourceString);
	KdPrint(("DestinationString:%wZ\n", &DestinationString));
	DbgPrint("%wZ\r\n", &DestinationString);
	RtlFreeUnicodeString(&DestinationString);
}


//字符串打印
void Sub_11()
{
	//在不能保证字符串的结尾为空时，尽量不要用%ws %s来打印
		UNICODE_STRING SourceString;
	RtlInitUnicodeString(&SourceString, L"HelloWorld");


	UNICODE_STRING DestinationString = { 0 };
	DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE);
	DestinationString.MaximumLength = BUFFER_SIZE;


    RtlCopyUnicodeString(&DestinationString, &SourceString);
	KdPrint(("SourceString:%wZ\n", &SourceString));
	KdPrint(("DestinationString:%wZ\n", &DestinationString));
	RtlAppendUnicodeStringToString(&DestinationString, &SourceString);
	KdPrint(("DestinationString:%wZ\n", &DestinationString));//Dbgprint无论是发行般还是调试般都有效，可以定义个宏 即 Kdprint（a）要用双重括号
	DbgPrint("%wZ\r\n", &DestinationString);//必须是PASSIVE_LEVEL  
	RtlFreeUnicodeString(&DestinationString);
}
VOID DriverUnload(PDRIVER_OBJECT DriverObject)
{
	DbgPrint("DriverUnload()\r\n");
}



BOOLEAN UnicodeStringToChar(char* DestinationString, PUNICODE_STRING SourceString)
{
	ANSI_STRING	v1;
	NTSTATUS	Status;
	char*		v2 = NULL;
	__try
	{
		Status = RtlUnicodeStringToAnsiString(&v1, SourceString, TRUE);
		if (v1.Length < MAX_PATH)
		{
			v2 = (PCHAR)v1.Buffer;
			strcpy(DestinationString, _strupr(v2));
		}
		RtlFreeAnsiString(&v1);
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		return FALSE;
	}
	return TRUE;
}


BOOLEAN IsUnicodeStringValid(PUNICODE_STRING SourceString)
{
	ULONG i = 0;

	__try
	{
		if (!MmIsAddressValid(SourceString))
		{
			return FALSE;
		}
		if (SourceString->Buffer == NULL || SourceString->Length == 0)
		{
			return FALSE;
		}
		for (i = 0; i < SourceString->Length; i++)
		{
			if (!MmIsAddressValid((PUCHAR)SourceString->Buffer + i))
			{
				return FALSE;
			}
		}
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		return FALSE;
	}
	return TRUE;
}

typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWCHAR Buffer;
}UNICODE_STRING,*PUNICODE_STRING;

kd> dt v1
dtx is unsupported for this scenario. It only recognizes dtx [<type>] [<address>] with -a, -h, and -r. Reverting to dt.
Local var @ 0x8df079c0 Type _UNICODE_STRING
"HelloWorld"
+0x000 Length : 0x14
+0x002 MaximumLength : 0x16
+0x004 Buffer : 0xa60e4082 "HelloWorld"
kd> db 0xa60e4082
a60e4082 48 00 65 00 6c 00 6c 00-6f 00 57 00 6f 00 72 00 H.e.l.l.o.W.o.r.
a60e4092 6c 00 64 00 00 00 25 77-5a 0d 0a 00 44 72 69 76 l.d...%wZ...Driv
a60e40a2 65 72 55 6e 6c 6f 61 64-28 29 0d 0a 00 00 00 00 erUnload()......
a60e40b2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
a60e40c2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
a60e40d2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
a60e40e2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
a60e40f2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

posted on 2017-08-23 17:47 CrisCzy 阅读(544) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部