Fan Zhang

摘要： NTSTATUS CompleteRoutine( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context ){ PIO_STACK_LOCATION IrpSp; PKEYBOARD_INPUT_DATA KeyData; int numKeys, i; IrpSp = IoGetCurrentIrpStackLocation(... 阅读全文

摘要： ObReferenceObjectByName 可以返回任意对象地址。它的本质是使用ObpLookupObjectName对 “\A\B\C”逐级解析。 IoGetDeviceObjectPointer 只能返回设备对象地址。它的本质是调用ZwOpenFile得到设备句柄，然后调用ObReferenceObjectByHandle得到设备对象指针。 阅读全文

摘要： 例如，如果使用 DEFINE_GUID( GUID_DEVINTERFACE_KEYBOARD, 0x884b96c3, 0x56ef, 0x11d1, \ 0xbc, 0x8c, 0x00, 0xa0, 0xc9, 0x14, 0x05, 0xdd); 必须引用initguid.h 例如： #include <initguid.h> #include <ntddkbd.h> 阅读全文

摘要： 1.例子一 Int386_vector:     .long 0 movl    %eax,Int386_vector;把Int386_vector看成一个变量，把Eax的值存入Int386_vector 2.例子二 用objdump反汇编 mov    %eax,0x24 它的意思等价于微软的汇编 m... 阅读全文

摘要： 在source文件中加入KERNEL_ALIGNMENT = 0x1000DRIVER_ALIGNMENT = 0x1000HAL_ALIGNMENT = 0x1000 阅读全文

摘要： C:\Windows\inf\setupapi.dev.log 阅读全文

摘要： psexec -s "cmd.exe" 阅读全文

摘要： 1. CriticalSection不需要进入内核就可以使用，速度比Mutex快100倍。2. CriticalSection只能用于同一个进程，而Mutex可以被不同进程使用CriticalSection的伪代码 阅读全文

摘要： NTSTATUSAcpiGetInteger( IN PDEVICE_OBJECT pAcpiPdo, IN ULONG MethodName, IN ULONG * pValue )/*++Routine Description: This routine sends a request to ACPI, the parent driver, to get a value from the DSDT entry for the device. The ACPI driver executes the specified method and this routine returns the 阅读全文

摘要： typedef enum _DEVICE_PNP_STATE { NotStarted = 0, // Not started yet Started, // Device has received the START_DEVICE IRP StopPending, // Device has received the QUERY_STOP IRP Stopped, // Device has received the STOP_DEVICE IRP RemovePending, // Device has received the QUERY_REMOVE IRP SurpriseRemov 阅读全文