摘要：根据wdk代码做的IoStartPacket、IoStartNextPacket、IoCancelIrp简化版：VOID IoStartPacket( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PULONG Key OPTIONAL, IN PDRIVER_CANCEL CancelFunction OPTIONAL ) /*++ Routine Description: This routine attempts to start the specified packet request (IRP) on the speci... 阅读全文

摘要：1.安装好VC6和DWK，先后顺序无关。从开始菜单找到WDK的程序目录，进入“WindowsXPCheckedBuildEnvironment”，输入命令"build"，此时WDK将会把自己进行编译，大约需要1分钟。2.VC6设置Include/Lib/Executable目录。设置为自己需要编译的平台的各个目录即可,Include要确保找到ntddk.h等，Lib与Include对应，Executable要确保能找到cl.exe例如XP平台下设置为:include包含部分:C:\WinDDK\7600.16385.1\inc\ddkC:\WinDDK\7600.16385 阅读全文

摘要：大槪就是看这个句柄是当前进程的句柄还是当前线程的句柄，最后再看看这AccessMode是内核还是用户态下，内核的话，句柄表就用ObpKernelHandleTable，用户态的话就用当前进程的句柄表NTSTATUSObReferenceObjectByHandle ( __in HANDLE Handle, __in ACCESS_MASK DesiredAccess, __in_opt POBJECT_TYPE ObjectType, __in KPROCESSOR_MODE AccessMode, __out PVOID *Object, __out_opt POBJECT_HANDLE_ 阅读全文