#pragma once #include <ntifs.h> #define MAX_PATH 260 #define BUFFER_SIZE 0x400 /********************************************/ /* 初始化 */ /********************************************/ void Sub_1(); //常量内存 void Sub_2(); //栈区内存 void Sub_3(); //动态内存 void Sub_4();//利用WCHAR void SubI_1();//初始化常数字符串的一个宏 void Sub_9();//初始化为空 /************************************************************************/ /* 拷贝操作 */ /************************************************************************/ void Sub_5(); /************************************************************************/ /*//字符串串联 */ /************************************************************************/ void Sub_10(); /************************************************************************/ /*//字符串打印 */ /************************************************************************/ void Sub_11(); /************************************************************************/ /* 转换 */ /************************************************************************/ BOOLEAN UnicodeStringToChar(char* DestinationString, PUNICODE_STRING SourceString); BOOLEAN IsUnicodeStringValid(PUNICODE_STRING SourceString); VOID DriverUnload(PDRIVER_OBJECT DriverObject);
#include "UnicodeString(Kernel).h" //bp MyDriver1!DriverEntry NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegisterPath) { NTSTATUS Status = STATUS_SUCCESS; PDEVICE_OBJECT DeviceObject = NULL; DriverObject->DriverUnload = DriverUnload; //Sub_1(); Sub_10(); return Status; } void Sub_1() { UNICODE_STRING v1; RtlInitUnicodeString(&v1, L"HelloWorld"); CHAR v2[20] = { 0 }; /* v1.Buffer = 常量指针 v1.Length = 20 v1.MaximumLength = 22 */ UnicodeStringToChar(v2, &v1); DbgPrint("%s\r\n", v2); DbgPrint("%wZ\r\n", &v1); //UNICODE_STRING要用 wZ输出 记住!!! } void Sub_2() { UNICODE_STRING v1; WCHAR BufferData[] = L"HelloWorld"; v1.Buffer = BufferData; v1.Length = wcslen(BufferData)*sizeof(WCHAR); v1.MaximumLength = (wcslen(BufferData)+1)*sizeof(WCHAR); DbgPrint("%wZ\r\n", &v1); } void Sub_3() { UNICODE_STRING v1; WCHAR BufferData[] = L"HelloWorld"; v1.Length = wcslen(BufferData) * sizeof(WCHAR); v1.MaximumLength = (wcslen(BufferData) + 1) * sizeof(WCHAR); v1.Buffer = ExAllocatePool(PagedPool, v1.MaximumLength); RtlZeroMemory(v1.Buffer, v1.MaximumLength); RtlCopyMemory(v1.Buffer,BufferData,v1.Length); DbgPrint("%wZ\r\n", &v1); if (v1.Buffer!=NULL) { ExFreePool(v1.Buffer); v1.Buffer = NULL; v1.Length = v1.MaximumLength = 0; } } void Sub_4() { UNICODE_STRING str = { 0 }; WCHAR strBuf[128] = { 0 }; str.Buffer = strBuf; wcscpy(str.Buffer, L"hello"); str.Length = str.MaximumLength = wcslen(L"hello") * sizeof(WCHAR); DbgPrint("%wZ\r\n", &str); } void SubI_1() { UNICODE_STRING str = RTL_CONSTANT_STRING(L"hello");//用于初始化常数字符串的一个宏 DbgPrint("%wZ\r\n", &str); } void Sub_9()//初始化为拥有缓冲长度为256的UNICODE_STRING空串 { UNICODE_STRING str; WCHAR str_buf[256] ; RtlInitEmptyUnicodeString(&str, str_buf ,256 * sizeof(WCHAR)); } //拷贝操作 void Sub_5() { UNICODE_STRING SourceString; RtlInitUnicodeString(&SourceString, L"HelloWorld"); UNICODE_STRING DestinationString = { 0 }; DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE); DestinationString.MaximumLength = BUFFER_SIZE; RtlCopyUnicodeString(&DestinationString, &SourceString); KdPrint(("SourceString:%wZ\n", &SourceString)); KdPrint(("DestinationString:%wZ\n", &DestinationString)); RtlFreeUnicodeString(&DestinationString); } //字符串串联 void Sub_10() { UNICODE_STRING SourceString; RtlInitUnicodeString(&SourceString, L"HelloWorld"); UNICODE_STRING DestinationString = { 0 }; DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE); DestinationString.MaximumLength = BUFFER_SIZE; RtlCopyUnicodeString(&DestinationString, &SourceString); KdPrint(("SourceString:%wZ\n", &SourceString)); KdPrint(("DestinationString:%wZ\n", &DestinationString)); RtlAppendUnicodeStringToString(&DestinationString, &SourceString); KdPrint(("DestinationString:%wZ\n", &DestinationString)); DbgPrint("%wZ\r\n", &DestinationString); RtlFreeUnicodeString(&DestinationString); } //字符串打印 void Sub_11() { //在不能保证字符串的结尾为空时,尽量不要用%ws %s来打印 UNICODE_STRING SourceString; RtlInitUnicodeString(&SourceString, L"HelloWorld"); UNICODE_STRING DestinationString = { 0 }; DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE); DestinationString.MaximumLength = BUFFER_SIZE; RtlCopyUnicodeString(&DestinationString, &SourceString); KdPrint(("SourceString:%wZ\n", &SourceString)); KdPrint(("DestinationString:%wZ\n", &DestinationString)); RtlAppendUnicodeStringToString(&DestinationString, &SourceString); KdPrint(("DestinationString:%wZ\n", &DestinationString));//Dbgprint无论是发行般还是调试般都有效,可以定义个宏 即 Kdprint(a)要用双重括号 DbgPrint("%wZ\r\n", &DestinationString);//必须是PASSIVE_LEVEL RtlFreeUnicodeString(&DestinationString); } VOID DriverUnload(PDRIVER_OBJECT DriverObject) { DbgPrint("DriverUnload()\r\n"); } BOOLEAN UnicodeStringToChar(char* DestinationString, PUNICODE_STRING SourceString) { ANSI_STRING v1; NTSTATUS Status; char* v2 = NULL; __try { Status = RtlUnicodeStringToAnsiString(&v1, SourceString, TRUE); if (v1.Length < MAX_PATH) { v2 = (PCHAR)v1.Buffer; strcpy(DestinationString, _strupr(v2)); } RtlFreeAnsiString(&v1); } __except (EXCEPTION_EXECUTE_HANDLER) { return FALSE; } return TRUE; } BOOLEAN IsUnicodeStringValid(PUNICODE_STRING SourceString) { ULONG i = 0; __try { if (!MmIsAddressValid(SourceString)) { return FALSE; } if (SourceString->Buffer == NULL || SourceString->Length == 0) { return FALSE; } for (i = 0; i < SourceString->Length; i++) { if (!MmIsAddressValid((PUCHAR)SourceString->Buffer + i)) { return FALSE; } } } __except (EXCEPTION_EXECUTE_HANDLER) { return FALSE; } return TRUE; }
typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWCHAR Buffer;
}UNICODE_STRING,*PUNICODE_STRING;
kd> dt v1
dtx is unsupported for this scenario. It only recognizes dtx [<type>] [<address>] with -a, -h, and -r. Reverting to dt.
Local var @ 0x8df079c0 Type _UNICODE_STRING
"HelloWorld"
+0x000 Length : 0x14
+0x002 MaximumLength : 0x16
+0x004 Buffer : 0xa60e4082 "HelloWorld"
kd> db 0xa60e4082
a60e4082 48 00 65 00 6c 00 6c 00-6f 00 57 00 6f 00 72 00 H.e.l.l.o.W.o.r.
a60e4092 6c 00 64 00 00 00 25 77-5a 0d 0a 00 44 72 69 76 l.d...%wZ...Driv
a60e40a2 65 72 55 6e 6c 6f 61 64-28 29 0d 0a 00 00 00 00 erUnload()......
a60e40b2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
a60e40c2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
a60e40d2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
a60e40e2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
a60e40f2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................