驱动线程与事件
創建線程
NTSTATUS PsCreateSystemThread (_Out_ PHANDLE ThreadHandle, //句柄指針_In_ ULONG DesiredAccess, //0_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes //NULL_In_opt_ HANDLE ProcessHandle, //NULL_Out_opt_ PCLIENT_ID ClientId, //NULL_In_ PKSTART_ROUTINE StartRoutine, //線程函數_In_opt_ PVOID StartContext //傳入線程的指針);初始化事件
VOID KeInitializeEvent (_Out_ PRKEVENT Event, //初始化的事件_In_ EVENT_TYPE Type, //事件類型_In_ BOOLEAN State //初始化狀態一般為 FALSE);//等待事件(阻塞)
NTSTATUS KeWaitForSingleObject(_In_ PVOID Object, //事件_In_ KWAIT_REASON WaitReason, //Executive_In_ KPROCESSOR_MODE WaitMode, //KernelMode_In_ BOOLEAN Alertable, //0_In_opt_ PLARGE_INTEGER Timeout //0 );設置事件
LONG KeSetEvent (_Inout_ PRKEVENT Event, //要設置的事件_In_ KPRIORITY Increment, //提示優先權_In_ _Literal_ BOOLEAN Wait //修改狀態 TRUE阻塞那就會執行);案例
#include<ntddk.h>//定義一個事件 static KEVENT g_event;VOID Sleep(LONG msec) {LARGE_INTEGER My_interval;My_interval.QuadPart = (-10 * 1000);My_interval.QuadPart *= msec;KeDelayExecutionThread(KernelMode, 0, &My_interval); }//線程回調 VOID ThreadProc(PVOID context) {PUNICODE_STRING str = (PUNICODE_STRING)context;for (size_t i = 0; i < 10; i++){KdPrint(("%wZ %d\n", str, i));Sleep(1000);}//設置事件(設置后等待那立馬會執行)KeSetEvent(&g_event, 0, TRUE);//結束自身PsTerminateSystemThread(STATUS_SUCCESS); }VOID MyThreadProc() {UNICODE_STRING str = RTL_CONSTANT_STRING(L"Hello");HANDLE hThread = NULL;//初始化事件KeInitializeEvent(&g_event, SynchronizationEvent, FALSE);//創建線程NTSTATUS status = PsCreateSystemThread(&hThread, 0, NULL, NULL, NULL, (PKSTART_ROUTINE)ThreadProc, (PVOID)&str);if (!NT_SUCCESS(status)){KdPrint(("CreateThread error!\n"));if (hThread != NULL)ZwClose(hThread);return;}ZwClose(hThread);//等待事件(阻塞)KeWaitForSingleObject(&g_event, Executive, KernelMode, 0, 0);//等待KdPrint(("完畢\n"));}//卸載 VOID MyUnload(PDRIVER_OBJECT pDriverObject) {}NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pUnicodeString) {MyThreadProc();pDriverObject->DriverUnload = MyUnload;return STATUS_SUCCESS; }總結
