Fatal编程技术网
  • windows/
  • 从windows内核驱动程序持续写入文件

从windows内核驱动程序持续写入文件

windows kernel

从windows内核驱动程序持续写入文件,windows,kernel,wdk,wdm,Windows,Kernel,Wdk,Wdm,嗨,我是内核级编程新手,正在尝试构建一个简单的日志编写驱动程序。我试图实现的是让一个持久性驱动程序每隔预定义的时间间隔将引用的文本写入系统路径中的文件。(我还不熟悉IRQ挂钩) 我有以下的全球时间 // Timer PKTIMER pTimer = NULL; // Pointer to the timer PKDPC pDpcObject = NULL; // Pointer to the DPC #define IDLE_INTERVAL (10000) 我在DriverEntry中调用

嗨,我是内核级编程新手,正在尝试构建一个简单的日志编写驱动程序。我试图实现的是让一个持久性驱动程序每隔预定义的时间间隔将引用的文本写入系统路径中的文件。(我还不熟悉IRQ挂钩)

我有以下的全球时间

// Timer 
PKTIMER pTimer = NULL; // Pointer to the timer
PKDPC pDpcObject = NULL; // Pointer to the DPC
#define IDLE_INTERVAL (10000)
我在DriverEntry中调用以下代码(然而,以下代码的问题是,当计算机重新启动时,其写入功能失败),有人能建议修复吗?是否应该通过IRQ主要呼叫进行呼叫

while(1)
    {

        if (pTimer == NULL) // if timer object does not exist:
        {
            // Allocate memory for the object timer
            pTimer = (PKTIMER) ExAllocatePool (NonPagedPool, sizeof (KTIMER));
            KeInitializeTimer (pTimer); // Initialize the timer object
            // Allocate memory for the DPC object and initialize it
            pDpcObject = (PKDPC) ExAllocatePool (NonPagedPool, sizeof (KDPC));
            KeInitializeDpc (pDpcObject, MyDeferredRoutine, pTimer);
        }

        LARGE_INTEGER dueTime;
        dueTime.QuadPart = -10000 * IDLE_INTERVAL; // 10000 * 10000 * 1 ns
        // "Platoon" timer:
        KeSetTimerEx (pTimer,
                dueTime, // latency relative interval
                (IDLE_INTERVAL / 2), // period of 5 seconds, i.e. 5000 * 1 ms
                pDpcObject);

            if (KeReadStateTimer (pTimer))
            {
                //DbgPrint ("- Example- KeReadStateTimer returns TRUE.");
            }
            else
            {
            //  DbgPrint ("- Example- KeReadStateTimer returns FALSE.");
            }
        }
        Status = KeWaitForSingleObject (pTimer,
                       Executive, // IN KWAIT_REASON WaitReason,
                       KernelMode, // IN KPROCESSOR_MODE WaitMode,
                       FALSE, // IN BOOLEAN Alertable,
                       NULL); // IN PLARGE_INTEGER Timeout OPTIONAL



    RtlInitUnicodeString(&TestName, L"\\??\\C:\\log.txt");

    InitializeObjectAttributes(&ObjAttr, &TestName,
                                OBJ_CASE_INSENSITIVE,
                                0, NULL);

    Status = NtCreateFile(&TestFile,
                         FILE_WRITE_DATA + SYNCHRONIZE,
                         &ObjAttr,
                         &IoStatus, NULL,
                         FILE_ATTRIBUTE_NORMAL,
                         FILE_SHARE_WRITE,
                         FILE_OVERWRITE_IF,
                         FILE_SYNCHRONOUS_IO_NONALERT,
                         NULL, 0);
  if(Status == STATUS_SUCCESS)
  {
      Status = NtWriteFile(TestFile,
                            0, NULL, NULL,
                            &IoStatus,
                            (PCHAR)"OUR LOG STORED TO LOG FILE",
                            22,
                            NULL, NULL);
  }
  NtClose(TestFile);
    }
至少记录状态代码。使用L“\\??\\C:\\log.txt”