#include <ntddk.h>
/*
*
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength; //最多支持 32767字符
PWSTR Buffer; // 不是以零结尾
}UNICODE_STRING, *PUNICODE_STRING;
typedef struct _STRING {
USHORT Length;
USHORT MaximumLength;
PCHAR Buffer;
}ANSI_STRING, *PANSI_STRING;
*/
VOID DriverUnload(PDRIVER_OBJECT pDriverObject)
{
DbgPrint("Goodbye world!\n");
}
VOID TestStringOperate()
{
UNICODE_STRING uStr1 = { 0 };
UNICODE_STRING uStr2 = { 0 };
UNICODE_STRING uStr3 = { 0 };
UNICODE_STRING uStr4 = { 0 };
ANSI_STRING aStr1 = { 0 };
WCHAR szHello[512] = L"Hello";
WCHAR szWorld[256] = L"World";
WCHAR szCopiedStr[1024] = L"";
UNICODE_STRING uHello = { 0 };
UNICODE_STRING uWorld = { 0 };
UNICODE_STRING uCopyiedStr = { 0 };
RtlInitUnicodeString(&uStr1, L"hello");
RtlInitUnicodeString(&uStr2, L"Goodbye");
DbgPrint("%ws\n", L"hello world");
DbgPrint("uStr1 = %wZ\n", &uStr1);
DbgPrint("uStr2 = %wZ\n", &uStr2);
RtlInitAnsiString(&aStr1, "Ansi to unicode");
DbgPrint("aStr1 = %Z\n", &aStr1);
//测试uStr3 申请内存才回调用 RtlCopyUnicodeString 成功
//uStr3.Buffer = ExAllocatePoolWithTag(PagedPool, 10, 'TSET');
//if (uStr3.Buffer == NULL)
//{
// DbgPrint("uStr3.Buffer allocate failed\n");
//}
//else
//{
// uStr3.Length = 10;
// uStr3.MaximumLength = 10;
// RtlCopyUnicodeString(&uStr3, &uStr1); //如果不申请空间直接Copy 就会失败 结果为null
// DbgPrint("uStr3=%wZ\n", &uStr3);
// ExFreePool(uStr3.Buffer);
//}
//RtlInitUnicodeString(&uStr2, L"HellO"); 更改uStr2 的值使的下面判断相等
if (RtlCompareUnicodeString(&uStr1, &uStr2, FALSE) == 0) //TRUE 为不区分大小写
{
DbgPrint("%wZ == %wZ\n", &uStr1, &uStr2);
}
else
{
DbgPrint("%wZ != %wZ\n", &uStr1, &uStr2);
}
RtlAnsiStringToUnicodeString(&uStr3, &aStr1, TRUE);// TRUE表示自动申请内存
DbgPrint("uStr3 = %wZ. uStr3.Length = %hu. uStr3.MaximumLength %hu", &uStr3,
uStr3.Length,
uStr3.MaximumLength);
RtlFreeUnicodeString(&uStr3);// 因为使用了RtlAnsiStringToUnicodeString 所以必须使用次函数释放空间
RtlInitUnicodeString(&uHello, szHello);
uHello.MaximumLength = sizeof(szHello);
DbgPrint("uHello=%wZ\n", &uHello);
RtlInitUnicodeString(&uWorld, szWorld);
DbgPrint("uWorld=%wZ\n", &uWorld);
RtlInitUnicodeString(&uCopyiedStr, szCopiedStr);
uCopyiedStr.MaximumLength = sizeof(szCopiedStr);
DbgPrint("szCopiedStr.MaximumLength = %hu.", uCopyiedStr.MaximumLength); // 2048字节大小
DbgPrint("uCopyiedStr=%wZ\n", &uCopyiedStr);
//Unicode字符串的追加(UNICODE_STRING)操作
RtlAppendUnicodeStringToString(&uHello, &uWorld); //Unicode -> Unicode
DbgPrint("uHello=%wZ\n", &uHello);
//Unicode字符串的追加(WCHAR[])操作
RtlAppendUnicodeToString(&uHello, szWorld); //WCHAR[] -> Unicode
DbgPrint("uHello=%wZ\n", &uHello);
//Unicode字符串的拷贝操作 UNICODE_STRING-> UNICODE_STRING
RtlCopyUnicodeString(&uCopyiedStr, &uHello);
DbgPrint("uCopyiedStr=%wZ\n", &uCopyiedStr);
uStr4.Buffer = ExAllocatePoolWithTag(PagedPool, (wcslen(L"Nice to meet u") + 1) * sizeof(WCHAR), 'POCU');
if (uStr4.Buffer == NULL)
{
return;
}
RtlZeroMemory(uStr4.Buffer, (wcslen(L"Nice to meet u") + 1) * sizeof(WCHAR));
uStr4.Length = uStr4.MaximumLength = (wcslen(L"Nice to meet u") + 1) * sizeof(WCHAR);
//不能调用RtlIniUnicodeString()来初始化 如果使用的话释放的时候会蓝屏
RtlCopyMemory(uStr4.Buffer, L"Nice to meet u", (wcslen(L"Nice to meet u") + 1) * sizeof(WCHAR));
DbgPrint("%wZ\n", &uStr4);
ExFreePool(uStr4.Buffer);
}
VOID MyTest()
{
UNICODE_STRING str = { 0 }; //Buffer 没有内存 必须正确初始化
//初始化
UNICODE_STRING ustrTest = { 0 }; //没有内存和数据
WCHAR* szHello = L"Hello, world!";
RtlInitUnicodeString(&ustrTest, szHello); // 直接把Buffer 指向HelloWorld的起始地址
//DECLARE_CONST_UNICODE_STRING(ustrTest, L"Hello, world!"); 此条语句等同于上面三条
DbgPrint("static string : %wZ", &ustrTest);
//栈上初始化
UNICODE_STRING ustrTestStack = { 0 };
WCHAR szHelloStack[512] = L"hello,world!";
ustrTestStack.Buffer = szHelloStack;
ustrTestStack.Length = wcslen(L"hello,world!") * sizeof(WCHAR);
ustrTestStack.MaximumLength = sizeof(szHelloStack);
DbgPrint("stack string : %wZ end %hu %hu", &ustrTestStack, ustrTestStack.Length, ustrTestStack.MaximumLength);
//堆上字符串
UNICODE_STRING ustrTestHeap = { 0 };
ustrTestHeap.Buffer = ExAllocatePoolWithTag(PagedPool, (wcslen(L"hello,world!") + 1) * sizeof(WCHAR), "POCU");
if (ustrTestHeap.Buffer == NULL)
{
DbgPrint("ExAllocatePoolWithTag Error For ustrTestHeap");
return STATUS_SUCCESS;
}
RtlZeroMemory(ustrTestHeap.Buffer, (wcslen(L"hello,world!") + 1) * sizeof(WCHAR));
ustrTestHeap.Length = ustrTestHeap.MaximumLength = (wcslen(L"hello,world!") + 1) * sizeof(WCHAR);
RtlCopyMemory(ustrTestHeap.Buffer, L"hello,world", ustrTest.Length);
DbgPrint("heap string :%wZ", &ustrTestHeap);
//清理堆上内存
ExFreePool(ustrTestHeap.Buffer);
ustrTestHeap.Buffer = NULL;
ustrTestHeap.Length = ustrTestHeap.MaximumLength = 0;
}
NTSTATUS DriverEntry(
IN PDRIVER_OBJECT pDriverObject,
IN PUNICODE_STRING pRegistryPath)
{
pDriverObject->DriverUnload = DriverUnload;
TestStringOperate();
return STATUS_SUCCESS;
}
【Window内核】UNICODE_STRING常用操作记录
最新推荐文章于 2023-11-14 09:01:09 发布