#include "ntstrsafe.h"
VOID Dbg_add_log(char * log);
VOID MyGetCurrentTime(char * szTime);
VOID Dbg_add_log(char * log)
{
HANDLE hFile;
OBJECT_ATTRIBUTES obj_attr;
UNICODE_STRING obj_attr_name;
IO_STATUS_BLOCK io_status;
LARGE_INTEGER number;
RtlInitUnicodeString(&obj_attr_name,L"\\??\\c:\\kevin_add.log");
InitializeObjectAttributes(&obj_attr,&obj_attr_name,OBJ_CASE_INSENSITIVE,
NULL,NULL);
NTSTATUS status = ZwCreateFile(&hFile,GENERIC_WRITE ,&obj_attr,&io_status,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_WRITE,FILE_OPEN_IF,FILE_SYNCHRONOUS_IO_NONALERT,NULL,0
);
if (!NT_SUCCESS(status))
{
KdPrint(("文件创建失败\r\n"));
return;
}
else
KdPrint(("文件创建成功\r\n"));
FILE_STANDARD_INFORMATION fsi;
status = ZwQueryInformationFile(hFile,
&io_status,
&fsi,
sizeof
(FILE_STANDARD_INFORMATION),
FileStandardInformation);
if (NT_SUCCESS(status))
{
number.QuadPart = fsi.EndOfFile.QuadPart;
}
if(strlen(log)>(1023-32))
{
//KdPrint("单行日字符超过1024");
return ;
}
char szTime[32] = {0};
MyGetCurrentTime(szTime);
char log_content[1024] = {0};
sprintf(log_content,"%s %s\r\n",szTime,log);
PCHAR pWritetofile = (PCHAR)ExAllocatePool(PagedPool,1024);
ULONG len = strlen(log_content);
RtlCopyMemory(pWritetofile,log_content,strlen(log_content));
status = ZwWriteFile(hFile,NULL,NULL,NULL,&io_status,pWritetofile,len,&number,NULL);
ZwClose(hFile);
ExFreePool(pWritetofile);
}
void MyGetCurrentTime(char * szTime)
{
//static CHAR szTime[128];
LARGE_INTEGER SystemTime;
LARGE_INTEGER LocalTime;
TIME_FIELDS timeFiled;
KeQuerySystemTime(&SystemTime);
ExSystemTimeToLocalTime(&SystemTime, &LocalTime);
RtlTimeToTimeFields(&LocalTime, &timeFiled);
sprintf(szTime, "%d-%02d-%02d %02d:%02d:%02d"
, timeFiled.Year
, timeFiled.Month
, timeFiled.Day
, timeFiled.Hour
, timeFiled.Minute
, timeFiled.Second
);
//return szTime;
}
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
