遍历内核设备栈

VOID GetDeviceObjectInfo(PDEVICE_OBJECT devObj)
{
	POBJECT_HEADER ObjectHeader;
	POBJECT_HEADER_NAME_INFO ObjectNameInfo;

	if (devObj == NULL)
	{
		KdPrint(("DevObj is NULL \n"));
		return;
	}
	ObjectHeader = OBJECT_TO_OBJECT_HEADER(devObj);

	if (ObjectHeader)
	{
		ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);

		if (ObjectNameInfo && ObjectNameInfo->Name.Buffer)
		{
			KdPrint(("Driver Name:%wZ - Device Name:%wz - Driver Address:0x%x - Device Address:0x%x\n",
				&devObj->DriverObject->DriverName,
				&ObjectNameInfo->Name,
				devObj->DriverObject,
				devObj));
		}
		else if (devObj->DriverObject)
		{
			DbgPrint( "Driver Name:%wZ - Device Name:%S - Driver Address:0x%x - Device Address:0x%x\n",
                &devObj->DriverObject->DriverName,
                L"NULL",
                devObj->DriverObject,
                devObj );
		}

	}
}

VOID GetAttachedDeviceInfo(PDEVICE_OBJECT DevObj)
{
	PDEVICE_OBJECT DeviceObject;

	if (DevObj == NULL)
	{
		DbgPrint( "DevObj is NULL!\n" );
		return;
	}

	DeviceObject = DevObj->AttachedDevice;
	while (DeviceObject)
	{
		DbgPrint( "Attached Driver Name:%wZ,Attached Driver Address:0x%x,Attached DeviceAddress:0x%x\n",
			&DeviceObject->DriverObject->DriverName,
			DeviceObject->DriverObject,
            DeviceObject );
		DeviceObject = DeviceObject->AttachedDevice;
	}
}

PDRIVER_OBJECT
EnumDeviceStack(PWSTR pwszDeiveName)
{
	UNICODE_STRING	DriverName;
	PDRIVER_OBJECT	DriverObject = NULL;
	PDEVICE_OBJECT	DeviceObject = NULL;

	RtlInitUnicodeString(&DriverName, pwszDeiveName);

	ObReferenceObjectByName(&DriverName,
					OBJ_CASE_INSENSITIVE,
					NULL,
					0,
					(POBJECT_TYPE) IoDriverObjectType,
					KernelMode,
					NULL,
					(PVOID *)&DriverObject );
	if (DriverObject == NULL)
	{
		return NULL;
	}

	DeviceObject = DriverObject->DeviceObject;

	while (DeviceObject)
	{
		GetDeviceObjectInfo(DeviceObject);

		if (DeviceObject->AttachedDevice)
		{
			GetAttachedDeviceInfo(DeviceObject);
		}
		if (DeviceObject->Vpb && DeviceObject->Vpb->DeviceObject)
		{
			GetDeviceObjectInfo(DeviceObject->Vpb->DeviceObject);

			if (DeviceObject->Vpb->DeviceObject->AttachedDevice)
			{
				GetAttachedDeviceInfo(DeviceObject->Vpb->DeviceObject);
			}
		}
		
		DeviceObject = DeviceObject->NextDevice;
	}

	return DriverObject;
}


阅读更多
文章标签: object null header
个人分类: Windows 相关
想对作者说点什么? 我来说一句

白话设备栈 windows内核

2014年12月31日 151KB 下载

没有更多推荐了,返回首页

加入CSDN,享受更精准的内容推荐,与500万程序员共同成长!
关闭
关闭