PsGetCurrentProcess
来源:互联网 发布:网络资讯 编辑:程序博客网 时间:2024/05/01 12:40
PsGetCurrentProcess的定义如下:
PsGetCurrentProcess
The PsGetCurrentProcess routine returns a pointer to the process of the current thread.
PEPROCESS
PsGetCurrentProcess(
VOID
);
- None
Parameters
Return Value
PsGetCurrentProcess returns a pointer to an opaque process object.
IoGetCurrentProcess和PsGetCurrentProcess是同一个函数,其反汇编代码如下:
在删除一个服务的时候,首先要使用ControlService发送SERVICE_STOP控制码给服务,
这个时候不能立即就调用DeleteService来删除服务,这样服务是删除不掉的,只是标记为
已删除状态,而没有真正的从注册表里删除掉这个服务键值。所以,当再次调用CreateService或
其他与该服务相关的函数时,会返回ERROR_SERVICE_MARKED_FOR_DELETE,这样只有重启了。
如果这个时候调用QueryServiceStatus函数时,会返回SERVICE_STOP_PENDING状态,这表示
服务在停止的时候阻塞了,因此正确的做法是在调用ControlService停止服务后,要等待一段时间,
再删除。为此,我在网上找到一个别人写的WaitForServiceStatus函数,很强大,这样可以成功的
卸载服务了,代码如下:
对CTL_CODE四种状态的解释
The system describes buffers for each TransferType value as follows:
- METHOD_BUFFERED
- For this transfer type, IRPs supply a pointer to a buffer at Irp->AssociatedIrp.SystemBuffer. This buffer represents both the input buffer and the output buffer that are specified in calls to DeviceIoControl and IoBuildDeviceIoControlRequest. The driver transfers data out of, and then into, this buffer.
For input data, the buffer size is specified by Parameters.DeviceIoControl.InputBufferLength in the driver's IO_STACK_LOCATION structure. For output data, the buffer size is specified by Parameters.DeviceIoControl.OutputBufferLength in the driver's IO_STACK_LOCATION structure.
The size of the space that the system allocates for the single input/output buffer is the larger of the two length values.
- METHOD_IN_DIRECT or METHOD_OUT_DIRECT
- For these transfer types, IRPs supply a pointer to a buffer at Irp->AssociatedIrp.SystemBuffer. This represents the input buffer that is specified in calls to DeviceIoControl and IoBuildDeviceIoControlRequest. The buffer size is specified by Parameters.DeviceIoControl.InputBufferLength in the driver's IO_STACK_LOCATION structure.
For these transfer types, IRPs also supply a pointer to an MDL at Irp->MdlAddress. This represents the output buffer that is specified in calls to DeviceIoControl and IoBuildDeviceIoControlRequest. However, this buffer can actually be used as either an input buffer or an output buffer, as follows:
- METHOD_IN_DIRECT is specified if the driver that handles the IRP receives data in the buffer when it is called. The MDL describes an input buffer, and specifying METHOD_IN_DIRECT ensures that the executing thread has read-access to the buffer.
- METHOD_OUT_DIRECT is specified if the driver that handles the IRP will write data into the buffer before completing the IRP. The MDL describes an output buffer, and specifying METHOD_OUT_DIRECT ensures that the executing thread has write-access to the buffer.
For both of these transfer types, Parameters.DeviceIoControl.OutputBufferLength specifies the size of the buffer that is described by the MDL.
- METHOD_NEITHER
- The I/O manager does not provide any system buffers or MDLs. The IRP supplies the user-mode virtual addresses of the input and output buffers that were specified to DeviceIoControl or IoBuildDeviceIoControlRequest, without validating or mapping them.
The input buffer's address is supplied by Parameters.DeviceIoControl.Type3InputBuffer in the driver's IO_STACK_LOCATION structure, and the output buffer's address is specified by Irp->UserBuffer.
Buffer sizes are supplied by Parameters.DeviceIoControl.InputBufferLength and Parameters.DeviceIoControl.OutputBufferLength in the driver's IO_STACK_LOCATION structure.
- PsGetCurrentProcess
- PsGetCurrentProcess得进程路径
- PsGetCurrentProcess为什么能定位活动进程链(转)
- 内部类学习(五)--静态内部类(Static Inner Class)
- 《C++程序设计原理与实践》书评
- Ubuntu支持FlashPlayer10
- Linux修改时间和日期的方法
- 踩蘑菇之旅
- PsGetCurrentProcess
- fork/vfork/clone
- 正在连接到localhost...不能打开到主机的连接, 在端口 1433: 连接失败
- Linux下Android 开发环境搭建(SDK+NDK) -CentOS
- 掌握模拟电路设计需要阅读的几本参考书!
- Linux DDNS 动态域名解析服务配置
- 11个以上的手把手游戏开发教程
- MySQL 字符串函数:字符串截取
- 新官上任不容易 下属如何看新上司
