内核函数们(1)：

 

字符串：
RtlUpperString    ansic
RtlUpcaseUnicodeString    unicode
RtlInitUnicodeString Unicode
RtlUnicodeStringToInteger
RtlIntegerToUnicodeString
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
RtlFreeAnsiString
RtlInitString
设备：
ZwCreatFile
InitializeObjectAttributes
ZwOpenFile
ZwClose
ZwSetInfomationFile
ZwQueryInformationFile
ZwWriteFile
内存：
PsGetCurrentProcess
ExAllocatePool
ExAllocatePoolWithTag
ExAllocatePoolWithQuota
ExAllocatePoolWithQuotaTag
ExFreePool
ExFreePoolWithTag
CONTANING_RECORD macro
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExAllocateFromNPagedLookasideList
ExAllocateFromPagedLookasideList
ExFreeToNPagedLookasideList
ExFreeToPagedLookasideList
ExDeleteNPagedLookasideList
ExDeletePageLookasideList

RtlCopyMemory
RtlMoveMemory
RtlFillMemory
RtlZeroMemory
RtlEqualMemory
RtlCompareMemory

IRP
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
IoCreateSymbolicLink
IoGetCurrentIrpStackLocation(pIrp)
IoCreateDevice

IRP PCOCESS
PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);
ULONG ulReadLength = stack->Parameters.Read.Length;
pIrp->IoStatus.Status = STATUS_SUCCESS;
pIrp->IoStatus.Information = ulReadLength;
memset(pIrp->AssociatedIrp.SystemBuffer,0xAA,ulReadLength);
IoCompleteRequest(pIrp,IO_NO_INCREMENT);

write size:

stack->Parameters.Write.Length

get offset:

(ULONG)stack->Parameter.Write.ByteOffset.QuadPart

write to Extension:

1. memcpy(pDevExt->buffer+ulWriteOffset,pIrp->AssociatedIrp.SystemBuffer,ulWriteLength)

driver synchronization:

1. KeGetCurrnetIrql()// get current IRQL
2. // the lowest level in the user mode is PASSIVE_LEVEL, 
3. // the highest DISPATCH_LEVEL.

IRQL adjusting functions:

1. KeRaiseIrql()
2. KeLowerIrql()

Spin Lock:

1. KeInitializeSpinLock()
2. //initialization 
3. KeAcquireSpinLock()
4. //application for mem 
5. KeReleaseSpinLock()
6. //release spin lock 
7. KeAcquireSpinLockAtDpcLevel()
8. KeReleaseSpinLockAtDpcLevel()
9. //acquire and release spin lock without level changed when at DISPATCH_LEVEL 

Synchronize under user mode

1. WaitForSingleObject()
2. WaitMultipleObjects()
3. CreateEvent()
4. SetEvent()// to set the event usable
5. /////
6. //sephamore
7. /////
8. CreateSephamore()
9. ReleaseSephamore()
10. ///// sephamore can be waited by waitforsingleobject functions
12. /////
13. //Mutex
14. /////
15. CreateMutex()
16. ReleaseMutex()
17. /////
19. // the usage of WaitForMutipleObjects()
20. HANDLE hThread[2];
21. hThread[0] = (HANDLE)_beginthread(...);
22. hThread[1] = (HANDLE)_beginthread(...);
23. WaitForMutipleObjects(...);
24. //// end
25. //

Synchronizing Objects under user mode:

1. KeWaitForSingleObject(...)
2. KeWaitForMutipleObjects(...)
3. //Even

1. //
2. PsCreateSystemThread(...)
3. IoGetCurrentProcess(...)
4. PsTerminateSystemThread(...)
5. //

Synchronizing Objects under kernel mode:

1. // 
2. KeInitializeEven(...)
3. KeSetEvent(...)
4. KeInitializeSephamore(...)
5. KereleaseSephamore(...)
6. KeReadStateSephamore(...)
7. // 
8. KeInitializeMutex(...)
9. KeReleaseMutex(...)
10. KeStallExecutionProcessor(time)
11. //force the process stop for time. 
12. //
13. //

 

1. //
2. //Fast Mutex
3. ExAcquireFastMutex(...)
4. ExReleaseFastMutex(...)
5. ExInitializeFastMutex(...)
6. //