|
阅读:1564回复:0
驱动开发技术详解STRINGTEST蓝屏,求解如何WINDBG调试#pragma INITCODE
张帆 驱动技术详解中第6章节中 stringtest程序
如果将 代码: VOID StringTest() { //字符串初始化实验 StringInitTest(); //字符串拷贝实验 StringCopyTest(); //字符串比较实验 StringCompareTest(); //字符串变大写实验 StringToUpperTest(); //字符串与整型相互转化实验 StringToIntegerTest(); //ANSI_STRING字符串与UNICODE_STRING字符串相互转换实验 StringConverTest(); } 全部字符串测试执行话,将蓝屏 附上 ENTRY 和UNLOAD函数 代码: #pragma INITCODE extern "C" NTSTATUS DriverEntry ( IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath ) { NTSTATUS status; KdPrint(("Enter DriverEntry\n")); //注册其他驱动调用函数入口 pDriverObject->DriverUnload = HelloDDKUnload; pDriverObject->MajorFunction[IRP_MJ_CREATE] = HelloDDKDispatchRoutine; pDriverObject->MajorFunction[IRP_MJ_CLOSE] = HelloDDKDispatchRoutine; pDriverObject->MajorFunction[IRP_MJ_WRITE] = HelloDDKDispatchRoutine; pDriverObject->MajorFunction[IRP_MJ_READ] = HelloDDKDispatchRoutine; //创建驱动设备对象 status = CreateDevice(pDriverObject); PDEVICE_OBJECT pNextObj; pNextObj = pDriverObject->DeviceObject; PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION) pNextObj->DeviceExtension; UNICODE_STRING pLinkName = pDevExt->ustrSymLinkName; StringTest(); pDevExt = (PDEVICE_EXTENSION) pNextObj->DeviceExtension; pLinkName = pDevExt->ustrSymLinkName; KdPrint(("DriverEntry end\n")); return status; 代码: #pragma INITCODE VOID HelloDDKUnload (IN PDRIVER_OBJECT pDriverObject) { KdPrint(("Enter DriverUnload\n")); PDEVICE_OBJECT pNextObj; pNextObj = pDriverObject->DeviceObject; PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION) pNextObj->DeviceExtension; while (pNextObj != NULL) { PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION) pNextObj->DeviceExtension; //删除符号链接 UNICODE_STRING pLinkName = pDevExt->ustrSymLinkName; IoDeleteSymbolicLink(&pLinkName); pNextObj = pNextObj->NextDevice; IoDeleteDevice( pDevExt->pDevice ); } } 图片:debug.JPG  这个是在DRIVERENTRY()中断时候查看的变量 运行到UNLOAD()时候字符串已经无法访问了 经过查看DUMP文件定位和查看字符串内存,发现是使用INITCODE导致访问错误。 以上字符串函数不过是将问题暴楼出来而已 那么请教WINDBG中使用什么指令可以查看INITCODE处某一字符串被移除内存 我想验证下自己推断 |
|
