|
阅读:1417回复:1
这段代码倒是有什么问题?希望高手指点。
在驱动程序中遍历进程,放在入口 DriverEntry 能正常显示出来,而放入内核定时器却不能显示,跟踪发现在定时器中
FirstEProcess = EProcess = (DWORD)PsGetCurrentProcess(); 这句返回的是0!!是什么问题?如何解决? 下面是代码: int showProcess(LPSTR lpProcess) { PROCESS_INFO ProcessInfo = {0} ; DWORD EProcess ; DWORD FirstEProcess ; DWORD dwCount = 0 ; LIST_ENTRY* ActiveProcessLinks ; DWORD dwPidOffset = GetPlantformDependentInfo ( PROCESS_ID_OFFSET ) ; DWORD dwPNameOffset = GetPlantformDependentInfo ( FILE_NAME_OFFSET ) ; DWORD dwPLinkOffset = GetPlantformDependentInfo ( PROCESS_LINK_OFFSET ) ; DbgPrint ( "PidOff=0x%X NameOff=0x%X LinkOff=0x%X", dwPidOffset, dwPNameOffset, dwPLinkOffset ) ; FirstEProcess = EProcess = (DWORD)PsGetCurrentProcess(); if(!EProcess) { DbgPrint("Cannot find 'System' process!"); return; } __try { while ( EProcess != 0) { dwCount ++ ; ProcessInfo.dwProcessId = *( (DWORD*)( EProcess + dwPidOffset ) ); ProcessInfo.pImageFileName = (PUCHAR)( EProcess + dwPNameOffset ) ; DbgPrint ("[Pid=%8d] EProcess=0x%08X %s\n", ProcessInfo.dwProcessId, EProcess, ProcessInfo.pImageFileName) ; ActiveProcessLinks =(LIST_ENTRY*)(EProcess + dwPLinkOffset) ; EProcess = (DWORD)ActiveProcessLinks->Flink - dwPLinkOffset ; if (!EProcess) break; if (EProcess == FirstEProcess) break ; } DbgPrint ("ProcessNum = %d\n", dwCount) ; } __except (1) { DbgPrint ("EnumProcessList exception !") ; } } |
|
|
|
沙发#
发布于:2008-10-21 23:26
一天了,没一个指教一下,这里高手都这么自私吗?
|
|
|
