|
阅读:3093回复:5
PsSetCreateProcessNotifyRoutine一问
我的环境为xp操作系统, vc6, 装了NTDDK
想问问如何解决下面的错误, 分数够可以再加, 急着解决问题~~~~~ #define _X86_ #include <ntddk.h> VOID ProcessCreateMon ( IN HANDLE hParentId, IN HANDLE PId,IN BOOLEAN bCreate ) { return; } int main() { NTSTATUS status = PsSetCreateProcessNotifyRoutine( ProcessCreateMon, FALSE ); if (!NT_SUCCESS( status )) { return 0; } return 0; } 上面这段程序出现错误 --------------------Configuration: proc_mon - Win32 Debug-------------------- Compiling... main.cpp Linking... main.obj : error LNK2001: unresolved external symbol "long __cdecl PsSetCreateProcessNotifyRoutine(void (__cdecl*)(void *,void *,unsigned char),unsigned char)" (?PsSetCreateProcessNotifyRoutine@@YAJP6AXPAX0E@ZE@Z) Debug/proc_mon.exe : fatal error LNK1120: 1 unresolved externals Error executing link.exe. 但是如果去掉#define _X86_(我看别人的例子中也没有这个)就出现如下错误: --------------------Configuration: proc_mon - Win32 Debug-------------------- Compiling... main.cpp d:\program files\ntddk\inc\ddk\ntddk.h(7914) : error C2146: syntax error : missing ';' before identifier 'InterruptTime' d:\program files\ntddk\inc\ddk\ntddk.h(7914) : error C2501: 'InterruptTime' : missing storage-class or type specifiers d:\program files\ntddk\inc\ddk\ntddk.h(7928) : error C2146: syntax error : missing ';' before identifier 'SystemTime' d:\program files\ntddk\inc\ddk\ntddk.h(7928) : error C2086: 'KSYSTEM_TIME' : redefinition d:\program files\ntddk\inc\ddk\ntddk.h(7928) : error C2501: 'SystemTime' : missing storage-class or type specifiers d:\program files\ntddk\inc\ddk\ntddk.h(7935) : error C2146: syntax error : missing ';' before identifier 'TimeZoneBias' d:\program files\ntddk\inc\ddk\ntddk.h(7935) : error C2086: 'KSYSTEM_TIME' : redefinition d:\program files\ntddk\inc\ddk\ntddk.h(7935) : error C2501: 'TimeZoneBias' : missing storage-class or type specifiers d:\program files\ntddk\inc\ddk\ntddk.h(9101) : error C2146: syntax error : missing ';' before identifier 'ContextRecord' d:\program files\ntddk\inc\ddk\ntddk.h(9101) : error C2501: 'PCONTEXT' : missing storage-class or type specifiers d:\program files\ntddk\inc\ddk\ntddk.h(9101) : error C2501: 'ContextRecord' : missing storage-class or type specifiers d:\program files\ntddk\inc\ddk\ntddk.h(10051) : error C2146: syntax error : missing ';' before identifier 'KeTickCount' d:\program files\ntddk\inc\ddk\ntddk.h(10051) : fatal error C1004: unexpected end of file found Error executing cl.exe. proc_mon.exe - 13 error(s), 0 warning(s) |
|
|
沙发#
发布于:2004-07-12 16:17
extern "C"
PsSetCreateProcessNotifyRoutine@@YAJP6AXPAX0E@ZE@Z 明显不对,应该是 _PsSetCreateProcessNotifyRoutine@8 没事别老用CPP来写驱动,用C不是很好吗???? [编辑 - 7/12/04 by wowocock] |
|
|
|
板凳#
发布于:2004-07-12 17:33
把cpp改成c了,但是还是不行.错误代码如下:
我主要是想写一个监视windows中进程的创建与销毁的监视器. --------------------Configuration: proc_mon - Win32 Debug-------------------- Compiling... main.c Linking... main.obj : error LNK2001: unresolved external symbol _PsSetCreateProcessNotifyRoutine Debug/proc_mon.exe : fatal error LNK1120: 1 unresolved externals Error executing link.exe. |
|
|
地板#
发布于:2004-07-12 20:15
网上有现成的例子的......
|
|
|
|
地下室#
发布于:2007-11-20 11:46
--------------------Configuration: proc_mon - Win32 Debug--------------------
显然不能在win32中调用PsSetCreateProcessNotifyRoutine 嘛 |
|
|
5楼#
发布于:2007-11-23 09:15
这种活
wmi就可以了。 |
|