16,548
社区成员




// 就是搞不明白这句是要判断什么?是要判断 dwAddress 指针是否有效吗?还是什么意思?为什么这么写呢?谢谢
if ( 0 == (dwAddress = *(DWORD*)dwAddress) )
{
return FALSE;
}
BOOLEAN drvfunc_get_processfullname( OUT PCHAR pszFullProcessName, IN ULONG uSize )
{
BOOLEAN bRet;
NTSTATUS ntStatus;
ULONG uOsMajorVersion = 0;
ULONG uOsMinorVersion = 0;
WCHAR wszProName[ MAX_PATH ] = {0};
UNICODE_STRING szSource;
ANSI_STRING szDest;
#if AMD64
__int64 dwAddress = 0;
#else
DWORD dwAddress = 0;
#endif
if ( PASSIVE_LEVEL != KeGetCurrentIrql() )
{
return FALSE;
}
// ...
bRet = FALSE;
__try
{
ntStatus = drvfunc_get_os_version( &uOsMajorVersion, &uOsMinorVersion );
if ( NT_SUCCESS( ntStatus ) )
{
#if AMD64
dwAddress = (__int64)PsGetCurrentProcess();
#else
dwAddress = (DWORD)PsGetCurrentProcess();
#endif
if ( dwAddress > 0 && 0xFFFFFFFF != dwAddress )
{
// 目前只支持 Win 2000/xp/2003
if ( uOsMajorVersion >= 5 && uOsMinorVersion <= 2 )
{
// 取得 PEB,不同平台的位置是不同的。
if ( uOsMajorVersion == 5 && uOsMinorVersion < 2 )
{
dwAddress += BASE_PROCESS_PEB_OFFSET;
}
else
{
dwAddress += W2003_BASE_PROCESS_PEB_OFFSET;
}
if ( 0 == (dwAddress = *(DWORD*)dwAddress) )
{
return FALSE;
}
// 通过peb取得RTL_USER_PROCESS_PARAMETERS
dwAddress += BASE_PEB_PROCESS_PARAMETER_OFFSET;
if ( 0 == (dwAddress = *(DWORD*)dwAddress) )
{
return FALSE;
}
// 在 RTL_USER_PROCESS_PARAMETERS->ImagePathName 保存了路径,偏移为38,
dwAddress += BASE_PROCESS_PARAMETER_FULL_IMAGE_NAME;
if ( (dwAddress = *(DWORD*)dwAddress) == 0 )
{
return FALSE;
}
// ..
//_snwprintf( wszProName, sizeof(wszProName)-sizeof(WCHAR), "%s", (PCWSTR)dwAddress );
szSource.Buffer = (PWSTR)dwAddress;
szSource.Length = wcslen((PWSTR)dwAddress)*sizeof(WCHAR);
RtlUnicodeStringToAnsiString( &szDest, &szSource, TRUE );
// ..
_snprintf( pszFullProcessName, uSize-sizeof(char), "%s", szDest.Buffer );
}
}
}
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
}
return TRUE;
}