코드/kernel25 [WDK] RtlGetVersion 함수 NTSTATUS NTAPI RtlGetVersion(RTL_OSVERSIONINFOW *Info) { if (Info->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOW) || Info->dwOSVersionInfoSize == sizeof(RTL_OSVERSIONINFOEXW)) { PPEB Peb = NtCurrentPeb(); Info->dwMajorVe rsion = Peb->OSMajorVersion; Info->dwMinorVe rsion = Peb->OSMinorVersion; Info->dwBuildNu mber = Peb->OSBuildNumber; Info->dwPlatfor mId = Peb->OSPlatformId; if(((Peb->OSCSD .. 2009. 3. 10. 레지스트리 값 읽기 NTSTATUS RtlReadRegistry( IN PWCHAR RegistryPath , IN PWCHAR Name) { HANDLE reg; OBJECT_ATTRIBUTES oa; NTSTATUS ntStatus = STATUS_SUCCESS; PVOID BufImagPathName = NULL; UNICODE_STRING uImagPathNameString = {0,}; UNICODE_STRING A,uRegistryPath; PKEY_VALUE_PARTIAL_INFORMATION bufA; ULONG ActualSize; RtlInitUnicodeString(&uRegistryPath, RegistryPath); InitializeObjectAttributes(&oa,uRegistryPath,OB.. 2009. 3. 4. 운영체제별 Native Api 리스트 http://jedi-apilib.sourceforge.net/native/NativeList.html 2009. 2. 11. [ReactOs Source Code] KeAttachProcess, KeDetachProcess NTKERNELAPI VOID NTAPI KeAttachProcess ( IN PKPROCESS Process ) Definition at line 443 of file procobj.c. 00444 { 00445 KLOCK_QUEUE_HANDLE ApcLock; 00446 PKTHREAD Thread = KeGetCurrentThread(); 00447 ASSERT_PROCESS(Process); 00448 ASSERT_IRQL_LESS_OR_EQUAL(DISPATCH_LEVEL); 00449 00450 /* Make sure that we are in the right page directory (ReactOS Mm Hack) */ 00451 MiSyncForProcessAttach(Thread, (.. 2009. 1. 20. __declspec(naked) 함수의 같은 주소 맵핑 http://somma.egloos.com/3138752 이런상황이 있어..관련 글을 검색하는 중.. 나역시 .. 코드수정.. 2009. 1. 16. [WDK]커널에서 CurrentDirectory 구하기 커널함수중에는 GetCurrentDirectory가 없다. 그래서 _PEB 구조체를 뒤져보았다. kd> dt _PEB ntdll!_PEB +0x000 InheritedAddressSpace : UChar +0x001 ReadImageFileExecOptions : UChar +0x002 BeingDebugged : UChar +0x003 SpareBool : UChar +0x004 Mutant : Ptr32 Void +0x008 ImageBaseAddress : Ptr32 Void +0x00c Ldr : Ptr32 _PEB_LDR_DATA +0x010 ProcessParameters : Ptr32 _RTL_USER_PROCESS_PARAMETERS +0x014 SubSystemData : Ptr32 Vo.. 2009. 1. 8. 이전 1 2 3 4 5 다음