코드82 [ReactOs Source Code] KeAttachProcess, KeDetachProcess NTKERNELAPI VOID NTAPI KeAttachProcess ( IN PKPROCESS Process ) Definition at line 443 of file procobj.c. 00444 { 00445 KLOCK_QUEUE_HANDLE ApcLock; 00446 PKTHREAD Thread = KeGetCurrentThread(); 00447 ASSERT_PROCESS(Process); 00448 ASSERT_IRQL_LESS_OR_EQUAL(DISPATCH_LEVEL); 00449 00450 /* Make sure that we are in the right page directory (ReactOS Mm Hack) */ 00451 MiSyncForProcessAttach(Thread, (.. 2009. 1. 20. __declspec(naked) 함수의 같은 주소 맵핑 http://somma.egloos.com/3138752 이런상황이 있어..관련 글을 검색하는 중.. 나역시 .. 코드수정.. 2009. 1. 16. [WDK]커널에서 CurrentDirectory 구하기 커널함수중에는 GetCurrentDirectory가 없다. 그래서 _PEB 구조체를 뒤져보았다. kd> dt _PEB ntdll!_PEB +0x000 InheritedAddressSpace : UChar +0x001 ReadImageFileExecOptions : UChar +0x002 BeingDebugged : UChar +0x003 SpareBool : UChar +0x004 Mutant : Ptr32 Void +0x008 ImageBaseAddress : Ptr32 Void +0x00c Ldr : Ptr32 _PEB_LDR_DATA +0x010 ProcessParameters : Ptr32 _RTL_USER_PROCESS_PARAMETERS +0x014 SubSystemData : Ptr32 Vo.. 2009. 1. 8. [WDK] NtShutdownSystem typedef enum _SHUTDOWN_ACTION { ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff } SHUTDOWN_ACTION, *PSHUTDOWN_ACTION; Enumeration type SHUTDOWN_ACTION is used in a call to NtShutdownSystem function. ShutdownNoReboot Normal shutdown, after system closes, processor jump into infinite loop. ShutdownReboot BIOS Reset function is called, after system closes. ShutdownPowerOff BIOS Shutdown function.. 2008. 12. 30. [WDK] ZwDeleteFile로 파일 삭제 예 OBJECT_ATTRIBUTES oa; ANSI_STRING FileNameAnsi; UNICODE_STRING FileNameUnicode; PCHAR FilePath = (PCHAR)Irp->AssociatedIrp.SystemBuffer; CHAR szTemp[300] = "\\??\\"; HANDLE Directory = NULL; strcat( szTemp , FilePath ); RtlInitAnsiString(&FileNameAnsi, szTemp); ntStatus = RtlAnsiStringToUnicodeString(&FileNameUnicode, &FileNameAnsi, TRUE); if( ntStatus == STATUS_SUCCESS ) { InitializeObjectAttri.. 2008. 12. 23. 펌 블러그..리스트 컨트롤 뷰 참고 http://www.jamsun2.com/zbxe/study/50058 2008. 12. 8. 이전 1 ··· 7 8 9 10 11 12 13 14 다음