UnicodeString基本操作(Ring0)

Posted 生如逆旅 一苇以航

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了UnicodeString基本操作(Ring0)相关的知识,希望对你有一定的参考价值。

  1 #include "Unicode_String_Ring0.h"
  2 
  3 //bp Unicode_String_Ring0!DriverEntry
  4 NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegisterPath)
  5 {
  6     NTSTATUS Status = STATUS_SUCCESS;
  7     PDEVICE_OBJECT  DeviceObject = NULL;
  8     
  9     DriverObject->DriverUnload = DriverUnload;
 10     
 11     Test();
 12 
 13     return Status;
 14 }
 15 
 16 
 17 void Test()
 18 {
 19     //初始化
 20     //StringInitTest();
 21 
 22     //拷贝操作
 23     //StringCopyTest();
 24 
 25     //字符串比较
 26     //StringCompareTest();
 27 
 28     //字符串变大写
 29     //StringToUpperTest();
 30 
 31     //字符串与整型相互转化
 32     //StringToIntegerTest();
 33 
 34 
 35     //ANSI_STRING字符串与UNICODE_STRING字符串相互转换
 36     StringConverTest();
 37 
 38 
 39 }
 40 
 41 //初始化
 42 void StringInitTest()
 43 {
 44     //Sub_1();//常量初始化
 45     //Sub_2();
 46     Sub_3();//
 47 }
 48 void Sub_1()
 49 {
 50     //UNICODE_STRING
 51     //常量初始化
 52     UNICODE_STRING v1;
 53     RtlInitUnicodeString(&v1, L"HelloWorld");
 54     
 55     //v1.Buffer = 常量指针
 56     //v1.Length = 20
 57     //v1.MaximumLength = 22
 58 
 59     DbgPrint("%wZ\r\n", &v1);//Unicode打印L""
 60     
 61 
 62     /*
 63     //常量初始化ANSI_STRING
 64     //(1)用RtlInitAnsiString初始化字符串
 65     ANSI_STRING  AnsiString;
 66     CHAR * string = "hello";
 67     //初始化ANSI_STRING字符串
 68     RtlInitAnsiString(&AnsiString, string);
 69     DbgPrint("AnsiString:%Z\n", &AnsiString);
 70     */
 71 }
 72 void Sub_2()
 73 {
 74     UNICODE_STRING v1;
 75     WCHAR BufferData[] = L"HelloWorld";
 76     v1.Buffer = BufferData;
 77     v1.Length = wcslen(BufferData) * sizeof(WCHAR);
 78     v1.MaximumLength = (wcslen(BufferData) + 1) * sizeof(WCHAR);
 79     
 80     DbgPrint("%wZ\r\n", &v1);
 81 }
 82 void Sub_3()
 83 {
 84     UNICODE_STRING v1;
 85     WCHAR BufferData[] = L"HelloWorld";
 86 
 87     v1.Length = wcslen(BufferData) * sizeof(WCHAR);
 88     v1.MaximumLength = (wcslen(BufferData) + 1) * sizeof(WCHAR);
 89     v1.Buffer = ExAllocatePool(PagedPool, v1.MaximumLength);
 90 
 91     RtlZeroMemory(v1.Buffer, v1.MaximumLength);
 92     RtlCopyMemory(v1.Buffer, BufferData, v1.Length);
 93 
 94     DbgPrint("%wZ\r\n", &v1);
 95     
 96     if (v1.Buffer != NULL)
 97     {
 98         ExFreePool(v1.Buffer);
 99         v1.Buffer = NULL;
100         v1.Length = v1.MaximumLength = 0;
101     }
102 }
103 
104 //拷贝操作
105 void StringCopyTest()
106 {
107     UNICODE_STRING SourceString;
108     RtlInitUnicodeString(&SourceString, L"HelloWorld");
109 
110     UNICODE_STRING DestinationString = { 0 };
111     DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE);
112     DestinationString.MaximumLength = BUFFER_SIZE;
113 
114     RtlCopyUnicodeString(&DestinationString, &SourceString);
115 
116     DbgPrint("SourceString:%wZ\r\n", &SourceString);
117     DbgPrint("DestinationString:%wZ\n", &DestinationString);
118 
119     RtlFreeUnicodeString(&DestinationString);
120 }
121 
122 //字符串比较
123 void StringCompareTest()
124 {
125     //初始化UnicodeString1
126     UNICODE_STRING UnicodeString1;
127     RtlInitUnicodeString(&UnicodeString1,L"HELLOWORLD");
128 
129     //初始化UnicodeString2
130     UNICODE_STRING UnicodeString2;
131     //RtlInitUnicodeString(&UnicodeString2, L"Hello");
132     //RtlInitUnicodeString(&UnicodeString2, L"HELLOWORLD");
133     RtlInitUnicodeString(&UnicodeString2, L"helloworld");
134 
135 
136     if (RtlEqualUnicodeString(
137         &UnicodeString1, 
138         &UnicodeString2, 
139         TRUE
140         //If TRUE, 
141         //case should be ignored when doing the comparison.
142     )
143         )
144     {
145         DbgPrint("UnicodeString1 and UnicodeString2 are equal\n");
146     }
147     else
148     {
149         DbgPrint("UnicodeString1 and UnicodeString2 are NOT equal\n");
150     }
151 
152 
153 
154 
155 
156 }
157 
158 //字符串变大写
159 void StringToUpperTest()
160 {
161     UNICODE_STRING SourceString;
162     RtlInitUnicodeString(&SourceString, L"Hello World");
163 
164     UNICODE_STRING DestinationString;
165     DestinationString.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE);
166     DestinationString.MaximumLength = BUFFER_SIZE;
167     
168     //变化前
169     DbgPrint("变化前:%wZ\n", &SourceString);
170     //变大写
171     RtlUpcaseUnicodeString(
172         &DestinationString, //DestinationString
173         &SourceString, //SourceString
174         FALSE//Specifies if RtlUpcaseUnicodeString is to allocate the buffer space for the DestinationString. 
175              //If it does, the buffer must be deallocated by calling RtlFreeUnicodeString.
176     );
177 
178     //变化后
179     DbgPrint("变化后:%wZ\n", &DestinationString);
180 
181     RtlFreeUnicodeString(&DestinationString);
182 }
183 
184 
185 
186 //字符串与整型相互转化
187 void StringToIntegerTest()
188 {
189     //(1)字符串转换成数字
190     UNICODE_STRING UnicodeString1;
191     RtlInitUnicodeString(&UnicodeString1, L"-100");
192     
193     ULONG lNumber;
194     NTSTATUS Status = 
195         RtlUnicodeStringToInteger(//第二个参数Base
196             &UnicodeString1, 
197             //10,//-100是10进制 //输出-100
198             //16,//-100是16进制  //输出-256
199             8,   //-100是8进制 //输出-64
200             &lNumber
201         );
202 
203     if (NT_SUCCESS(Status))
204     {
205         DbgPrint("Conver to integer succussfully!\n");
206         DbgPrint("Result:%d\n", lNumber);
207     }
208     else
209     {
210         DbgPrint("Conver to integer unsuccessfully!\n");
211     }
212     //(2)数字转换成字符串
213     UNICODE_STRING UnicodeString2 = { 0 };
214     UnicodeString2.Buffer = (PWSTR)ExAllocatePool(PagedPool, BUFFER_SIZE);
215     UnicodeString2.MaximumLength = BUFFER_SIZE;
216 
217     Status = RtlIntegerToUnicodeString(//同上 第二参数是Base
218         200, 
219         //10, //输出200
220         //8,  //输出310
221         16,   //输出  C8
222         &UnicodeString2
223     );
224 
225     /*
226     HEX C8
227     DEC 200
228     OCT 310
229     */
230 
231     if (NT_SUCCESS(Status))
232     {
233         DbgPrint("Conver to string succussfully!\n");
234         DbgPrint("Result:%wZ\n", &UnicodeString2);
235     }
236     else
237     {
238         DbgPrint("Conver to string unsuccessfully!\n");
239     }
240 
241     //销毁UnicodeString2
242     //注意!!UnicodeString1不用销毁
243     RtlFreeUnicodeString(&UnicodeString2);
244 
245 
246 }
247 
248 
249 
250 //ANSI_STRING字符串与UNICODE_STRING字符串相互
251 void StringConverTest()
252 {
253     //(1)将UNICODE_STRING字符串转换成ANSI_STRING字符串
254     //初始化UnicodeString1
255     UNICODE_STRING UnicodeString1;
256     RtlInitUnicodeString(&UnicodeString1, L"HelloWorld");
257 
258     ANSI_STRING AnsiString1;
259     NTSTATUS Status = RtlUnicodeStringToAnsiString(
260         &AnsiString1, 
261         &UnicodeString1, 
262         TRUE
263         //TRUE if this routine is to allocate the buffer space for the DestinationString. 
264         //If it does, the buffer must be deallocated by calling RtlFreeAnsiString.
265     );
266 
267     if (NT_SUCCESS(Status))
268     {
269         DbgPrint("Conver succussfully!\n");
270         DbgPrint("Result:%Z\n", &AnsiString1);
271     }
272     else
273     {
274         DbgPrint("Conver unsuccessfully!\n");
275     }
276 
277     //销毁AnsiString1
278     RtlFreeAnsiString(&AnsiString1);
279 
280     //(2)将ANSI_STRING字符串转换成UNICODE_STRING字符串
281 
282     ANSI_STRING AnsiString2;
283     RtlInitString(&AnsiString2, "HelloWorld");
284 
285     UNICODE_STRING UnicodeString2;
286     Status = RtlAnsiStringToUnicodeString(
287         &UnicodeString2, 
288         &AnsiString2, 
289         TRUE
290         //Specifies if this routine should allocate the buffer space for the destination string. 
291         //If it does, the caller must deallocate the buffer by calling RtlFreeUnicodeString.
292         
293 
294     );
295 
296     if (NT_SUCCESS(Status))
297     {
298         DbgPrint("Conver succussfully!\n");
299         DbgPrint("Result:%wZ\n", &UnicodeString2);
300     }
301     else
302     {
303         DbgPrint("Conver unsuccessfully!\n");
304     }
305 
306     //销毁UnicodeString2
307     RtlFreeUnicodeString(&UnicodeString2);
308 }
309 
310 VOID DriverUnload(PDRIVER_OBJECT DriverObject)
311 {
312     DbgPrint("DriverUnload()\r\n");
313 }
 1 #include <ntifs.h>
 2 
 3 
 4 #define BUFFER_SIZE 0x400
 5 
 6 void Test();
 7 
 8 //初始化操作
 9 void StringInitTest();
10 void Sub_1();//常量初始化
11 void Sub_2();
12 void Sub_3();
13 
14 //拷贝操作
15 void StringCopyTest();
16 
17 //字符串比较
18 void StringCompareTest();
19 
20 //字符串变大写
21 void StringToUpperTest();
22 
23 //字符串与整型相互转化
24 void StringToIntegerTest();
25 
26 //ANSI_STRING字符串与UNICODE_STRING字符串相互
27 void StringConverTest();
28 
29 
30 VOID DriverUnload(PDRIVER_OBJECT DriverObject);

 

以上是关于UnicodeString基本操作(Ring0)的主要内容,如果未能解决你的问题,请参考以下文章

ring0

什么是ring0-ring3

我有这个unicodestring“Param�tres”,è被转换成未知字符。为啥?

Ring0 - Lookaside结构

Ring0级的探索

全虚拟化和半虚拟化的区别 cpu的ring0 ring1又是什么概念?