我需要检测驱动程序或系统中是否初始化了一个驱动程序......我有变量" DEVICE_OBJECT"获取此信息。研究了" DEVICE_OBJECT"和" DRIVER_OBJECT"提取此信息但未成功。有没有人有关于如何做的任何提示?
答案 0 :(得分:0)
NTSTATUS
IopInitializeDeviceNodeService(PDEVICE_NODE DeviceNode, BOOLEAN BootDriverOnly)
{
NTSTATUS Status;
ULONG ServiceStart;
RTL_QUERY_REGISTRY_TABLE QueryTable[2];
if (DeviceNode->ServiceName.Buffer == NULL)
{
return STATUS_UNSUCCESSFUL;
}
/*
* Get service start value
*/
RtlZeroMemory(QueryTable, sizeof(QueryTable));
QueryTable[0].Name = L"Start";
QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
QueryTable[0].EntryContext = &ServiceStart;
Status = RtlQueryRegistryValues(RTL_REGISTRY_SERVICES,
DeviceNode->ServiceName.Buffer, QueryTable, NULL, NULL);
if (!NT_SUCCESS(Status))
{
DPRINT("RtlQueryRegistryValues() failed (Status %x)\n", Status);
return Status;
}