Windows Driver Development Basics (ix) kernel functions

Windows Driver Development Basic Series, reprint please indicate source: http://blog.csdn.net/ikerpeng/article/details/38849861

This article mainly introduces 3 types of Windows kernel functions: String processing functions, file manipulation functions, registry read and write functions. ( These functions are run-time functions, so there are RTL words )

1 String processing functions

In the first driver, the commonly used string consists of 4 types: CHAR (note lowercase%s when printing), WCHAR(note uppercase%s when printing), ansi_string, unicode_string. More attention is paid to the comparison of the following two types of use, both of them not ending with the 0 mark.

It is initialized before use (like variable declarations and assignments in C). has its corresponding initialization function:

Rtlinitansistring (),rtlinitunicodestring (). Examples of use:

Ansi_string ansistring;

char* string = "Hello";

Rtlinitansistring (&ansistring, String);

likewise we have the corresponding: copy:rtlcopystring ()rtlcopyunicodestring () Comparison:rtlcompareunicodestring () Rtlcomparestring () converted to uppercase:rtlupperstring () rtlupcaseunicodestring () converted to integral type: Rtlunicodestringtointeger () integer conversion to Unicode Rtl Integer tounicodestring (). Check the manual when you use it!

2. File manipulation functions

The operation of the file mainly includes: file creation, open, modify, read, write and so on.

The basic common code for this file operation is:

Unicode_string STRING;

Rtlinitunicodestring (&string, L "\ \?? \\c:\\1.log ");

Object_attributes objattr;

initializeobjectattributes (&objattr, &string, obj_case_insensitive, NULL, NULL);

HANDLE hfile;

Io_status_block IoStatus;

These are the declarations and definitions of some of the parameters that the function is to invoke. Next, you can manipulate the created files. The main functions of the operation are:

File creation: Zwcreativefile () file property setting: Objectattributes () File Open: Zwopenfile () file information gets Zwsetinformationfile (), Modify the Write Zwwritefile () of the Read zwreadfile () file for the property zwqueryinformationfile () file.

3. Registration Form

The registry stores a pair of two-tuple structures: Key names--key values, and a registry key may also exist for his child.

Its operation and the operation of the file is very similar, the main function has Zwcreatkey (),Zwopenkey (),Zwsetvaluekey () (key value)Zwqueryvaluekey () Zwquerykey () (The operation of the key name) and so on.

The end of this section.

Reference documents

A detailed description of the Windows driver Development technology

Windows Driver Development Basics (ix) kernel functions