又一个问题代码,引用的是IamRainLiang朋友的代码,居然调试不通过,怪闷的。
http://blog.csdn.net/iamrainliang/archive/2008/01/25/2065572.aspx
#define MAX_PROC_NAME_LEN 256
#pragma INITCODE BOOLEAN EnumProcessList2() { PEPROCESS curproc; char *nameptr; ULONG i; static CHAR szName[MAX_PROC_NAME_LEN]; BOOLEAN find2=FALSE; DbgPrint(("Find Current Process Name begin!/n")); curproc = PsGetCurrentProcess(); //获取当前进程信息
// // Scan for 12KB, hopping the KPEB never grows that big! // for( i = 0; i < 3*PAGE_SIZE; i++ ) { //在WDM.h中定义#define PAGE_SIZE 0x1000 DbgPrint(("Process Name:%s/n",(PCHAR) curproc + i)); if(strcmp("NOTEPAD.EXE", (PCHAR) curproc + i)==0) {
nameptr = (PCHAR) curproc + i; strncpy( szName, nameptr, MAX_PROC_NAME_LEN-1 ); find2=TRUE; break; } } if(find2) DbgPrint(("Current Process Name:%s/n",szName)); else DbgPrint(("Current Process Name:no find!/n")); return TRUE; }
