内核线程创建列子

//vs2013+ wdk8.1下编译 #include <ntddk.h>BOOLEAN bStoped = FALSE; PVOID pThreadObj=NULL; NTSTATUS Unload(PDRIVER_OBJECT driver) {DbgPrint("unloaded!");bStoped = TRUE;KeWaitForSingleObject(pThreadObj, Executive, KernelMode, FALSE, NULL);ObDereferenceObject(pThreadObj);return STATUS_SUCCESS; }void MyThread(PVOID pContext) {LARGE_INTEGER interval;interval.QuadPart = -10000000;//1sint i = 0;while (!bStoped){DbgPrint("in loop thread %d",i);i++;/*something you can do*/KeDelayExecutionThread(KernelMode, FALSE, &interval);}PsTerminateSystemThread(STATUS_SUCCESS); }NTSTATUS CreateMyThread() {OBJECT_ATTRIBUTES ObjAddr = { 0 };HANDLE ThreadHandle = 0;NTSTATUS status = STATUS_SUCCESS;InitializeObjectAttributes(&ObjAddr, NULL, OBJ_KERNEL_HANDLE, 0, NULL);status = PsCreateSystemThread(&ThreadHandle, THREAD_ALL_ACCESS, &ObjAddr, NULL, NULL, MyThread, NULL);if (NT_SUCCESS(status)){DbgPrint("Create Thread Success");status = ObReferenceObjectByHandle(ThreadHandle, THREAD_ALL_ACCESS, *PsThreadType, KernelMode, &pThreadObj, NULL);ZwClose(ThreadHandle);if (!NT_SUCCESS(status)){bStoped = TRUE;}}return status; }NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path) {driver->DriverUnload = Unload;CreateMyThread();return STATUS_SUCCESS;}

内核输出

总结

以上是生活随笔为你收集整理的内核线程创建列子的全部内容，希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错，欢迎将生活随笔推荐给好友。