驱动层怎样获得当前进程全路径名(1)

1 VXD

在win98中文操作系统第二版试验通过,使用VTLOOLSD。需要知道如下数据结构，这些结构在<<win95

系统奥秘>>有详细介绍，可参照kendiv的blog。

1.1 进程控制结构

typedef struct _PROCESS_DATABASE {

DWORD Type; //00h

DWORD cReference; //04h

DWORD un1; //08h

DWORD someEvent; //0Ch

DWORD TerminationStatus; //10h

DWORD un2; //14h

DWORD DefaultHeap; //18h

DWORD MemoryContext; //1Ch

DWORD flags; //20h

DWORD pPSP; //24h

WORD PSPSelector; //28h

WORD MTEIndex; //2Ah

WORD cThreads; //2Ch

WORD cNotTermThreads; //2Eh

WORD un3; //30h

WORD cRing0Threads; //32h

HANDLE HeapHandle; //34h

HTASK W16TDB; //38h

DWORD MemMapFiles; //3Ch

PEDB pEDB; //40h

PHANDLE_TABLE pHandleTable; //44h

PPDB ParentPDB; //48h

PMODREF MODREFlist; //4Ch

DWORD ThreadList; //50h

DWORD DebuggeeCB; //54h

DWORD LocalHeapFreeHead; //58h

DWORD InitialRing0ID; //5Ch

CRITICAL_SECTION crst; //60h

DWORD pConsole; //84h

DWORD tlsInUseBits1; //88h

DWORD tlsInUseBits2; //8Ch

DWORD ProcessDWORD; //90h

PPDB ProcessGroup; //94h

PMODREF pExeMODREF; //98h 指向当前进程模块描述符的指针

DWORD TopExcFilter; //9Ch

DWORD BasePriority; //A0h

DWORD HeapOwnList; //A4h

DWORD HeapHandleBlockList;//A8h

DWORD pSomeHeapPtr; //ACh

DWORD pConsoleProvider; //B0h

WORD EnvironSelector; //B4h

WORD ErrorMode; //B6H

DWORD pevtLoadFinished; //B8h

WORD UTState; //BCh

} *PPDB, PROCESS_DATABASE, *PPROCESS_DATABASE;

每个进程一个PDB，PDB的地址实际就是VWIN32_GetCurrentProcessHandle()的返回值。

1.2 模块描述符

typedef struct _MODREF

{

PMODREF pNextModRef; //00h

DWORD un1; //04h

DWORD un2; //08h

DWORD un3; //0Ch

WORD mteIndex; //10h 该模块在全局模块列表的索引

WORD un4; //12h

DWORD un5; //14h

PVOID ppdb; //18h

DWORD un6; //1Ch

DWORD un7; //20h

DWORD un8; //24h

} MODREF, *PMODREF;

进程的每一个Module都用一个这样的结构来描述

1.3 全局模块数组

typedef struct _IMTE

{

DWORD un1; //00h

PIMAGE_NT_HEADERS pNTHdr; //04h

DWORD un2; //08h

PSTR pszFileName; //0Ch 模块全路径名

PSTR pszModName; //10h

WORD cbFileName; //14h

WORD cbModName; //16h

DWORD un3; //18h

DWORD cSections; //1Ch

DWORD un5; //20h

DWORD baseAddress; //24h

WORD hModule16; //28h

WORD cUsage; //2Ah

DWORD offset; //2Ch

PSTR pszFileName2; //30h

WORD cbFileName2; //34h

DWORD pszModName2; //36h

WORD cbModName2; //3Ah

} IMTE, *PIMTE;

PIMTE ImteTable[];

系统维护一个全局数组,每加载一个模块系统在该数组添加一项,反之删除一项.该全局数组的地址在我的

测试系统上保存在0xBFFCAD24里.

1.4 获得进程名

如果使用上述结构注意使用PACK(0)来声明

PPDB pdb = (PPDB)VWIN32_GetCurrentProcessHandle();

PIMTE ** imte = (PIMTE **)0xBFFCAD24;

char * FullPath = ((* imte)[pdb->pExeMODREF->mteIndex])->pszFil

• ·ASSERT 宏的使用
• ·Microsoft ObjectSpaces(
• ·程序开机自动运行的方法
• ·全面了解Windows系统鲜为人知的宝藏
• ·Groovy写业务类的那一吨语法糖 2nd
• ·Eclipse Release Build:
• ·FreeBSD下的vi支持中文显示和编辑
• ·美过科学家终于解开了肥胖的秘密 减肥_美丽顾问
• ·linux读书体会(一）
• ·Eclipse Release Build: