驱动函数分类
ExXxx()//暂定IoXxx()//IO管理器
KeXxx()//目前理解过与同步相关
MmXxx()//内存相关
ObXxx()//驱动对象
PsXxx()//进程相关
RtlXxx()//与字符串相关
ZwXxx()//与文件 注册 进程相关
FltXxx()//文件过滤相关
NdisXxx()//Ndis过滤相关
ExAllocatePoolWithTag()
ExAcquireFastMutex
ExGetPreviousMode
IoCreateDevice
IoCreateSymbolicLink
IoGetCurrentIrpStackLocation
IoAttachDeviceToDeviceStack
IoAllocateIrp
IoSetCompletionRoutine
KeWaitForSingleObject
KeSetEvent
KeInitializeEvent
ObReferenceObjectByHandle
ObQueryNameString
PsGetCurrentProcess
PsGetCurrentProcessId
PsCreateSystemThread
PsLookupProcessByProcessId
RtlZeroMemory
RtlInitUnicodeString
ZwOpenKey
ZwCreateFile
ZwOpenProcess
ZwQuerySystemInformation
MmGetSystemRoutineAddress
MmIsAddressValid
页:
[1]