关于 ExFreePool 和 ZwEnumerateValueKey 的有关问题
关于 ExFreePool 和 ZwEnumerateValueKey 的问题
[code=C/C++][/code]
ULONG maxlen = ac_key_infor->MaxValueNameLen + sizeof(KEY_VALUE_BASIC_INFORMATION);
PKEY_VALUE_BASIC_INFORMATION vip = (PKEY_VALUE_BASIC_INFORMATION) ExAllocatePool(NonPagedPool, maxlen);
//读取指定路径的键名
ZwEnumerateValueKey(hReg, 0, KeyValueBasicInformation, vip, maxlen, &ac_length);
PDATALIST head = (PDATALIST)ExAllocatePool(NonPagedPool,sizeof(DATALIST));
InitializeListHead(&head->Entry);
head->pName = (PWCHAR)ExAllocatePool(NonPagedPool,vip->NameLength);
RtlCopyBytes(head->pName,vip->Name,vip->NameLength);
int i;
for (i = 1; i < ac_key_infor->Values; ++i)
{ //将该子项下的所有键名读出到链表
ZwEnumerateValueKey(hReg, i, KeyValueBasicInformation, vip, maxlen, &ac_length);
pData = (PDATALIST)ExAllocatePool(NonPagedPool,sizeof(DATALIST));
pData->pName = (PWCHAR)ExAllocatePool(NonPagedPool,vip->NameLength);
RtlCopyBytes(pData->pName,vip->Name,vip->NameLength);
InsertHeadList(&head->Entry,&pData->Entry);
}
PDATALIST Pt = head;
do
{ //遍历链表打印字符串
DbgPrint("pt->pName addrs: %ws",Pt->pName);
Pt = (PDATALIST)Pt->Entry.Blink;
} while (head != Pt);
for (i = 0; i < ac_key_infor->Values; ++i)
{ //释放为链表内存
Pt = head;
head = (PDATALIST)head->Entry.Blink;
//ExFreePool(Pt->pName);
ExFreePool(Pt->pName);
ExFreePool(Pt);
DbgPrint("pt->pName addrs: %ws",Pt->pName);
DbgPrint("%x",Pt);
}
正常应该打印:
pt->pName addrs: Maxthon.Browser.2
pt->pName addrs: SogouExplorer
pt->pName addrs: Hello
不正常打印:
pt->pName addrs: Maxthon.Browser.2te
pt->pName addrs: SogouExploreroot?
pt->pName addrs: HelloYS
我很奇怪,我多次输出过我给结构和PWCAHR分配的内存,都是根据读取到的内存大小来分配的。。第一次输出正常,但我把驱动卸载再加载一次,就会多几个字符出来。。我偿试给串添加L"\0"也这样。
还有个奇怪的问题,我释放链表的内存后,我跟踪发现它不为NULL,还是指向一个地址,百思不得其解,请哪位高手带我走出苦海,弄了一天了。。分不多,还望不吝指点。
------解决方案--------------------
注册表value的名字是unicode,不保证以0结尾,因此不要使用DbgPrint打印,或者手动加0
pData->pName = (PWCHAR)ExAllocatePool(NonPagedPool,vip->NameLength+2);
RtlCopyBytes(pData->pName,vip->Name,vip->NameLength);
*(short*)((size_t)(pData->pName)+vip->NameLength)=0;
DbgPrint("%ws",pData->pName);
[code=C/C++][/code]
ULONG maxlen = ac_key_infor->MaxValueNameLen + sizeof(KEY_VALUE_BASIC_INFORMATION);
PKEY_VALUE_BASIC_INFORMATION vip = (PKEY_VALUE_BASIC_INFORMATION) ExAllocatePool(NonPagedPool, maxlen);
//读取指定路径的键名
ZwEnumerateValueKey(hReg, 0, KeyValueBasicInformation, vip, maxlen, &ac_length);
PDATALIST head = (PDATALIST)ExAllocatePool(NonPagedPool,sizeof(DATALIST));
InitializeListHead(&head->Entry);
head->pName = (PWCHAR)ExAllocatePool(NonPagedPool,vip->NameLength);
RtlCopyBytes(head->pName,vip->Name,vip->NameLength);
int i;
for (i = 1; i < ac_key_infor->Values; ++i)
{ //将该子项下的所有键名读出到链表
ZwEnumerateValueKey(hReg, i, KeyValueBasicInformation, vip, maxlen, &ac_length);
pData = (PDATALIST)ExAllocatePool(NonPagedPool,sizeof(DATALIST));
pData->pName = (PWCHAR)ExAllocatePool(NonPagedPool,vip->NameLength);
RtlCopyBytes(pData->pName,vip->Name,vip->NameLength);
InsertHeadList(&head->Entry,&pData->Entry);
}
PDATALIST Pt = head;
do
{ //遍历链表打印字符串
DbgPrint("pt->pName addrs: %ws",Pt->pName);
Pt = (PDATALIST)Pt->Entry.Blink;
} while (head != Pt);
for (i = 0; i < ac_key_infor->Values; ++i)
{ //释放为链表内存
Pt = head;
head = (PDATALIST)head->Entry.Blink;
//ExFreePool(Pt->pName);
ExFreePool(Pt->pName);
ExFreePool(Pt);
DbgPrint("pt->pName addrs: %ws",Pt->pName);
DbgPrint("%x",Pt);
}
正常应该打印:
pt->pName addrs: Maxthon.Browser.2
pt->pName addrs: SogouExplorer
pt->pName addrs: Hello
不正常打印:
pt->pName addrs: Maxthon.Browser.2te
pt->pName addrs: SogouExploreroot?
pt->pName addrs: HelloYS
我很奇怪,我多次输出过我给结构和PWCAHR分配的内存,都是根据读取到的内存大小来分配的。。第一次输出正常,但我把驱动卸载再加载一次,就会多几个字符出来。。我偿试给串添加L"\0"也这样。
还有个奇怪的问题,我释放链表的内存后,我跟踪发现它不为NULL,还是指向一个地址,百思不得其解,请哪位高手带我走出苦海,弄了一天了。。分不多,还望不吝指点。
------解决方案--------------------
注册表value的名字是unicode,不保证以0结尾,因此不要使用DbgPrint打印,或者手动加0
pData->pName = (PWCHAR)ExAllocatePool(NonPagedPool,vip->NameLength+2);
RtlCopyBytes(pData->pName,vip->Name,vip->NameLength);
*(short*)((size_t)(pData->pName)+vip->NameLength)=0;
DbgPrint("%ws",pData->pName);