例如我们有个USB Mouse讑֤Q设备信息描q如下:(x)
Device Descriptor:
bcdUSB: 0x0100
bDeviceClass: 0x00
bDeviceSubClass: 0x00
bDeviceProtocol: 0x00
bMaxPacketSize0: 0x08 (8)
idVendor: 0x05E3 (Genesys Logic Inc.)
idProduct: 0x0001
bcdDevice: 0x0101
iManufacturer: 0x00
iProduct: 0x01
iSerialNumber: 0x00
bNumConfigurations: 0x01
ConnectionStatus: DeviceConnected
Current Config value: 0x01
Device Bus Speed: Low
Device Address: 0x02
Open Pipes: 1
Endpoint Descriptor:
bEndpointAddress: 0x81
Transfer Type: Interrupt
wMaxPacketSize: 0x0003 (3)
bInterval: 0x0A
可以看出上述讑֤有一个中断PIPEQ包的最大gؓ(f)3。可能有人问上述的值怎么得到的,win2k 的DDK中有个usbview的例E,~译一下,你的USB讑֤插到PC机的USB口中Q运行usbview.exe卛_看得相应的设备信息?
有了(jin)q些基本信息Q就可以~写USB讑֤?jin),首先声明一下,下面的代码取自微软的USB鼠标hE序Q版权归微Y所有,此处仅仅借用来描qC下USB鼠标驱动的开发过E,读者如需要引用此代码Q需要得到微软的同意?
首先Q必输出USBD要求调用的三个函敎ͼ首先到设备插入到USB端口ӞUSBD?x)调用USBDeviceAttach()函数Q相应的代码如下Q?
extern "C" BOOL
USBDeviceAttach(
USB_HANDLE hDevice, // USB讑֤句柄
LPCUSB_FUNCS lpUsbFuncs, // USBDI的函数集?
LPCUSB_INTERFACE lpInterface, // 讑֤接口描述信息
LPCWSTR szUniqueDriverId, // 讑֤ID描述字符丌Ӏ?
LPBOOL fAcceptControl, // q回TRUEQ标识我们可以控制此讑֤Q?反之表示不能控制
DWORD dwUnused)
{
*fAcceptControl = FALSE;
// 我们的鼠标设备有特定的描qC息,要检是否是我们的设备?
if (lpInterface == NULL)
return FALSE;
// 打印相关的USB讑֤接口描述信息?
DEBUGMSG(ZONE_INIT,(TEXT("USBMouse: DeviceAttach, IF %u, #EP:%u, Class:%u, Sub:%u,Prot:%u\r\n"), lpInterface->Descriptor.bInterfaceNumber,lpInterface->Descriptor.bNumEndpoints, lpInterface->Descriptor.bInterfaceClass,lpInterface->Descriptor.bInterfaceSubClass,lpInterface->Descriptor.bInterfaceProtocol));
// 初试数据USB鼠标c,产生一个接受USB鼠标数据的线E?
CMouse * pMouse = new CMouse(hDevice, lpUsbFuncs, lpInterface);
if (pMouse == NULL)
return FALSE;
if (!pMouse->Initialize())
{
delete pMouse;
return FALSE;
}
// 注册一个监控USB讑֤事g的回调函敎ͼ用于监控USB讑֤是否已经拔掉?
(*lpUsbFuncs->lpRegisterNotificationRoutine)(hDevice,
USBDeviceNotifications, pMouse);
*fAcceptControl = TRUE;
return TRUE;
}
W二个函数是 USBInstallDriverQ)(j)函数Q?
一些基本定义如下:(x)
const WCHAR gcszRegisterClientDriverId[] = L"RegisterClientDriverID";
const WCHAR gcszRegisterClientSettings[] = L"RegisterClientSettings";
const WCHAR gcszUnRegisterClientDriverId[] = L"UnRegisterClientDriverID";
const WCHAR gcszUnRegisterClientSettings[] = L"UnRegisterClientSettings";
const WCHAR gcszMouseDriverId[] = L"Generic_Sample_Mouse_Driver";
函数接口如下Q?
extern "C" BOOL
USBInstallDriver(
LPCWSTR szDriverLibFile) // @parm [IN] - Contains client driver DLL name
{
BOOL fRet = FALSE;
HINSTANCE hInst = LoadLibrary(L"USBD.DLL");
// 注册USB讑֤信息
if(hInst)
{
LPREGISTER_CLIENT_DRIVER_ID pRegisterId = (LPREGISTER_CLIENT_DRIVER_ID)
GetProcAddress(hInst, gcszRegisterClientDriverId);
LPREGISTER_CLIENT_SETTINGS pRegisterSettings =
(LPREGISTER_CLIENT_SETTINGS) GetProcAddress(hInst,
gcszRegisterClientSettings);
if(pRegisterId && pRegisterSettings)
{
USB_DRIVER_SETTINGS DriverSettings;
DriverSettings.dwCount = sizeof(DriverSettings);
// 讄我们的特定的信息?
DriverSettings.dwVendorId = USB_NO_INFO;
DriverSettings.dwProductId = USB_NO_INFO;
DriverSettings.dwReleaseNumber = USB_NO_INFO;
DriverSettings.dwDeviceClass = USB_NO_INFO;
DriverSettings.dwDeviceSubClass = USB_NO_INFO;
DriverSettings.dwDeviceProtocol = USB_NO_INFO;
DriverSettings.dwInterfaceClass = 0x03; // HID
DriverSettings.dwInterfaceSubClass = 0x01; // boot device
DriverSettings.dwInterfaceProtocol = 0x02; // mouse
fRet = (*pRegisterId)(gcszMouseDriverId);
if(fRet)
{
fRet = (*pRegisterSettings)(szDriverLibFile,
gcszMouseDriverId, NULL, &DriverSettings);
if(!fRet)
{
//BUGBUG unregister the Client Driver’s ID
}
}
}
else
{
RETAILMSG(1,(TEXT("!USBMouse: Error getting USBD function pointers\r\n")));
}
FreeLibrary(hInst);
}
return fRet;
}
上述代码主要用于产生USB讑֤驱动E序需要的注册表信息,需要注意的是:(x)USB讑֤驱动E序不用标准的注册表函敎ͼ而是使用RegisterClientDriverIDQ)(j)和RegisterClientSettings来注册相应的讑֤信息?
另外一个函数是USBUninstallDriver()函数Q具体代码如下:(x)
extern "C" BOOL
USBUnInstallDriver()
{
BOOL fRet = FALSE;
HINSTANCE hInst = LoadLibrary(L"USBD.DLL");
if(hInst)
{
LPUN_REGISTER_CLIENT_DRIVER_ID pUnRegisterId =
(LPUN_REGISTER_CLIENT_DRIVER_ID)
GetProcAddress(hInst, gcszUnRegisterClientDriverId);
LPUN_REGISTER_CLIENT_SETTINGS pUnRegisterSettings =
(LPUN_REGISTER_CLIENT_SETTINGS) GetProcAddress(hInst,
gcszUnRegisterClientSettings);
if(pUnRegisterSettings)
{
USB_DRIVER_SETTINGS DriverSettings;
DriverSettings.dwCount = sizeof(DriverSettings);
// 必须填入与注册时相同的信息?
DriverSettings.dwVendorId = USB_NO_INFO;
DriverSettings.dwProductId = USB_NO_INFO;
DriverSettings.dwReleaseNumber = USB_NO_INFO;
DriverSettings.dwDeviceClass = USB_NO_INFO;
DriverSettings.dwDeviceSubClass = USB_NO_INFO;
DriverSettings.dwDeviceProtocol = USB_NO_INFO;
DriverSettings.dwInterfaceClass = 0x03; // HID
DriverSettings.dwInterfaceSubClass = 0x01; // boot device
DriverSettings.dwInterfaceProtocol = 0x02; // mouse
fRet = (*pUnRegisterSettings)(gcszMouseDriverId, NULL,
&DriverSettings);
}
if(pUnRegisterId)
{
BOOL fRetTemp = (*pUnRegisterId)(gcszMouseDriverId);
fRet = fRet ? fRetTemp : fRet;
}
FreeLibrary(hInst);
}
return fRet;
}
此函C要用于删除USBInstallDriver()时创建的注册表信息,同样的它使用自己的函数接口UnRegisterClientDriverIDQ)(j)和UnRegisterClientSettingsQ)(j)来做相应的处理?
另外一个需要处理的注册的监控通知函数USBDeviceNotificationsQ)(j)Q?
extern "C" BOOL USBDeviceNotifications(LPVOID lpvNotifyParameter, DWORD dwCode,
LPDWORD * dwInfo1, LPDWORD * dwInfo2, LPDWORD * dwInfo3,
LPDWORD * dwInfo4)
{
CMouse * pMouse = (CMouse *)lpvNotifyParameter;
switch(dwCode)
{
case USB_CLOSE_DEVICE:
//删除相关的资源?
delete pMouse;
return TRUE;
}
return FALSE;
}
USB鼠标的类的定义如下:(x)
class CMouse
{
public:
CMouse::CMouse(USB_HANDLE hDevice, LPCUSB_FUNCS lpUsbFuncs,
LPCUSB_INTERFACE lpInterface);
~CMouse();
BOOL Initialize();
private:
// 传输完毕调用的回调函?
static DWORD CALLBACK MouseTransferCompleteStub(LPVOID lpvNotifyParameter);
// 中断处理函数
static ULONG CALLBACK CMouse::MouseThreadStub(PVOID context);
DWORD MouseTransferComplete();
DWORD MouseThread();
BOOL SubmitInterrupt();
BOOL HandleInterrupt();
BOOL m_fClosing;
BOOL m_fReadyForMouseEvents;
HANDLE m_hEvent;
HANDLE m_hThread;
USB_HANDLE m_hDevice;
USB_PIPE m_hInterruptPipe;
USB_TRANSFER m_hInterruptTransfer;
LPCUSB_FUNCS m_lpUsbFuncs;
LPCUSB_INTERFACE m_pInterface;
BOOL m_fPrevButton1;
BOOL m_fPrevButton2;
BOOL m_fPrevButton3;
// 数据接受~冲区?
BYTE m_pbDataBuffer[8];
};
具体实现如下Q?
// 构造函敎ͼ初始化时调用
CMouse::CMouse(USB_HANDLE hDevice, LPCUSB_FUNCS lpUsbFuncs,
LPCUSB_INTERFACE lpInterface)
{
m_fClosing = FALSE;
m_fReadyForMouseEvents = FALSE;
m_hEvent = NULL;
m_hThread = NULL;
m_hDevice = hDevice;
m_hInterruptPipe = NULL;
m_hInterruptTransfer = NULL;
m_lpUsbFuncs = lpUsbFuncs;
m_pInterface = lpInterface;
m_fPrevButton1 = FALSE;
m_fPrevButton2 = FALSE;
m_fPrevButton3 = FALSE;
memset(m_pbDataBuffer, 0, sizeof(m_pbDataBuffer));
}
// 析构函数Q用于清除申L(fng)资源?
CMouse::~CMouse()
{
// 通知pȝd闭相关的函数接口?
m_fClosing = TRUE;
// Wake up the connection thread again and give it time to die.
if (m_hEvent != NULL)
{
// 通知关闭数据接受U程?
SetEvent(m_hEvent);
if (m_hThread != NULL)
{
DWORD dwWaitReturn;
dwWaitReturn = WaitForSingleObject(m_hThread, 1000);
if (dwWaitReturn != WAIT_OBJECT_0)
{
TerminateThread(m_hThread, DWORD(-1));
}
CloseHandle(m_hThread);
m_hThread = NULL;
}
CloseHandle(m_hEvent);
m_hEvent = NULL;
}
if(m_hInterruptTransfer)
(*m_lpUsbFuncs->lpCloseTransfer)(m_hInterruptTransfer);
if(m_hInterruptPipe)
(*m_lpUsbFuncs->lpClosePipe)(m_hInterruptPipe);
}
// 初始化USB鼠标驱动E序
BOOL CMouse::Initialize()
{
LPCUSB_DEVICE lpDeviceInfo = (*m_lpUsbFuncs->lpGetDeviceInfo)(m_hDevice);
// (g)配|:(x)USB鼠标应该只有一个中断管?
if ((m_pInterface->lpEndpoints[0].Descriptor.bmAttributes & USB_ENDPOINT_TYPE_MASK) != USB_ENDPOINT_TYPE_INTERRUPT)
{
RETAILMSG(1,(TEXT("!USBMouse: EP 0 wrong type (%u)!\r\n"),
m_pInterface->lpEndpoints[0].Descriptor.bmAttributes));
return FALSE;
}
DEBUGMSG(ZONE_INIT,(TEXT("USBMouse: EP 0:MaxPacket: %u, Interval: %u\r\n"),
m_pInterface->lpEndpoints[0].Descriptor.wMaxPacketSize,
m_pInterface->lpEndpoints[0].Descriptor.bInterval));
m_hInterruptPipe = (*m_lpUsbFuncs->lpOpenPipe)(m_hDevice,
&m_pInterface->lpEndpoints[0].Descriptor);
if (m_hInterruptPipe == NULL) {
RETAILMSG(1,(TEXT("Mouse: Error opening interrupt pipe\r\n")));
return (FALSE);
}
m_hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
if (m_hEvent == NULL)
{
RETAILMSG(1,(TEXT("USBMouse: Error on CreateEvent for connect event\r\n")));
return(FALSE);
}
// 创徏数据接受U程
m_hThread = CreateThread(0, 0, MouseThreadStub, this, 0, NULL);
if (m_hThread == NULL)
{
RETAILMSG(1,(TEXT("USBMouse: Error on CreateThread\r\n")));
return(FALSE);
}
return(TRUE);
}
// 从USB鼠标讑֤中读出数据,产生相应的鼠标事件?
BOOL CMouse::SubmitInterrupt()
{
if(m_hInterruptTransfer)
(*m_lpUsbFuncs->lpCloseTransfer)(m_hInterruptTransfer);
// 从USB鼠标PIPE中读数据
m_hInterruptTransfer = (*m_lpUsbFuncs->lpIssueInterruptTransfer)
(m_hInterruptPipe, MouseTransferCompleteStub, this,
USB_IN_TRANSFER | USB_SHORT_TRANSFER_OK, // 表示L?
min(m_pInterface->lpEndpoints[0].Descriptor.wMaxPacketSize,
sizeof(m_pbDataBuffer)),
m_pbDataBuffer,
NULL);
if (m_hInterruptTransfer == NULL)
{
DEBUGMSG(ZONE_ERRORQ(L "!USBMouse: Error in IssueInterruptTransfer\r\n"));
return FALSE;
}
else
{
DEBUGMSG(ZONE_TRANSFER,(L"USBMouse::SubmitInterrupt,Transfer:0x%X\r\n",
m_hInterruptTransfer));
}
return TRUE;
}
// 处理鼠标中断传输的数?
BOOL CMouse::HandleInterrupt()
{
DWORD dwError;
DWORD dwBytes;
DWORD dwFlags = 0;
INT dx = (signed char)m_pbDataBuffer[1];
INT dy = (signed char)m_pbDataBuffer[2];
BOOL fButton1 = m_pbDataBuffer[0] & 0x01 ? TRUE : FALSE;
BOOL fButton2 = m_pbDataBuffer[0] & 0x02 ? TRUE : FALSE;
BOOL fButton3 = m_pbDataBuffer[0] & 0x04 ? TRUE : FALSE;
if (!(*m_lpUsbFuncs->lpGetTransferStatus)(m_hInterruptTransfer, &dwBytes,&dwError))
{
DEBUGMSG(ZONE_ERROR,(TEXT("!USBMouse: Error in GetTransferStatus(0x%X)\r\n"),
m_hInterruptTransfer));
return FALSE;
}
else
{
DEBUGMSG(ZONE_TRANSFER,(TEXT("USBMouse::HandleInterrupt, hTransfer 0x%X complete (%u bytes, Error:%X)\r\n"),
m_hInterruptTransfer,dwBytes,dwError));
}
if (!SubmitInterrupt())
return FALSE;
if(dwError != USB_NO_ERROR)
{
DEBUGMSG(ZONE_ERROR,(TEXT("!USBMouse: Error 0x%X in interrupt transfer\r\n"),dwError));
return TRUE;
}
if(dwBytes < 3)
{
DEBUGMSG(ZONE_ERROR,(TEXT("!USBMouse: Invalid byte cnt %u from interrupt transfer\r\n"),dwBytes));
return TRUE;
}
if(dx || dy)
dwFlags |= MOUSEEVENTF_MOVE;
if(fButton1 != m_fPrevButton1)
{
if(fButton1)
dwFlags |= MOUSEEVENTF_LEFTDOWN;
else
dwFlags |= MOUSEEVENTF_LEFTUP;
}
if(fButton2 != m_fPrevButton2)
{
if(fButton2)
dwFlags |= MOUSEEVENTF_RIGHTDOWN;
else
dwFlags |= MOUSEEVENTF_RIGHTUP;
}
if(fButton3 != m_fPrevButton3)
{
if(fButton3)
dwFlags |= MOUSEEVENTF_MIDDLEDOWN;
else
dwFlags |= MOUSEEVENTF_MIDDLEUP;
}
m_fPrevButton1 = fButton1;
m_fPrevButton2 = fButton2;
m_fPrevButton3 = fButton3;
DEBUGMSG(ZONE_EVENTS,
(TEXT("USBMouse event: dx:%d, dy:%d, dwFlags:0x%X (B1:%u, B2:%u, B3:%u)\r\n"),
dx,dy,dwFlags,fButton1,fButton2,fButton3));
// 通知pȝ产生鼠标事g
if (m_fReadyForMouseEvents)
mouse_event(dwFlags, dx, dy, 0, 0);
else
m_fReadyForMouseEvents = IsAPIReady(SH_WMGR);
return TRUE;
}
DWORD CALLBACK CMouse::MouseTransferCompleteStub(LPVOID lpvNotifyParameter)
{
CMouse * pMouse = (CMouse *)lpvNotifyParameter;
return(pMouse->MouseTransferComplete());
}
// 数据传输完毕回调函数
DWORD CMouse::MouseTransferComplete()
{
if (m_hEvent)
SetEvent(m_hEvent);
return 0;
}
ULONG CALLBACK CMouse::MouseThreadStub(PVOID context)
{
CMouse * pMouse = (CMouse *)context;
return(pMouse->MouseThread());
}
// USB鼠标U程
DWORD CMouse::MouseThread()
{
DEBUGMSG(ZONE_INIT,(TEXT("USBMouse: Worker thread started\r\n")));
SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_HIGHEST);
if (SubmitInterrupt())
{
while (!m_fClosing)
{
WaitForSingleObject(m_hEvent, INFINITE);
if (m_fClosing)
break;
if ((*m_lpUsbFuncs->lpIsTransferComplete)(m_hInterruptTransfer))
{
if (!HandleInterrupt())
break;
}
else
{
RETAILMSG(1,(TEXT("!USBMouse: Event signalled, but transfer not complete\r\n")));
// The only time this should happen is if we get an error on the transfer
ASSERT(m_fClosing || (m_hInterruptTransfer == NULL));
break;
}
}
}
RETAILMSG(1,(TEXT("USBMouse: Worker thread exiting\r\n")));
return(0);
}
? C(jin)没有Q其实USB的驱动程序编写就q么单,cM的其他设备,例如打印备,有Bulk OUT PIPEQ需要Bulk传输Q那需要了(jin)解一下IssueBulkTransferQ)(j)的应用。当然如果是开发USB Mass Storage Disk的驱动,那就需要了(jin)解更多的协议Q例如Bulk-Only Transport协议{?
微Y的Windows CE.NET的Platform Build中已l带有USB Printer和USB Mass Storage Disk的驱动的源代码了(jin)Q好好研I一下,你一定回受益非浅的?
参考资料:(x)
1Q?微Y出版C?<<Windows Ce Device Driver Kit>>
2Q?<<Universal Serial Bus Specification 1.1>> 来自http:://www.usb.org
]]>
q里我们主要讨论的是CE的中断徏立和中断相应的大概流E以?qing)所涉及(qing)的代码位|。这里所讲述的,是针对ARMq_的。在CE的中断处理里面,有一部分工作是CE Kernel完成的,有一部分工作是要由O(jin)EM完成的?/p>
Kernel代码工作
ExVector.sQ中断向量定义,里面定义的是armtrap.s的函数地址
Armtrap.sQ中断处理定义,最重要是里面的IRQHandler函数Q而其中最重要的是CALL OEMInterruptHandler
Mdarm.cQ中断向量加?/span>
Kdriver.cQ?/span>NKCallIntChain函数Q把IRQ转换?/span>SysIntrQ值得留意的是pIntChainTable[]Q是IRQ所对应?/span>ISR处理E序的入口,其中最主要的是其成员函?/span>pfnHandler?/span>pfnHandler的填充,是在HookIntChain里面Q这个函数是ISR在初始化的时候调用的。在q个函数里面Q如?/span>pIntChainTable为空Q则q回SYSINTR_CHAINQ如?/span>pIntChainTable[]不ؓ(f)I,则调?/span>pfnHandler得到一?/span>sysintr|然后q回之?/span>
OEM定义工作Q?/span>Oalintr.cQ?/span>OEMInterruptHandler函数Q通过查询g的中断寄存器Q得到硬?/span>IRQ受对?/span>EINT04-23的中断,通过EINTMASK寄存器,得到相对应的pȝIRQ。注意,q里?/span>IRQ?/span>CE定义?/span>IRQQ是pȝgIRQ的扩展。然后调?/span>NKCallIntChain看看q个IRQ是否是一?/span>Chain?/span>Interrupt。如果函数返?/span>SYSINTR_CHAIN或者返回一个不合法?/span>sysintrQ则通过OALIntrTranslateIrq?/span>IRQ转化?/span>sysintr。如果是一个合法的sysintrQ则q回该倹{?/span>
单一ISR?/span>DeviceQ主要通过OEMInterruptHandler处理Q在OEMInterruptHandler没有定义?/span>IRQQ可以在OAL里面或者驱动的加蝲里面Q通过HookInterrupt函数q行兌?/span>
多个ISR?/span>DeviceQ通常q是ȝ讑֤的需求,因ؓ(f)ȝ讑֤上面通常串有几个讑֤。这些ȝ上的讑֤Q需要有一?/span>ISR判断I竟是哪个设备发出的中断。这?/span>ISRQ是一?/span>DLL的程序,讑֤驱动必须在初始化的时候通过LoadIntChainHandlerQ文件名Q函数名Q?/span>irqQ加载这?/span>DLLE序?/span>LoadIntChainHandler的定义在kdriver.c?/span>NKLoadIntChainHandler里面。对于大多数的ȝ讑֤Q可以利用微软已l写好的giisr.dll来实现?/span>giisr的实C码在Public\common\oak\drivers下面?/span>
对于ȝ讑֤Q如果利?/span>GIISR的话Q原理如下:(x)
ȝ讑֤驱动在初始化的时候,通过LoadIntChainHandler加蝲GIISRQ而加载的时候,LoadIntChainHandler?x)调?/span>GIISR?/span>CreateInstance创徏一个实例,GIISR?x)返回一?/span>index值给LoadIntChainHandlerQ以标示实例Q?/span>LoadIntChainHandler则会(x)q回一?/span>Handlel驱动,驱动则根据这?/span>Handle存取GIISR。得到这?/span>handle之后Q初始化q需要包括从reg表里面读出相关的初始化参敎ͼ?/span>GIISRq行赋|譬如Port AddressQ?/span>Mask AddressQ?/span>SysIntr{?/span>
驱动E序在初始化的时候:(x)
1、创Z?/span>EventQ?/span>CreateEventQ?/span>
2、然后用InterruptInitialize函数?/span>sysintr和这?/span>Event相关?/span>
3?/span>Kick-off一?/span>ThreadQ?/span>ISTQ?/span>
4、这?/span>Thread最l是WaitForSingleObjectQ?/span>EventIDQ?/span>
具体的例子,可以参阅USBFN的例子:(x)sc2410pdd.cpp里面Q?/span>UfnPdd_Start函数Q?/span>
Published Sunday, June 10, 2007 7:13 PM by ningling]]>
#include "ntdll.h"
#include <stdlib.h>
#include <stdio.h>
#include "ntddk.h"
#define DUPLICATE_SAME_ATTRIBUTES 0x00000004
#pragma comment(lib,"ntdll.lib")
BOOL EnablePrivilege(PCSTR name)
{
TOKEN_PRIVILEGES priv = {1, {0, 0, SE_PRIVILEGE_ENABLED}};
LookupPrivilegeValue(0, name, &priv.Privileges[0].Luid);
HANDLE hToken;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken);
AdjustTokenPrivileges(hToken, FALSE, &priv, sizeof priv, 0, 0);
BOOL rv = GetLastError() == ERROR_SUCCESS;
CloseHandle(hToken);
return rv;
}
int main(int argc, char *argv[])
{
if (argc == 1) return 0;
ULONG pid = strtoul(argv[1], 0, 0);
EnablePrivilege(SE_DEBUG_NAME);
HANDLE hProcess = OpenProcess(PROCESS_DUP_HANDLE, FALSE, pid);
ULONG n = 0x1000;
PULONG p = new ULONG[n];
while (NT::ZwQuerySystemInformation(NT::SystemHandleInformation, p, n * sizeof *p, 0)
== STATUS_INFO_LENGTH_MISMATCH)
delete [] p, p = new ULONG[n *= 2];
NT::PSYSTEM_HANDLE_INFORMATION h = NT::PSYSTEM_HANDLE_INFORMATION(p + 1);
for (ULONG i = 0; i < *p; i++) {
if (h[i].ProcessId == pid) {
HANDLE hObject;
if (NT::ZwDuplicateObject(hProcess, HANDLE(h[i].Handle), NtCurrentProcess(), &hObject,
0, 0, DUPLICATE_SAME_ATTRIBUTES)
!= STATUS_SUCCESS) continue;
NT::OBJECT_BASIC_INFORMATION obi;
NT::ZwQueryObject(hObject, NT::ObjectBasicInformation, &obi, sizeof obi, &n);
printf("%p %04hx %6lx %2x %3lx %3ld %4ld ",
h[i].Object, h[i].Handle, h[i].GrantedAccess,
int(h[i].Flags), obi.Attributes,
obi.HandleCount - 1, obi.PointerCount - 2);
n = obi.TypeInformationLength + 2;
NT::POBJECT_TYPE_INFORMATION oti = NT::POBJECT_TYPE_INFORMATION(new CHAR[n]);
NT::ZwQueryObject(hObject, NT::ObjectTypeInformation, oti, n, &n);
printf("%-14.*ws ", oti[0].Name.Length / 2, oti[0].Name.Buffer);
n = obi.NameInformationLength == 0
? MAX_PATH * sizeof (WCHAR) : obi.NameInformationLength;
NT::POBJECT_NAME_INFORMATION oni = NT::POBJECT_NAME_INFORMATION(new CHAR[n]);
NTSTATUS rv = NT::ZwQueryObject(hObject, NT::ObjectNameInformation, oni, n, &n);
if (NT_SUCCESS(rv))
printf("%.*ws", oni[0].Name.Length / 2, oni[0].Name.Buffer);
printf("\n");
CloseHandle(hObject);
}
}
delete [] p;
CloseHandle(hProcess);
return 0;
}
]]>