//vs2013+ wdk8.1下編譯 #include <ntddk.h>BOOLEAN bStoped = FALSE; PVOID pThreadObj=NULL; NTSTATUS Unload(PDRIVER_OBJECT driver) {DbgPrint("unloaded!");bStoped = TRUE;KeWaitForSingleObject(pThreadObj, Executive, KernelMode, FALSE, NULL);ObDereferenceObject(pThreadObj);return STATUS_SUCCESS; }void MyThread(PVOID pContext) {LARGE_INTEGER interval;interval.QuadPart = -10000000;//1sint i = 0;while (!bStoped){DbgPrint("in loop thread %d",i);i++;/*something you can do*/KeDelayExecutionThread(KernelMode, FALSE, &interval);}PsTerminateSystemThread(STATUS_SUCCESS); }NTSTATUS CreateMyThread() {OBJECT_ATTRIBUTES ObjAddr = { 0 };HANDLE ThreadHandle = 0;NTSTATUS status = STATUS_SUCCESS;InitializeObjectAttributes(&ObjAddr, NULL, OBJ_KERNEL_HANDLE, 0, NULL);status = PsCreateSystemThread(&ThreadHandle, THREAD_ALL_ACCESS, &ObjAddr, NULL, NULL, MyThread, NULL);if (NT_SUCCESS(status)){DbgPrint("Create Thread Success");status = ObReferenceObjectByHandle(ThreadHandle, THREAD_ALL_ACCESS, *PsThreadType, KernelMode, &pThreadObj, NULL);ZwClose(ThreadHandle);if (!NT_SUCCESS(status)){bStoped = TRUE;}}return status; }NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path) {driver->DriverUnload = Unload;CreateMyThread();return STATUS_SUCCESS;}

內核輸出

總結

以上是生活随笔為你收集整理的内核线程创建列子的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。