写了个驱动,用MyNtUserFindWindowEx函数替换原来的NtUserFindWindowEx,加载和卸载都没问题,就是在运行的时候偶尔会蓝屏。
NTSTATUS MyNtUserFindWindowEx(
IN HWND hwndParent,
IN HWND hwndChild,
IN PUNICODE_STRING pstrClassName OPTIONAL,
IN PUNICODE_STRING pstrWindowName OPTIONAL,
IN DWORD dwType)
{
if(pstrClassName)
{
RtlInitUnicodeString(&protect,L"要保护的窗口类名");
if(RtlEqualUnicodeString(&protect,pstrClassName,TRUE))//这里偶尔会引起蓝屏
{
…………
}
}
result = OriginalNtUserFindWindowEx(hwndParent,hwndChild,pstrClassName,pstrWindowName,dwType);
return result;
}
错误发生在RtlEqualUnicodeString+0x10处,难道pstrClassName指向的不一定是UnicodeString?
------解决方案--------------------
看一下这个帖子呢
http://topic.csdn.net/u/20110418/13/2635970a-0e2b-47a4-93f4-7efc39095c5d.html