非常好的学习帖子 http://www.cnblogs.com/BoyXiao/archive/2011/09/21/2183059.html
可参考的http://blog.csdn.net/daiafei/article/details/6578815
下面介绍一下自己写的第一个NativeApplication,非常简单,仅供参考。
我用的是wdk编译的
需要自己创建4个文件 nativeapp.c nativeapp.h makefile source
首先makefile文件很简单,只有一句话
!INCLUDE $(NTMAKEENV)\makefile.def
TARGETNAME=nativeapp TARGETPATH=obj TARGETTYPE=PROGRAM #USE_NTDLL=1 UMTYPE=nt INCLUDES=$(_NT_SYMBOL_PATH)\INC\DDK TARGETLIBS=$(BASEDIR)\lib\wxp\i386\nt.lib SOURCES=nativeapp.c
//Environment information, which includes command line and image file name
#include "ntddk.h"
#include "stdio.h"
typedef struct
{
ULONG Unknown[21];
UNICODE_STRING CommandLine;
UNICODE_STRING ImageFile;
} ENVIRONMENT_INFORMATION, *PENVIRONMENT_INFORMATION;
// This structure is passed as NtProcessStartup's parameter
typedef struct
{
ULONG Unknown[3];
PENVIRONMENT_INFORMATION Environment;
} STARTUP_ARGUMENT, *PSTARTUP_ARGUMENT;
// Data structure for heap definition.
// This includes various sizing parameters and callback routines,
// which, if left NULL, result in default behavior
typedef struct
{
ULONG Length;
ULONG Unknown[11];
} RTL_HEAP_DEFINITION, *PRTL_HEAP_DEFINITION;
// Native NT api function to write something to the boot-time
// blue screen
NTSTATUS NTAPI NtDisplayString(
PUNICODE_STRING String
);
// Native applications must kill themselves when done -
// the job of this native API
NTSTATUS NTAPI NtTerminateProcess(
HANDLE ProcessHandle,
LONG ExitStatus
);
// Definition to represent current process
//#define NtCurrentProcess() ( (HANDLE) -1 )
// Heap creation routine
HANDLE NTAPI RtlCreateHeap(
ULONG Flags,
PVOID BaseAddress,
ULONG SizeToReserve,
ULONG SizeToCommit,
PVOID Unknown,
PRTL_HEAP_DEFINITION Definition
);
// Heap allocation function (ala "malloc")
PVOID NTAPI RtlAllocateHeap(
HANDLE Heap,
ULONG Flags,
ULONG Size
);
// Heap free function (ala "free")
BOOLEAN NTAPI RtlFreeHeap(
HANDLE Heap,
ULONG Flags,
PVOID Address
);最后nativeapp.c文件
//======================================================================
//
// This is a demonstration of a Native NT program. These programs
// run outside of the Win32 environment and must rely on the raw
// services provided by NTDLL.DLL. AUTOCHK (the program that executes
// a chkdsk activity during the system boot) is an example of a
// native NT application.
//
// This example is a native 'hello world' program. When installed with
// the regedit file associated with it, you will see it print
// "hello world" on the initialization blue screen during the system
// boot. This program cannot be run from inside the Win32 environment.
//
//======================================================================
#include "nativeapp.h"
//----------------------------------------------------------------------
// NtProcessStartup
// Instead of a 'main', NT applications are entered via this entry point.
//----------------------------------------------------------------------
void NtProcessStartup( PSTARTUP_ARGUMENT Argument )
{
UNICODE_STRING HelloMsg = RTL_CONSTANT_STRING(L"Hello World!\n");
//Say hello
NtDisplayString(&HelloMsg);
// Terminate
NtTerminateProcess( NtCurrentProcess(), 0 );
}然后用wdk环境build生成nativeapp.exe
运行需要两个操作:
把exe拷到系统目录下
在注册表HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Session Manager 项BootExecute 设置值为 autocheck autochk * nativeapp.exe
原文地址:http://blog.csdn.net/liyun123gx/article/details/39252597
