通過讀源碼win10驅動下實現3環的GetEnvironmentVariable
阿新 • • 發佈:2018-12-27
tap 技術分享 memcpy cde 源碼 yun color mark empty 效果圖:
![技術分享圖片](http://i2.51cto.com/images/blog/201812/27/33865bb58e4d252c11cae5afc678fda5.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
NTSTATUS NTAPI RtlQueryEnvironmentVariable_U(PWSTR Environment, PCUNICODE_STRING Name, PUNICODE_STRING Value) { NTSTATUS Status; PWSTR wcs; UNICODE_STRING var; PWSTR val; BOOLEAN SysEnvUsed = FALSE; DbgPrint("RtlQueryEnvironmentVariable_U Environment %p Variable %wZ Value %p\n", Environment, Name, Value); if (Environment == NULL) { MPPEB Peb = RtlGetCurrentPeb(); if (Peb) { //RtlAcquirePebLock(); Environment = Peb->ProcessParameters->Environment; SysEnvUsed = TRUE; } } if (Environment == NULL) { //if (SysEnvUsed) //RtlReleasePebLock(); return(STATUS_VARIABLE_NOT_FOUND); } Value->Length = 0; wcs = Environment; DbgPrint("Starting search at :%p\n", wcs); while (*wcs) { var.Buffer = wcs++; wcs = wcschr(wcs, L‘=‘); if (wcs == NULL) { wcs = var.Buffer + wcslen(var.Buffer); DbgPrint("Search at :%S\n", wcs); } if (*wcs) { var.Length = var.MaximumLength = (USHORT)(wcs - var.Buffer) * sizeof(WCHAR); val = ++wcs; wcs += wcslen(wcs); DbgPrint("Search at :%S\n", wcs); if (RtlEqualUnicodeString(&var, Name, TRUE)) { Value->Length = (USHORT)(wcs - val) * sizeof(WCHAR); if (Value->Length <= Value->MaximumLength) { memcpy(Value->Buffer, val, min(Value->Length + sizeof(WCHAR), Value->MaximumLength)); DbgPrint("Value %S\n", val); DbgPrint("Return STATUS_SUCCESS\n"); Status = STATUS_SUCCESS; } else { DbgPrint("Return STATUS_BUFFER_TOO_SMALL\n"); Status = STATUS_BUFFER_TOO_SMALL; } //if (SysEnvUsed) //RtlReleasePebLock(); return(Status); } } wcs++; } /*if (SysEnvUsed) RtlReleasePebLock(); */ DbgPrint("Return STATUS_VARIABLE_NOT_FOUND: %wZ\n", Name); return(STATUS_VARIABLE_NOT_FOUND); } //獲取環境變量 DWORD My_Get_Environment_Variable(IN LPCWSTR lpName, IN LPWSTR lpBuffer, IN DWORD nSize) { UNICODE_STRING VarName, VarValue; NTSTATUS Status; USHORT UniSize; if (nSize <= (UNICODE_STRING_MAX_CHARS - 1)) { if (nSize) { UniSize = (USHORT)nSize * sizeof(WCHAR) - sizeof(UNICODE_NULL); } else { UniSize = 0; } } else { UniSize = UNICODE_STRING_MAX_BYTES - sizeof(UNICODE_NULL); } Status = RtlInitUnicodeStringEx(&VarName, lpName); if (!NT_SUCCESS(Status)) { BaseSetLastNTError(Status); return 0; } RtlInitEmptyUnicodeString(&VarValue, lpBuffer, UniSize); Status = RtlQueryEnvironmentVariable_U(NULL, &VarName, &VarValue); if (!NT_SUCCESS(Status)) { DbgPrint("RtlQueryEnvironmentVariable_U----------- %S\n", VarValue); if (Status == STATUS_BUFFER_TOO_SMALL) { return (VarValue.Length / sizeof(WCHAR)) + sizeof(ANSI_NULL); } BaseSetLastNTError(Status); return 0; } lpBuffer[VarValue.Length / sizeof(WCHAR)] = UNICODE_NULL; return (VarValue.Length / sizeof(WCHAR)); }
用法:
wchar_t buffer[256];
wchar_t pwcDevNameBuf = NULL;
DWORD code = My_Get_Environment_Variable(L"TEMP", buffer, 256);
DbgPrint("buffer----------- %S\n", buffer);
通過讀源碼win10驅動下實現3環的GetEnvironmentVariable