非常好的学习帖子 http://www.cnblogs.com/BoyXiao/archive/2011/09/21/2183059.html
可参考的http://blog.csdn.net/daiafei/article/details/6578815
下面介绍一下自己写的第一个NativeApplication,非常简单,仅供参考。
我用的是wdk编译的
需要自己创建4个文件 nativeapp.c nativeapp.h makefile source
首先makefile文件很简单,只有一句话
!INCLUDE $(NTMAKEENV)\makefile.def
TARGETNAME=nativeapp TARGETPATH=obj TARGETTYPE=PROGRAM #USE_NTDLL=1 UMTYPE=nt INCLUDES=$(_NT_SYMBOL_PATH)\INC\DDK TARGETLIBS=$(BASEDIR)\lib\wxp\i386\nt.lib SOURCES=nativeapp.c
//Environment information, which includes command line and image file name #include "ntddk.h" #include "stdio.h" typedef struct { ULONG Unknown[21]; UNICODE_STRING CommandLine; UNICODE_STRING ImageFile; } ENVIRONMENT_INFORMATION, *PENVIRONMENT_INFORMATION; // This structure is passed as NtProcessStartup's parameter typedef struct { ULONG Unknown[3]; PENVIRONMENT_INFORMATION Environment; } STARTUP_ARGUMENT, *PSTARTUP_ARGUMENT; // Data structure for heap definition. // This includes various sizing parameters and callback routines, // which, if left NULL, result in default behavior typedef struct { ULONG Length; ULONG Unknown[11]; } RTL_HEAP_DEFINITION, *PRTL_HEAP_DEFINITION; // Native NT api function to write something to the boot-time // blue screen NTSTATUS NTAPI NtDisplayString( PUNICODE_STRING String ); // Native applications must kill themselves when done - // the job of this native API NTSTATUS NTAPI NtTerminateProcess( HANDLE ProcessHandle, LONG ExitStatus ); // Definition to represent current process //#define NtCurrentProcess() ( (HANDLE) -1 ) // Heap creation routine HANDLE NTAPI RtlCreateHeap( ULONG Flags, PVOID BaseAddress, ULONG SizeToReserve, ULONG SizeToCommit, PVOID Unknown, PRTL_HEAP_DEFINITION Definition ); // Heap allocation function (ala "malloc") PVOID NTAPI RtlAllocateHeap( HANDLE Heap, ULONG Flags, ULONG Size ); // Heap free function (ala "free") BOOLEAN NTAPI RtlFreeHeap( HANDLE Heap, ULONG Flags, PVOID Address );最后nativeapp.c文件
//====================================================================== // // This is a demonstration of a Native NT program. These programs // run outside of the Win32 environment and must rely on the raw // services provided by NTDLL.DLL. AUTOCHK (the program that executes // a chkdsk activity during the system boot) is an example of a // native NT application. // // This example is a native 'hello world' program. When installed with // the regedit file associated with it, you will see it print // "hello world" on the initialization blue screen during the system // boot. This program cannot be run from inside the Win32 environment. // //====================================================================== #include "nativeapp.h" //---------------------------------------------------------------------- // NtProcessStartup // Instead of a 'main', NT applications are entered via this entry point. //---------------------------------------------------------------------- void NtProcessStartup( PSTARTUP_ARGUMENT Argument ) { UNICODE_STRING HelloMsg = RTL_CONSTANT_STRING(L"Hello World!\n"); //Say hello NtDisplayString(&HelloMsg); // Terminate NtTerminateProcess( NtCurrentProcess(), 0 ); }然后用wdk环境build生成nativeapp.exe
运行需要两个操作:
把exe拷到系统目录下
在注册表HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Session Manager 项BootExecute 设置值为 autocheck autochk * nativeapp.exe
原文地址:http://blog.csdn.net/liyun123gx/article/details/39252597