1.获得操作系统版本
PsGetVersion()
RtlGetVersion()
2.字符串指针
PCWSTR = WChar *
RtlInitUnicodeString、
3.驱动
IoCreateDevice、IoCreateSymbolicLink、IoDeleteDevice
IoGetCurrentIrpStackLocation、
DeviceIoControl
IoControlCode ??
4.内核对象
//根据提供的 Handle 值得到 Object!
NTSTATUS ObReferenceObjectByHandle( IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation );