Native Application

非常好的学习帖子 http://www.cnblogs.com/BoyXiao/archive/2011/09/21/2183059.html

可参考的http://blog.csdn.net/daiafei/article/details/6578815

下面介绍一下自己写的第一个NativeApplication，非常简单，仅供参考。

我用的是wdk编译的

需要自己创建4个文件 nativeapp.c  nativeapp.h  makefile  source

首先makefile文件很简单，只有一句话

!INCLUDE $(NTMAKEENV)\makefile.def

TARGETNAME=nativeapp
TARGETPATH=obj
TARGETTYPE=PROGRAM
#USE_NTDLL=1
UMTYPE=nt
INCLUDES=$(_NT_SYMBOL_PATH)\INC\DDK
TARGETLIBS=$(BASEDIR)\lib\wxp\i386\nt.lib

SOURCES=nativeapp.c

//Environment information, which includes command line and image file name
#include "ntddk.h"
#include "stdio.h"
typedef struct 
{
	ULONG            Unknown[21];     
	UNICODE_STRING   CommandLine;
	UNICODE_STRING   ImageFile;
} ENVIRONMENT_INFORMATION, *PENVIRONMENT_INFORMATION;

// This structure is passed as NtProcessStartup's parameter
typedef struct 
{
	ULONG                     Unknown[3];
	PENVIRONMENT_INFORMATION  Environment;
} STARTUP_ARGUMENT, *PSTARTUP_ARGUMENT;

// Data structure for heap definition. 
// This includes various sizing parameters and callback routines, 
// which, if left NULL, result in default behavior
typedef struct 
{
	ULONG     Length;
	ULONG     Unknown[11];
} RTL_HEAP_DEFINITION, *PRTL_HEAP_DEFINITION;

// Native NT api function to write something to the boot-time
// blue screen
NTSTATUS NTAPI NtDisplayString(
	PUNICODE_STRING String
	);

// Native applications must kill themselves when done - 
// the job of this native API
NTSTATUS NTAPI NtTerminateProcess(
	HANDLE ProcessHandle, 
	LONG ExitStatus 
	);

// Definition to represent current process
//#define NtCurrentProcess() ( (HANDLE) -1 )

// Heap creation routine
HANDLE NTAPI RtlCreateHeap(
	ULONG Flags, 
	PVOID BaseAddress, 
	ULONG SizeToReserve, 
	ULONG SizeToCommit, 
	PVOID Unknown,
	PRTL_HEAP_DEFINITION Definition
	);

// Heap allocation function (ala "malloc")
PVOID NTAPI RtlAllocateHeap(
	HANDLE Heap, 
	ULONG Flags, 
	ULONG Size 
	);

// Heap free function (ala "free")
BOOLEAN NTAPI RtlFreeHeap(
	HANDLE Heap, 
	ULONG Flags, 
	PVOID Address 
	);

//======================================================================
//
// This is a demonstration of a Native NT program. These programs
// run outside of the Win32 environment and must rely on the raw
// services provided by NTDLL.DLL. AUTOCHK (the program that executes
// a chkdsk activity during the system boot) is an example of a
// native NT application.
//
// This example is a native 'hello world' program. When installed with
// the regedit file associated with it, you will see it print 
// "hello world" on the initialization blue screen during the system
// boot. This program cannot be run from inside the Win32 environment.
//
//======================================================================

#include "nativeapp.h"

//----------------------------------------------------------------------
// NtProcessStartup
// Instead of a 'main', NT applications are entered via this entry point.  
//----------------------------------------------------------------------
void NtProcessStartup( PSTARTUP_ARGUMENT Argument )
{
	UNICODE_STRING HelloMsg = RTL_CONSTANT_STRING(L"Hello World!\n");
	
	//Say hello
	  
	NtDisplayString(&HelloMsg);
	// Terminate
	NtTerminateProcess( NtCurrentProcess(), 0 );
}

运行需要两个操作：

把exe拷到系统目录下

在注册表HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Session Manager  项BootExecute   设置值为 autocheck autochk *  nativeapp.exe