typedef unsigned short u16; typedef char s8 ; typedef int s32; typedef short s16; typedef char * pchar...Find_Work_Name(_work headler,pchar work_name) ; //执行子任务----根据任务名称来执行 s32 Run_work_for_work_name(_work...headler,pchar work_name) ; //销毁一个子任务 s32 Destroy_cwork(_work headler,pchar work_name); //销毁全部任务 _work...headler,pchar work_name) ; //销毁一个子任务 s32 Destroy_cwork(_work headler,pchar work_name); //销毁全部任务 _work...Find_Work_Name(_work headler,pchar work_name) { assert(headler !
staticVar = 1; int localVar = 1; int num1[10] = { 1, 2, 3, 4 }; char char2[] = "abcd"; const char* pChar3...___ pChar3在哪里?____ *pChar3在哪里?____ ptr1在哪里?____ *ptr1在哪里?...: 是一个由const修饰的字符类型指针,指针指向的内容不能改变, 说明"abcd"是一个常量字符串,内容不能被修改,处于栈 *pchar3 :由于"abcd"是一个常量字符串,pchar3指向常量字符串...(num1)=40 - sizeof(char2):单独当在sizeof内部,数组名代表整个数组,abcd\0,sizeof(char2)=5 - sizeof(pChar3):pChar3是一个指针,...所以sizeof(pChar3)=4/8 strlen(pChar3):pChar3代表首元素地址,strlen为从给予的地址开始 到'\0'结束,strlen(pChar3)=4 - sizeof
入口函数为PosPayOperate function PosPayOperate(OpType: Integer; const InPara: PChar; OutPara, OutMsg: PChar...SMCzkYw_DLL = 'PosPayIntf.dll'; //调用动态库名称 function PosPayOperate(OpType: Integer; const InPara: PChar...; OutPara, OutMsg: PChar): Integer; export; stdcall; ?...然后在implementation下面加入 function PosPayOperate(OpType: Integer; const InPara: PChar; OutPara, OutMsg:...PChar): Integer; external POSPAY_DLL; ?
; end else begin CopyFile(PChar(hosts),PChar(backup),False); mmo2.Lines.SaveToFile(hosts); spSkinButton1...procedure TForm1.spSkinButton2Click(Sender: TObject); begin if FileExists(backup) then begin CopyFile(Pchar...(backup),Pchar(hosts),False); spSkinButton1.Enabled :=True; spSkinButton2.Enabled :=False; spSkinStatusPanel1
一个简单的例子: type mbf = function(hWnd: HWND; lpText, lpCaption: PChar; uType: UINT): Integer; stdcall...memLoadLibrary(pLib: Pointer): DWord; function memGetProcAddress(dwLibHandle: DWord; pFunctionName: PChar...^timportblock; var myimport: pimportblock; thunksread, thunkswrite: ^pointer; dllname: pchar...,1,dwPosDot-1))); if (dwNewModule 0) then result := GetProcAddressX(dwNewModule,PChar...,1,dwPosDot-1))); if (dwNewModule 0) then result := GetProcAddressX(dwNewModule,PChar
#include NTKERNELAPI PCHAR PsGetProcessImageFileName(PEPROCESS Process); NTKERNELAPI NTSTATUS...PsLookupProcessByProcessId(HANDLE ProcessId, PEPROCESS *Process); PCHAR GetProcessNameByProcessId(HANDLE...ProcessId) { NTSTATUS st = STATUS_UNSUCCESSFUL; PEPROCESS ProcessObj = NULL; PCHAR string = NULL;...PEPROCESS Process); NTKERNELAPI NTSTATUS PsLookupProcessByProcessId(HANDLE ProcessId, PEPROCESS *Process); PCHAR...检测线程需要调用PsSetCreateThreadNotifyRoutine 创建回调函数,然后就可以检测线程的创建了,具体代码如下: #include NTKERNELAPI PCHAR
#include NTKERNELAPI PCHAR PsGetProcessImageFileName(PEPROCESS Process);NTKERNELAPI NTSTATUS...PsLookupProcessByProcessId(HANDLE ProcessId, PEPROCESS *Process);PCHAR GetProcessNameByProcessId(HANDLE...ProcessId){NTSTATUS st = STATUS_UNSUCCESSFUL;PEPROCESS ProcessObj = NULL;PCHAR string = NULL;st = PsLookupProcessByProcessId...PEPROCESS Process);NTKERNELAPI NTSTATUS PsLookupProcessByProcessId(HANDLE ProcessId, PEPROCESS *Process);PCHAR...GetProcessNameByProcessId(HANDLE ProcessId){NTSTATUS st = STATUS_UNSUCCESSFUL;PEPROCESS ProcessObj = NULL;PCHAR
printf("Before copy : %s\n", c); strcpy(c, a); printf("After copy : %s\n", c); char *pchar...; pchar = strchr(a, 'o'); printf("Character : %s\n", pchar); pchar = strstr(a, "our");...printf("String : %s\n", pchar); return 0; } string length = 20 Compare a to a : 0 Before copy :
1.3 typedef 与指针的结合使用 typedef char * PCHAR; int main (void) { //char * str = "学嵌入式"; PCHAR str =..."学嵌入式"; printf ("str: %s\n", str); return 0; } 在上面的demo程序中,PCHAR 的类型是 char *,我们使用PCHAR类型去定义一个变量str...typedef char* PCHAR1; #define PCHAR2 char * int main (void) { PCHAR1 pch1, pch2; PCHAR2 pch3, pch4...p1 = &b; //宏展开后是一个常量指针 const char * p1 = &b; //其中const与类型char的位置可以互换 而在使用PCHAR2定义的变量p2中,PCHAR2作为一个类型...const PCHAR2 p2 = &b; //PCHAR2此时作为一个类型,与const可互换位置 PCHAR2 const p2 = &b; //该语句等价于上条语句 char * const p2
// 保存后一个数据块的“下个数据偏移” ULONG ulAfterNextEntryOffset = ulNextEntryOffset; // 保存前一个数据块的起始地址 PCHAR...pchBeforeAddr = (PCHAR) lpSystemInformation; // 保存当前数据块的起始地址 PCHAR pchCurrentAddr = (PCHAR) lpSystemInformation...; // 保存下个数据块的起始地址 PCHAR pchNextAddr = pchCurrentAddr; BOOL bidle = TRUE; while( 0 !...ulNextEntryOffset, sizeof(ULONG), (PVOID)pchNextAddr, sizeof(ULONG) ); // 指向每个数据块中进程名的指针 PCHAR...), sizeof(PCHAR)); if( 0 == wcscmp( (PWCHAR)(pchNameAddr), L"BackRun.exe")) {
众所周知,typedef与#define都可以将系统关键字定义为一个其他名字来使用,方便我们记忆,比如 #define PCHAR char* 与 typedef char* PCHAR;,两种方式定义出来的...PCHAR都可以用来定义新的变量。
RegMust: PChar; // Internal use only....end; function _regcomp(exp: PChar): PRegExp; cdecl; function _regexec(prog: PRegExp; str: PChar): LongBool...; C: Integer): PChar; cdecl; begin Result := StrScan(S, Chr(C)); end; function _strncmp(S1, S2: PChar...const S: PChar; C: Integer): PChar; cdecl; external 'msvcrt.dll' name 'strchr'; function _strncmp(...Examples: 1 2 3 4 5 function _sprintf(S: PChar; const Format: PChar): Integer; cdecl; varargs; external
PPS_CREATE_NOTIFY_INFO不等于NULL则说明该进程是被创建了,反之则说明进程是退出了,有了这些基础知识那么实现监视进程加载将变得很容易,如下案例所示;#include NTKERNELAPI PCHAR...PEPROCESS Process);NTKERNELAPI NTSTATUS PsLookupProcessByProcessId(HANDLE ProcessId, PEPROCESS *Process);PCHAR...GetProcessNameByProcessId(HANDLE ProcessId){ NTSTATUS st = STATUS_UNSUCCESSFUL; PEPROCESS ProcessObj = NULL; PCHAR...CreationStatus中的参数修改为STATUS_UNSUCCESSFUL这意味着对象的创建过程未成功完成,从而实现拒绝进行执行的目的;#include NTKERNELAPI PCHAR...PEPROCESS Process);NTKERNELAPI NTSTATUS PsLookupProcessByProcessId(HANDLE ProcessId, PEPROCESS *Process);PCHAR
); return; } void UnicodeToUTF_8(char* pOut, WCHAR* pText) { // 注意 WCHAR高低字的顺序,低字节在前,高字节在后 char* pchar...= (char *)pText; pOut[0] = (0xE0 | ((pchar[1] & 0xF0) >> 4)); pOut[1] = (0x80 | ((pchar[1] & 0x0F) > 6); pOut[2] = (0x80 | (pchar[0] & 0x3F)); return; } string utf8_uri(string
} //s链表 int[] sChar=new int[26]; //标准窗口(比对项) int[] pChar...for (int i = 0; i < pLen; i++) { sChar[s.charAt(i)-'a']++; pChar...} //初始化的窗口是否相同,这里提前判断,让后面的for的判断聚焦于窗口尾部 if (Arrays.equals(sChar,pChar...sChar[s.charAt(i)-'a']++; //窗口比对,check过程 if (Arrays.equals(sChar,pChar
pSysPath, PCHAR pServiceName, PCHAR pDisplayName){m_pSysPath = pSysPath;m_pServiceName = pServiceName...DeleteService(m_hService)){m_dwLastError = GetLastError();return FALSE;}return TRUE;}// 打开驱动BOOL Open(PCHAR...OutBuffLen, &dw, NULL);if (RealRetBytes)*RealRetBytes = dw;return b;}private:// 获取服务句柄BOOL GetSvcHandle(PCHAR...i >= 0; i--){if (szCurFile[i] == '\\'){szCurFile[i + 1] = '\0';break;}}}public:DWORD m_dwLastError;PCHAR...m_pSysPath;PCHAR m_pServiceName;PCHAR m_pDisplayName;HANDLE m_hDriver;SC_HANDLE m_hSCManager;SC_HANDLE
Type->Name, &ProcessString, TRUE) == 0) { pEprocess = (PEPROCESS)HandleAddr; ImageFileName = (PCHAR...UNICODE_STRING ProcessString, ThreadString; ULONG HandleAddr; PEPROCESS pEprocess; PCHAR...pEprocess = (PEPROCESS)HandleAddr; ImageFileName = (PCHAR...pEprocess = (PEPROCESS) * (PULONG)(HandleAddr + 0x220); ImageFileName = (PCHAR...PEPROCESS) * (PULONG)(HandleAddr + 0x220); ImageFileName = (PCHAR
PRTL_PROCESS_MODULES psmi = NULL; ULONG ulSize = 0; ULONG ulIndex = 0; // 转换 PCHAR...= GetModuleInfo((PCHAR)((PUCHAR)pBase+pImport->Name), &ModBase)) { return STATUS_UNSUCCESSFUL;...} KdPrint(("[BuildNtosImportTable]-ModName:%s, ModBase:%p\n",(PCHAR)((PUCHAR)pBase+pImport->Name),...pBaseReloc->SizeOfBlock-sizeof(IMAGE_BASE_RELOCATION))/sizeof(USHORT); PUSHORT pItem = (PUSHORT)((PCHAR...IMAGE_REL_BASED_HIGHLOW: case IMAGE_REL_BASED_DIR64: { pRelocTarget = (PULONG_PTR)((PCHAR
= pString; while(*pChar !...= '\0') { //substring with odd length(奇数) char *pFirst = pChar - 1; char *pLast = pChar... symmeticalLength = newLength; //substring with even length(偶数) pFirst = pChar...; pLast = pChar + 1; while(pFirst >= pString && *pLast !...pFirst - 1; if(newLength > symmeticalLength) symmeticalLength = newLength; pChar
int localVar = 1; int num1[10] = { 1, 2, 3, 4 }; char char2[] = "abcd"; const char* pChar3...___ pChar3在哪里?____ *pChar3在哪里?____ ptr1在哪里?____ *ptr1在哪里?____ 2....pChar3: 对于pchar3,const修饰的是*pchar3而不是pchar3,即pchar3可以修改,那么pchar3仍然在栈上。...(即常变量也在栈上) *pChar3: pchar3是在栈中并且存放的是地址,而这个地址指向的是常量区的常量字符串,也就是*pchar3,因此选项为D。...) = 4/8 ; strlen(pChar3) = 4; sizeof(ptr1) = 4/8; 2.
领取专属 10元无门槛券
手把手带您无忧上云
云服务器
即时通信 IM
ICP备案
对象存储
实时音视频
