LIST_ENTRY 双向循环链表操作代码
链表是内核开发中经常遇到的一个数据结构,主要是双向循环链表;要使用链表,需要用到一个LIST_ENTRY的结构,其定义如下:typedef struct _LIST_ENTRY {
struct _LIST_ENTRY*Flink; // 指向下一个节点
struct _LIST_ENTRY*Blink; // 指向前一个节点
} LIST_ENTRY, *PLIST_ENTRY;
FORCEINLINE VOID InitializeListHead(
_Out_ PLIST_ENTRY ListHead
)
{
ListHead->Flink = ListHead->Blink = ListHead;
}
_Check_return_ FORCEINLINE BOOLEAN IsListEmpty(
_In_ PLIST_ENTRY ListHead
)
{
return ListHead->Flink == ListHead;
}
FORCEINLINE BOOLEAN RemoveEntryList(
_In_ PLIST_ENTRY Entry
)
{
PLIST_ENTRY Blink;
PLIST_ENTRY Flink;
Flink = Entry->Flink;
Blink = Entry->Blink;
Blink->Flink = Flink;
Flink->Blink = Blink;
return Flink == Blink;
}
FORCEINLINE PLIST_ENTRY RemoveHeadList(
_Inout_ PLIST_ENTRY ListHead
)
{
PLIST_ENTRY Flink;
PLIST_ENTRY Entry;
Entry = ListHead->Flink;
Flink = Entry->Flink;
ListHead->Flink = Flink;
Flink->Blink = ListHead;
return Entry;
}
FORCEINLINE PLIST_ENTRY RemoveTailList(
_Inout_ PLIST_ENTRY ListHead
)
{
PLIST_ENTRY Blink;
PLIST_ENTRY Entry;
Entry = ListHead->Blink;
Blink = Entry->Blink;
ListHead->Blink = Blink;
Blink->Flink = ListHead;
return Entry;
}
FORCEINLINE VOID InsertTailList(
_Inout_ PLIST_ENTRY ListHead,
_Inout_ PLIST_ENTRY Entry
)
{
PLIST_ENTRY Blink;
Blink = ListHead->Blink;
Entry->Flink = ListHead;
Entry->Blink = Blink;
Blink->Flink = Entry;
ListHead->Blink = Entry;
}
FORCEINLINE VOID InsertHeadList(
_Inout_ PLIST_ENTRY ListHead,
_Inout_ PLIST_ENTRY Entry
)
{
PLIST_ENTRY Flink;
Flink = ListHead->Flink;
Entry->Flink = Flink;
Entry->Blink = ListHead;
Flink->Blink = Entry;
ListHead->Flink = Entry;
}
FORCEINLINE VOID AppendTailList(
_Inout_ PLIST_ENTRY ListHead,
_Inout_ PLIST_ENTRY ListToAppend
)
{
PLIST_ENTRY ListEnd = ListHead->Blink;
ListHead->Blink->Flink = ListToAppend;
ListHead->Blink = ListToAppend->Blink;
ListToAppend->Blink->Flink = ListHead;
ListToAppend->Blink = ListEnd;
}
FORCEINLINE PSINGLE_LIST_ENTRY PopEntryList(
_Inout_ PSINGLE_LIST_ENTRY ListHead
)
{
PSINGLE_LIST_ENTRY FirstEntry;
FirstEntry = ListHead->Next;
if (FirstEntry)
ListHead->Next = FirstEntry->Next;
return FirstEntry;
}
FORCEINLINE VOID PushEntryList(
_Inout_ PSINGLE_LIST_ENTRY ListHead,
_Inout_ PSINGLE_LIST_ENTRY Entry
)
{
Entry->Next = ListHead->Next;
ListHead->Next = Entry;
}
这是准备断链的节奏啊,O(∩_∩)O哈哈~ 飘云 发表于 2019-11-22 10:12
这是准备断链的节奏啊,O(∩_∩)O哈哈~
补上~
VOID NsBreakAwayFromMemoryOrderModuleList(PWCHAR szFullDllName)
{
PTEB pTeb = NtCurrentTeb();
PPEB pPeb = pTeb->ProcessEnvironmentBlock;
PPEB_LDR_DATA Ldr = pPeb->Ldr;
LIST_ENTRY* Head = NULL;
LIST_ENTRY* entry = NULL;
Head = Ldr->InLoadOrderModuleList.Flink;
entry = Head->Flink;
while (entry != Head)
{
PLDR_DATA_TABLE_ENTRY item = (PLDR_DATA_TABLE_ENTRY)entry;
if (CheckDllPatch(&item->FullDllName, szFullDllName))
RemoveEntryList(entry);
entry = entry->Flink;
}
Head = Ldr->InMemoryOrderModuleList.Flink;
entry = Head->Flink;
while (entry != Head)
{
PLDR_DATA_TABLE_ENTRY item = \
(PLDR_DATA_TABLE_ENTRY)CONTAINING_RECORD(entry, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks);
if (CheckDllPatch(&item->FullDllName, szFullDllName))
RemoveEntryList(entry);
entry = entry->Flink;
}
Head = Ldr->InInitializationOrderModuleList.Flink;
entry = Head->Flink;
while (entry != Head)
{
PLDR_DATA_TABLE_ENTRY item = \
(PLDR_DATA_TABLE_ENTRY)CONTAINING_RECORD(entry, LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks);;
if (CheckDllPatch(&item->FullDllName, szFullDllName))
RemoveEntryList(entry);
entry = entry->Flink;
}
}
{:biggrin:}{:biggrin:}{:biggrin:}{:biggrin:}{:biggrin:}
页:
[1]