循环遍历数组指针

Looping through an Array Pointer?

本文关键字:指针 数组 遍历 循环      更新时间:2023-10-16

我对c++不是很有经验,我正在阅读一些代码,想知道这是怎么回事…

WCHAR *Process[128];
   for(i=0; i<Process; i++)

我看到一个指向wchar数组的指针,你怎么循环它?它会循环遍历整个数组吗?

完整代码如下:

WCHAR *ProcessToHide[128];
ULONG NbProcessToHide=0;
ZWQUERYSYSTEMINFORMATION ZwQuerySystemInformationAddress = NULL;   
LONGLONG UserTime=0, KernelTime=0;
NTSTATUS ZwQuerySystemInformationHook(
            IN ULONG SystemInformationClass,
            IN PVOID SystemInformation,
            IN ULONG SystemInformationLength,
            OUT PULONG ReturnLength)
{
   NTSTATUS status;
   PSYSTEM_PROCESS_INFORMATION curr;
   PSYSTEM_PROCESS_INFORMATION prev;
   ULONG i;
   status = ((ZWQUERYSYSTEMINFORMATION)(ZwQuerySystemInformationAddress)) (
                    SystemInformationClass,
                    SystemInformation,
                    SystemInformationLength,
                    ReturnLength );
   if( !NT_SUCCESS(status) ) 
      return status;
   if(SystemInformationClass!=5) // not a process request
      return status;       
for(i=0; i<NbProcessToHide; i++) {
      curr = (PSYSTEM_PROCESS_INFORMATION)SystemInformation;
      prev = NULL;
      while(curr) {
         //DbgPrint("Current item is %xn", curr);
         if (curr->ProcessName.Buffer != NULL) {   
            if( curr->ProcessName.Length == wcslen(ProcessToHide[i])*2 &&
                !memcmp(curr->ProcessName.Buffer,ProcessToHide[i], curr->ProcessName.Length)) 
            {                                                                       
               if(!prev) {
                  // we are first process     
                  if(curr->NextEntryDelta) // if there is a process after it
                     // first process becomes this one
                     (PBYTE)SystemInformation += curr->NextEntryDelta;
                  else 
                     // no process ! >_>
                     SystemInformation = NULL;
               }
               else {
                  // there was a process before
                  if(curr->NextEntryDelta) // if there is a process after
                     // previous process leads to next 
                     prev->NextEntryDelta += curr->NextEntryDelta;
                  else  
                     // previous process is the last one =)
                     prev->NextEntryDelta = 0;    
               }    
            } 
            else
               // not a process to hide, prev ptr go to this process
               prev = curr;  
         }
         // curr go to next process
         if(curr->NextEntryDelta) 
            ((PBYTE)curr += curr->NextEntryDelta);
         else 
             curr = NULL;
      }
   }

WCHAR *Process[128];不是指向WCHAR数组的指针,它是WCHAR指针数组(可能是字符串)。

您可能想要阅读阅读C声明。

示例2:char *argv[];

步骤1,写入&;declare argv as&;步骤2,数组向右。第三步,写入数组。第四步,指针指向左边。第五步,写"指针指向"。第六步,完成申报。第七步,写下"字符"。停止。

声明是:"声明argv为指向char的指针数组"。注意,它不是一个指向char数组的指针。数组描述符优先于指针描述符,并且优先被读取。

iNbProcessToHide可以比较,因为它们都是ULONG

相关文章: