本文介绍了是否存在来自低级库(例如kernel32.dll或ntdll.dll)的wsprintf()类型的函数?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在编写一个低级记录器功能,该功能将文本字符串附加到文本(日志)文件的末尾。要求是此功能不应从该过程可能尚不可用的DLL中调用(例如,从处理程序。换句话说,除了保证可以加载到任何用户模式进程中的库之外,它不能使用任何其他库,即 kernel32.dll ntdll.dll

I'm writing a low-level logger function that appends text string to the end of a text (log) file. The requirement is that this function should not invoke any WinAPIs from DLLs that may not be yet available for the process -- such as when it's called from a DllMain handler. In other words, it can't use any libraries other than the ones that are guaranteed to be loaded into any user-mode process, i.e. kernel32.dll or ntdll.dll.

我只用 CreateFile WriteFile CloseHandle HeapAlloc HeapFree 等都来自 kernel32.dll

I was able to get by quite nicely with just CreateFile, WriteFile, CloseHandle, HeapAlloc, HeapFree, etc. that are all from kernel32.dll.

问题是格式化输出字符串。例如,我需要添加一些其他(自动生成的)详细信息,例如当前时间,进程ID,会话ID等。通常,我会使用 wsprintf 类型的函数,或者确切地说是 StringCchPrintf ,例如:

The issue is formatting the output string. For instance, I need to add some additional (automatically generated) details, such as current time, process ID, session ID, etc. I would normally use wsprintf type function for that, or StringCchPrintf to be exact, as such:

StringCchPrintf(buffer, buffer_size, L"%04u-%02u-%02u %02u:%02u:%02u pid=0x%x, sessID=%d, %s\r\n", /* parameters */ );

但这些API违反了我上面提到的规则。

but those APIs violate the rule I noted above.

有人知道是否存在低级别的 printf 类型格式化API吗?

Does anyone know if there's a low level printf type formatting API available?

推荐答案

ntdll.dll 的所有版本均支持最小的next(来自xp)字符串格式化功能:

all versions of ntdll.dll support how minimum next(from xp) string formating functions:

_snprintf
_snwprintf
_vsnprintf
_vsnwprintf
sprintf
swprintf
vsprintf

当然完整的签名与crt中的相同功能匹配。我们可以免费使用此api。新版本的ntdll添加了一些新格式的字符串api。再说win7(以及所有最新版本)ntdll.dll导出:

the signatures of course full matches same functions from crt. we can free use this api. new versions of ntdll add some new format string api. say win7 (and all latest version) ntdll.dll export next:

_snprintf
_snprintf_s
_snwprintf
_snwprintf_s
_swprintf
_vscwprintf
_vsnprintf
_vsnprintf_s
_vsnwprintf
_vsnwprintf_s
_vswprintf
swprintf
swprintf_s
vsprintf
vsprintf_s
vswprintf_s

这篇关于是否存在来自低级库(例如kernel32.dll或ntdll.dll)的wsprintf()类型的函数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-16 20:27