获取系统时间
LARGE_INTEGER system_time = { 0 }; LARGE_INTEGER local_time = { 0 }; TIME_FIELDS local_time_fields = { 0 }; KeQuerySystemTime(&system_time); ExSystemTimeToLocalTime(&system_time, &local_time); RtlTimeToTimeFields(&local_time, &local_time_fields); DbgPrintEx(0, 0, "%4d-%2d-%2d %2d:%2d:%2d\n", local_time_fields.Year, local_time_fields.Month, local_time_fields.Day, local_time_fields.Hour, local_time_fields.Minute, local_time_fields.Second);
暂停线程
#define DELAY_ONE_MICROSEC (-10) // 负值表示相对时间#define DELAY_ONE_MILLISEC (DELAY_ONE_MICROSEC*1000) LARGE_INTEGER interval = { 0 }; interval.QuadPart = 2 * 1000 * DELAY_ONE_MILLISEC; KeDelayExecutionThread(KernelMode, FALSE, &interval); DbgPrintEx(0, 0, "hello..\n"); // 暂停2s后打印