Windows驱动程序时间戳功能 [英] Windows Driver Timestamp function
问题描述
我正在修改现有的Windows Kernel设备驱动程序,因此我需要在其中捕获时间戳.我打算使用time.h库并调用clock()函数来获取该信息,但是在Windows visual studio下,链接失败.因此,我将其作为一种手段,需要在驱动程序的库中进行工作.
I am modifying an existing Windows Kernel device driver and in there I need to capture a timestamp. I was intending to use time.h library and call the clock() function to get that, however under windows visual studio, the linking is failing. So I took it as a means that I need to work within the driver's libraries.
我找到了以下函数KeInitializeTimer和KeSetTimerEx,但是如果我打算设置一个计时器并唤醒它,可以使用它们.我真正需要的是可以给我提供时间戳记的东西.
I found the following function, KeInitializeTimer, and KeSetTimerEx but these are used if I plan to set up a timer and wake up on it. What I really need is something that will give me a timestamp.
有什么想法吗?
推荐答案
我正在用一个答案更新我的问题,以便其他人从我的发现中受益.
I am updating my question with an answer for others to benefit from my findings.
要获取时间戳,可以使用KeQueryTickCount().此例程将为您提供自系统启动以来发生的间隔中断的计数.但是,如果您需要找出自上次捕获的时间戳以来的X时间,则还需要查询系统以确定每个间隔时钟中断所花费的时间.
To get a timestamp, you can use KeQueryTickCount(). This routine will give you the count of interval interrupts that occurred since the system was booted. However, if you need to find out since the last timestamp you captured, an X amount of time has passed you need to also query your system to determine the time it takes for each interval clock interrupt.
ULONG KeQueryTimeIncrement()可以提供100纳秒单位的数量.
ULONG KeQueryTimeIncrement() give you the number of 100-nanosecond units.
示例:
PLARGE_INTEGER timeStamp;
KeQueryTickCount(&timeStamp);
请注意,PLARGE_INTEGER的定义如下:
Please note that PLARGE_INTEGER is defined as such:
#if defined(MIDL_PASS)
typedef struct _LARGE_INTEGER {
#else // MIDL_PASS
typedef union _LARGE_INTEGER {
struct {
ULONG LowPart;
LONG HighPart;
} DUMMYSTRUCTNAME;
struct {
ULONG LowPart;
LONG HighPart;
} u;
#endif //MIDL_PASS
LONGLONG QuadPart;
} LARGE_INTEGER;
因此,可以说,如果要查看自上次使用时间戳记以来是否经过了30秒,可以执行以下操作:
So lets say, you want to see if 30 seconds passed since you last took a timestamp, you can do the following:
ULONG tickIncrement, ticks;
LARGE_INTEGER waitTillTimeStamp;
tickIncrement = KeQueryTimeIncrement();
//1秒是1,000,000,000纳秒,但是,因为KeQueryTimeIncrement在 //以100ns为增量,将其除以常数为10,000,000
// 1sec is 1,000,000,000 nano sec, however, since KeQueryTimeIncrement is in // 100ns increments, divide that and your constant is 10,000,000
ticks = ((30 * 10,000,000) / tickIncrement);
KeQueryTickCount(&waitTillTimeStamp);
waitTillTimeStamp.QuadPart += ticks;
<.....Some code and time passage....>
KeQueryTickCount(&currTimeStamp);
if (waitTillTimeStamp.QuadPart < currTimeStamp.QuadPart) {
<...Do whatever...>
}
另一个帮助您理解这一点的示例,如果要将时间戳转换为时间值(例如毫秒),该怎么办.
Another example to help you understand this, what if you want to translate the timestamp you got into a time value such as milliseconds.
LARGE_INTEGER mSec, currTimeStamp;
ULONG timeIncrement;
timeIncrement = KeQueryTimeIncrement();
KeQueryTickCount(&currTimeStamp);
// 1 millisecond is 1,000,000 nano seconds, but remember divide by 100 to account for
// KeQueryTickCount granularity.
mSec.QuadPart = (currTimeStamp.QuadPart * timeIncrement) / 10000;
请记住,此示例仅用于演示目的,mSec不是当前时间(以毫秒为单位).基于上面使用的API,仅是自系统启动以来经过的毫秒数.
Remember this example is for demonstration purposes, mSec is not the current time in milliseconds. Based on the APIs used above, it is merely the number of milliseconds that have elapsed since the system was started.
您还可以使用GetTickCount(),但这将返回DWORD,因此自系统启动以来长达49.7天,因此只能为您提供毫秒数.
You can also use GetTickCount(), but this returns a DWORD and thus will only be able to give you the number of milliseonds since the system was started for up to 49.7 days.
这篇关于Windows驱动程序时间戳功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
