内核线程创建列子

//vs2013+ wdk8.1下编译
#include 



BOOLEAN	bStoped = FALSE;
PVOID	pThreadObj=NULL;
NTSTATUS Unload(PDRIVER_OBJECT driver)
{
	DbgPrint("unloaded!");
	bStoped = TRUE;
	KeWaitForSingleObject(pThreadObj, Executive, KernelMode, FALSE, NULL);
	ObDereferenceObject(pThreadObj);
	return STATUS_SUCCESS;
}


void MyThread(PVOID pContext)
{
	LARGE_INTEGER interval;
	interval.QuadPart = -10000000;//1s
	int i = 0;
	while (!bStoped)
	{
		DbgPrint("in loop thread %d",i);
		i++;

		/*
		something you can do
		*/
		KeDelayExecutionThread(KernelMode, FALSE, &interval);
	}
	PsTerminateSystemThread(STATUS_SUCCESS);
}

NTSTATUS CreateMyThread()
{
	OBJECT_ATTRIBUTES ObjAddr = { 0 };
	HANDLE ThreadHandle = 0;
	NTSTATUS status = STATUS_SUCCESS;
	InitializeObjectAttributes(&ObjAddr, NULL, OBJ_KERNEL_HANDLE, 0, NULL);
	status = PsCreateSystemThread(&ThreadHandle, THREAD_ALL_ACCESS, &ObjAddr, NULL, NULL, MyThread, NULL);
	if (NT_SUCCESS(status)){
		DbgPrint("Create Thread Success");
		status = ObReferenceObjectByHandle(ThreadHandle, THREAD_ALL_ACCESS, *PsThreadType, KernelMode, &pThreadObj, NULL);
		ZwClose(ThreadHandle);
		if (!NT_SUCCESS(status)){
			bStoped = TRUE;
		}
	}
	return status;
}


NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
{


	driver->DriverUnload = Unload;
	
	CreateMyThread();
	return STATUS_SUCCESS;

}

内核输出