问题
Can I get an event callback to my kernel driver when the boot process has completed, or when a user logs in?
回答1:
The simple answer is no.
The long answer is yes, but why?
I'll answer the second part, because it's easier. You can easily register to recieve a notification when any process is launched. A short examination of Windows Internals will tell you that from Vista and up, the process userinit.exe is the first process to be executed in any given user session.
To the first part, this very much changes depending on your definition of boot process. Is it when a GUI is loaded? Is it when the computer can receive network requests? Does it matter which network requests (TCP/IP, SMB, RPC)?
The answer to each of these is very different.
- When win32K has finished loading
- When the TCP/IP stack drivers finish loading
- When specific services (RPC, Server service) are done loading
What is the problem you're trying to solve?
来源:https://stackoverflow.com/questions/8713821/windows-kernel-driver-boot-winlogon-complete-callback