轉 枚舉設備棧

hello.h數組

#pragma once
#include <ntddk.h>
#define CountArray(Array)  (	sizeof(Array)	/	sizeof(Array[0])	)



typedef struct _DEVICE_EXTENSION
{
	PDEVICE_OBJECT pDevice;							//設備對象
	UNICODE_STRING ustrDeviceName;					//設備名稱
	UNICODE_STRING ustrSymLinkName;					//符號名稱
}DEVICE_EXTENSION,*PDEVICE_EXTENSION;

#ifdef __cplusplus
extern "C"
{
#endif
#include <NTDDK.h>
	NTKERNELAPI
		NTSTATUS
		ObReferenceObjectByName(
		IN PUNICODE_STRING ObjectName,
		IN ULONG Attributes,
		IN PACCESS_STATE PassedAccessState OPTIONAL,
		IN ACCESS_MASK DesiredAccess OPTIONAL,
		IN POBJECT_TYPE ObjectType,
		IN KPROCESSOR_MODE AccessMode,
		IN OUT PVOID ParseContext OPTIONAL,
		OUT PVOID *Object
		);
	NTKERNELAPI
		PDEVICE_OBJECT
		NTAPI
		IoGetBaseFileSystemDeviceObject (
		IN PFILE_OBJECT FileObject
		);
	extern POBJECT_TYPE IoDeviceObjectType;
	extern POBJECT_TYPE *IoDriverObjectType;
#ifdef __cplusplus
}
#endif 


typedef struct _OBJECT_CREATE_INFORMATION
{
	ULONG Attributes;
	HANDLE RootDirectory;
	PVOID ParseContext;
	KPROCESSOR_MODE ProbeMode;
	ULONG PagedPoolCharge;
	ULONG NonPagedPoolCharge;
	ULONG SecurityDescriptorCharge;
	PSECURITY_DESCRIPTOR SecurityDescriptor;
	PSECURITY_QUALITY_OF_SERVICE SecurityQos;
	SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
} OBJECT_CREATE_INFORMATION, * POBJECT_CREATE_INFORMATION;

typedef struct _OBJECT_HEADER
{
	LONG PointerCount;
	union
	{
		LONG HandleCount;
		PSINGLE_LIST_ENTRY SEntry;
	};
	POBJECT_TYPE Type;
	UCHAR NameInfoOffset;
	UCHAR HandleInfoOffset;
	UCHAR QuotaInfoOffset;
	UCHAR Flags;
	union
	{
		POBJECT_CREATE_INFORMATION ObjectCreateInfo;
		PVOID QuotaBlockCharged;
	};

	PSECURITY_DESCRIPTOR SecurityDescriptor;
	QUAD Body;
} OBJECT_HEADER, * POBJECT_HEADER;

#define NUMBER_HASH_BUCKETS 37

typedef struct _OBJECT_DIRECTORY
{
	struct _OBJECT_DIRECTORY_ENTRY* HashBuckets[NUMBER_HASH_BUCKETS];
	struct _OBJECT_DIRECTORY_ENTRY** LookupBucket;
	BOOLEAN LookupFound;
	USHORT SymbolicLinkUsageCount;
	struct _DEVICE_MAP* DeviceMap;
} OBJECT_DIRECTORY, * POBJECT_DIRECTORY;

typedef struct _OBJECT_HEADER_NAME_INFO
{
	POBJECT_DIRECTORY Directory;
	UNICODE_STRING Name;
	ULONG Reserved;
#if DBG
	ULONG Reserved2 ;
	LONG DbgDereferenceCount ;
#endif
} OBJECT_HEADER_NAME_INFO, * POBJECT_HEADER_NAME_INFO;

#define OBJECT_TO_OBJECT_HEADER( o ) \
	CONTAINING_RECORD( (o), OBJECT_HEADER, Body )

#define OBJECT_HEADER_TO_NAME_INFO( oh ) ((POBJECT_HEADER_NAME_INFO) \
	((oh)->NameInfoOffset == 0 ? NULL : ((PCHAR)(oh) - (oh)->NameInfoOffset)))




#ifdef __cplusplus
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath);
#endif

void HelloUnload(IN PDRIVER_OBJECT DriverObject);							//卸載函數
NTSTATUS CreateDevice(PDRIVER_OBJECT PDevObj);								//建立設備
NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);	//派遣函數
NTSTATUS HelloDDKControl(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);			//IRP_MJ_DIRECTORY_CONTROL


 

 

 

Driver.cpp函數

#include "hello.h"

//獲取設備信息
VOID GetDeviceObjectInfo( PDEVICE_OBJECT DevObj)
{
	//變量定義
	POBJECT_HEADER ObjectHeader;
	POBJECT_HEADER_NAME_INFO ObjectNameInfo; 

	//參數判斷
	if (DevObj == NULL )
		return;

	// 獲得對象頭
	ObjectHeader = OBJECT_TO_OBJECT_HEADER( DevObj );

	if (ObjectHeader)
	{
		//查詢設備頭信息
		ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO( ObjectHeader );

		//輸出設備信息
		if ( ObjectNameInfo && ObjectNameInfo->Name.Buffer )
		{
			DbgPrint( "Driver Name:%wZ - Device Name:%wZ - Driver Address:0x%x - Device Address:0x%x\n",
				&DevObj->DriverObject->DriverName,
				&ObjectNameInfo->Name,
				DevObj->DriverObject,
				DevObj );
		}
		else if ( DevObj->DriverObject )
		{
			// 對於沒有名稱的設備,則打印 NULL
			DbgPrint( "Driver Name:%wZ - Device Name:%S - Driver Address:0x%x - Device Address:0x%x\n",
				&DevObj->DriverObject->DriverName,
				L"NULL",
				DevObj->DriverObject,
				DevObj );
		}
	}
}

//獲取過濾設備信息
VOID GetAttachedDeviceInfo( PDEVICE_OBJECT DevObj )
{
	//變量定義
	PDEVICE_OBJECT DeviceObject;

	//參數判斷
	if (DevObj == NULL)
		return;

	//變量賦值
	DeviceObject = DevObj->AttachedDevice;

	while ( DeviceObject )
	{
		//打印過濾設備信息
		DbgPrint( "Attached Driver Name:%wZ,Attached Driver Address:0x%x,Attached DeviceAddress:0x%x\n",
			&DeviceObject->DriverObject->DriverName,
			DeviceObject->DriverObject,
			DeviceObject );

		//獲取下一個設備
		DeviceObject = DeviceObject->AttachedDevice;
	}
}

//枚舉設備棧
PDRIVER_OBJECT EnumDeviceStack( PWSTR pwszDeviceName )
{
	//變量定義
	UNICODE_STRING DriverName;
	PDRIVER_OBJECT DriverObject = NULL;
	PDEVICE_OBJECT DeviceObject = NULL;

	//獲取設備對象指針  
	RtlInitUnicodeString(&DriverName,pwszDeviceName);
	ObReferenceObjectByName(&DriverName,OBJ_CASE_INSENSITIVE,NULL,0,(POBJECT_TYPE)IoDriverObjectType,KernelMode,NULL,(PVOID*)&DriverObject );

	//設備判斷
	if (DriverObject == NULL)
		return NULL;

	//變量賦值
	DeviceObject = DriverObject->DeviceObject;

	//獲取設備棧
	while ( DeviceObject )
	{
		//獲取設備信息
		GetDeviceObjectInfo( DeviceObject );

		// 判斷當前設備上是否有過濾驅動(Filter Driver)
		if ( DeviceObject->AttachedDevice )
		{
			//獲取過濾設備
			GetAttachedDeviceInfo( DeviceObject );
		}

		// 進一步判斷當前設備上 VPB 中的設備
		if ( DeviceObject->Vpb && DeviceObject->Vpb->DeviceObject )
		{
			GetDeviceObjectInfo( DeviceObject->Vpb->DeviceObject );

			if ( DeviceObject->Vpb->DeviceObject->AttachedDevice )
			{
				GetAttachedDeviceInfo( DeviceObject->Vpb->DeviceObject );
			}
		}

		// 獲得創建在此驅動上的下一個設備 DEVICE_OBJECT 
		DeviceObject = DeviceObject->NextDevice;
	}

	return DriverObject;
}


NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath)
{
	DbgPrint("Hello from!\n");
	DriverObject->DriverUnload = HelloUnload;
	for (int i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)
	{
		DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;
	}
	
	//建立設備
	CreateDevice(DriverObject);
	EnumDeviceStack(L"\\Driver\\Kbdclass");
	return STATUS_SUCCESS;
}


//卸載函數
void HelloUnload(IN PDRIVER_OBJECT DriverObject)
{
	DbgPrint("Goodbye from!\n");
	PDEVICE_OBJECT pNextObj=NULL;
	pNextObj=DriverObject->DeviceObject;

	while (pNextObj)
	{
		PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;
		//刪除符號鏈接
		IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);
		//刪除設備
		IoDeleteDevice(pDevExt->pDevice);
		pNextObj=pNextObj->NextDevice;
	}
}

//建立設備
NTSTATUS CreateDevice(PDRIVER_OBJECT pDriver_Object)
{
	//定義變量
	NTSTATUS status=STATUS_SUCCESS;
	PDEVICE_OBJECT pDevObje=NULL;
	PDEVICE_EXTENSION pDevExt=NULL;

	//初始化字符串
	UNICODE_STRING devname;
	UNICODE_STRING symLinkName;
	RtlInitUnicodeString(&devname,L"\\device\\hello");
	RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");

	//建立設備
	if (IoCreateDevice(pDriver_Object,sizeof(PDEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObje)!=STATUS_SUCCESS )
	{
		DbgPrint("建立設備失敗\n");
		return status;
	}
	pDevObje->Flags |= DO_DIRECT_IO;
	pDevExt=(PDEVICE_EXTENSION)pDevObje->DeviceExtension;
	pDevExt->pDevice=pDevObje;
	pDevExt->ustrDeviceName=devname;
	pDevExt->ustrSymLinkName=symLinkName;

	//建立符號鏈接
	if (IoCreateSymbolicLink(&symLinkName,&devname)!=STATUS_SUCCESS )
	{
		DbgPrint("建立符號鏈接失敗\n");
		IoDeleteDevice(pDevObje);
		return status;
	}
	return STATUS_SUCCESS;
}

//派遣函數
NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP)
{
	

	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrP);
	//創建一個字符串數組與IRP類型對應起來
	static char* irpname[] = 
	{
		"IRP_MJ_CREATE",
		"IRP_MJ_CREATE_NAMED_PIPE",
		"IRP_MJ_CLOSE",
		"IRP_MJ_READ",
		"IRP_MJ_WRITE",
		"IRP_MJ_QUERY_INFORMATION",
		"IRP_MJ_SET_INFORMATION",
		"IRP_MJ_QUERY_EA",
		"IRP_MJ_SET_EA",
		"IRP_MJ_FLUSH_BUFFERS",
		"IRP_MJ_QUERY_VOLUME_INFORMATION",
		"IRP_MJ_SET_VOLUME_INFORMATION",
		"IRP_MJ_DIRECTORY_CONTROL",
		"IRP_MJ_FILE_SYSTEM_CONTROL",
		"IRP_MJ_DEVICE_CONTROL",
		"IRP_MJ_INTERNAL_DEVICE_CONTROL",
		"IRP_MJ_SHUTDOWN",
		"IRP_MJ_LOCK_CONTROL",
		"IRP_MJ_CLEANUP",
		"IRP_MJ_CREATE_MAILSLOT",
		"IRP_MJ_QUERY_SECURITY",
		"IRP_MJ_SET_SECURITY",
		"IRP_MJ_POWER",
		"IRP_MJ_SYSTEM_CONTROL",
		"IRP_MJ_DEVICE_CHANGE",
		"IRP_MJ_QUERY_QUOTA",
		"IRP_MJ_SET_QUOTA",
		"IRP_MJ_PNP",
	};

	UCHAR type = stack->MajorFunction;

	if (type >= CountArray(irpname))
		KdPrint(("無效的IRP類型 %X\n", type));
	else
		KdPrint(("%s\n", irpname[type]));




	pIrP->IoStatus.Status=STATUS_SUCCESS;					//設置完成狀態
	pIrP->IoStatus.Information=0;							//設置操做字節爲0
	IoCompleteRequest(pIrP,IO_NO_INCREMENT);			//結束IRP派遣函數,第二個參數表示不增長優先級
	return STATUS_SUCCESS;
}
相關文章
相關標籤/搜索