hello.h數組
#pragma once #include <ntddk.h> #define CountArray(Array) ( sizeof(Array) / sizeof(Array[0]) ) typedef struct _DEVICE_EXTENSION { PDEVICE_OBJECT pDevice; //設備對象 UNICODE_STRING ustrDeviceName; //設備名稱 UNICODE_STRING ustrSymLinkName; //符號名稱 }DEVICE_EXTENSION,*PDEVICE_EXTENSION; #ifdef __cplusplus extern "C" { #endif #include <NTDDK.h> NTKERNELAPI NTSTATUS ObReferenceObjectByName( IN PUNICODE_STRING ObjectName, IN ULONG Attributes, IN PACCESS_STATE PassedAccessState OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, OUT PVOID *Object ); NTKERNELAPI PDEVICE_OBJECT NTAPI IoGetBaseFileSystemDeviceObject ( IN PFILE_OBJECT FileObject ); extern POBJECT_TYPE IoDeviceObjectType; extern POBJECT_TYPE *IoDriverObjectType; #ifdef __cplusplus } #endif typedef struct _OBJECT_CREATE_INFORMATION { ULONG Attributes; HANDLE RootDirectory; PVOID ParseContext; KPROCESSOR_MODE ProbeMode; ULONG PagedPoolCharge; ULONG NonPagedPoolCharge; ULONG SecurityDescriptorCharge; PSECURITY_DESCRIPTOR SecurityDescriptor; PSECURITY_QUALITY_OF_SERVICE SecurityQos; SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; } OBJECT_CREATE_INFORMATION, * POBJECT_CREATE_INFORMATION; typedef struct _OBJECT_HEADER { LONG PointerCount; union { LONG HandleCount; PSINGLE_LIST_ENTRY SEntry; }; POBJECT_TYPE Type; UCHAR NameInfoOffset; UCHAR HandleInfoOffset; UCHAR QuotaInfoOffset; UCHAR Flags; union { POBJECT_CREATE_INFORMATION ObjectCreateInfo; PVOID QuotaBlockCharged; }; PSECURITY_DESCRIPTOR SecurityDescriptor; QUAD Body; } OBJECT_HEADER, * POBJECT_HEADER; #define NUMBER_HASH_BUCKETS 37 typedef struct _OBJECT_DIRECTORY { struct _OBJECT_DIRECTORY_ENTRY* HashBuckets[NUMBER_HASH_BUCKETS]; struct _OBJECT_DIRECTORY_ENTRY** LookupBucket; BOOLEAN LookupFound; USHORT SymbolicLinkUsageCount; struct _DEVICE_MAP* DeviceMap; } OBJECT_DIRECTORY, * POBJECT_DIRECTORY; typedef struct _OBJECT_HEADER_NAME_INFO { POBJECT_DIRECTORY Directory; UNICODE_STRING Name; ULONG Reserved; #if DBG ULONG Reserved2 ; LONG DbgDereferenceCount ; #endif } OBJECT_HEADER_NAME_INFO, * POBJECT_HEADER_NAME_INFO; #define OBJECT_TO_OBJECT_HEADER( o ) \ CONTAINING_RECORD( (o), OBJECT_HEADER, Body ) #define OBJECT_HEADER_TO_NAME_INFO( oh ) ((POBJECT_HEADER_NAME_INFO) \ ((oh)->NameInfoOffset == 0 ? NULL : ((PCHAR)(oh) - (oh)->NameInfoOffset))) #ifdef __cplusplus extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath); #endif void HelloUnload(IN PDRIVER_OBJECT DriverObject); //卸載函數 NTSTATUS CreateDevice(PDRIVER_OBJECT PDevObj); //建立設備 NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp); //派遣函數 NTSTATUS HelloDDKControl(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp); //IRP_MJ_DIRECTORY_CONTROL
Driver.cpp函數
#include "hello.h" //獲取設備信息 VOID GetDeviceObjectInfo( PDEVICE_OBJECT DevObj) { //變量定義 POBJECT_HEADER ObjectHeader; POBJECT_HEADER_NAME_INFO ObjectNameInfo; //參數判斷 if (DevObj == NULL ) return; // 獲得對象頭 ObjectHeader = OBJECT_TO_OBJECT_HEADER( DevObj ); if (ObjectHeader) { //查詢設備頭信息 ObjectNameInfo = OBJECT_HEADER_TO_NAME_INFO( ObjectHeader ); //輸出設備信息 if ( ObjectNameInfo && ObjectNameInfo->Name.Buffer ) { DbgPrint( "Driver Name:%wZ - Device Name:%wZ - Driver Address:0x%x - Device Address:0x%x\n", &DevObj->DriverObject->DriverName, &ObjectNameInfo->Name, DevObj->DriverObject, DevObj ); } else if ( DevObj->DriverObject ) { // 對於沒有名稱的設備,則打印 NULL DbgPrint( "Driver Name:%wZ - Device Name:%S - Driver Address:0x%x - Device Address:0x%x\n", &DevObj->DriverObject->DriverName, L"NULL", DevObj->DriverObject, DevObj ); } } } //獲取過濾設備信息 VOID GetAttachedDeviceInfo( PDEVICE_OBJECT DevObj ) { //變量定義 PDEVICE_OBJECT DeviceObject; //參數判斷 if (DevObj == NULL) return; //變量賦值 DeviceObject = DevObj->AttachedDevice; while ( DeviceObject ) { //打印過濾設備信息 DbgPrint( "Attached Driver Name:%wZ,Attached Driver Address:0x%x,Attached DeviceAddress:0x%x\n", &DeviceObject->DriverObject->DriverName, DeviceObject->DriverObject, DeviceObject ); //獲取下一個設備 DeviceObject = DeviceObject->AttachedDevice; } } //枚舉設備棧 PDRIVER_OBJECT EnumDeviceStack( PWSTR pwszDeviceName ) { //變量定義 UNICODE_STRING DriverName; PDRIVER_OBJECT DriverObject = NULL; PDEVICE_OBJECT DeviceObject = NULL; //獲取設備對象指針 RtlInitUnicodeString(&DriverName,pwszDeviceName); ObReferenceObjectByName(&DriverName,OBJ_CASE_INSENSITIVE,NULL,0,(POBJECT_TYPE)IoDriverObjectType,KernelMode,NULL,(PVOID*)&DriverObject ); //設備判斷 if (DriverObject == NULL) return NULL; //變量賦值 DeviceObject = DriverObject->DeviceObject; //獲取設備棧 while ( DeviceObject ) { //獲取設備信息 GetDeviceObjectInfo( DeviceObject ); // 判斷當前設備上是否有過濾驅動(Filter Driver) if ( DeviceObject->AttachedDevice ) { //獲取過濾設備 GetAttachedDeviceInfo( DeviceObject ); } // 進一步判斷當前設備上 VPB 中的設備 if ( DeviceObject->Vpb && DeviceObject->Vpb->DeviceObject ) { GetDeviceObjectInfo( DeviceObject->Vpb->DeviceObject ); if ( DeviceObject->Vpb->DeviceObject->AttachedDevice ) { GetAttachedDeviceInfo( DeviceObject->Vpb->DeviceObject ); } } // 獲得創建在此驅動上的下一個設備 DEVICE_OBJECT DeviceObject = DeviceObject->NextDevice; } return DriverObject; } NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) { DbgPrint("Hello from!\n"); DriverObject->DriverUnload = HelloUnload; for (int i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++) { DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine; } //建立設備 CreateDevice(DriverObject); EnumDeviceStack(L"\\Driver\\Kbdclass"); return STATUS_SUCCESS; } //卸載函數 void HelloUnload(IN PDRIVER_OBJECT DriverObject) { DbgPrint("Goodbye from!\n"); PDEVICE_OBJECT pNextObj=NULL; pNextObj=DriverObject->DeviceObject; while (pNextObj) { PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension; //刪除符號鏈接 IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName); //刪除設備 IoDeleteDevice(pDevExt->pDevice); pNextObj=pNextObj->NextDevice; } } //建立設備 NTSTATUS CreateDevice(PDRIVER_OBJECT pDriver_Object) { //定義變量 NTSTATUS status=STATUS_SUCCESS; PDEVICE_OBJECT pDevObje=NULL; PDEVICE_EXTENSION pDevExt=NULL; //初始化字符串 UNICODE_STRING devname; UNICODE_STRING symLinkName; RtlInitUnicodeString(&devname,L"\\device\\hello"); RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK"); //建立設備 if (IoCreateDevice(pDriver_Object,sizeof(PDEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObje)!=STATUS_SUCCESS ) { DbgPrint("建立設備失敗\n"); return status; } pDevObje->Flags |= DO_DIRECT_IO; pDevExt=(PDEVICE_EXTENSION)pDevObje->DeviceExtension; pDevExt->pDevice=pDevObje; pDevExt->ustrDeviceName=devname; pDevExt->ustrSymLinkName=symLinkName; //建立符號鏈接 if (IoCreateSymbolicLink(&symLinkName,&devname)!=STATUS_SUCCESS ) { DbgPrint("建立符號鏈接失敗\n"); IoDeleteDevice(pDevObje); return status; } return STATUS_SUCCESS; } //派遣函數 NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP) { PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrP); //創建一個字符串數組與IRP類型對應起來 static char* irpname[] = { "IRP_MJ_CREATE", "IRP_MJ_CREATE_NAMED_PIPE", "IRP_MJ_CLOSE", "IRP_MJ_READ", "IRP_MJ_WRITE", "IRP_MJ_QUERY_INFORMATION", "IRP_MJ_SET_INFORMATION", "IRP_MJ_QUERY_EA", "IRP_MJ_SET_EA", "IRP_MJ_FLUSH_BUFFERS", "IRP_MJ_QUERY_VOLUME_INFORMATION", "IRP_MJ_SET_VOLUME_INFORMATION", "IRP_MJ_DIRECTORY_CONTROL", "IRP_MJ_FILE_SYSTEM_CONTROL", "IRP_MJ_DEVICE_CONTROL", "IRP_MJ_INTERNAL_DEVICE_CONTROL", "IRP_MJ_SHUTDOWN", "IRP_MJ_LOCK_CONTROL", "IRP_MJ_CLEANUP", "IRP_MJ_CREATE_MAILSLOT", "IRP_MJ_QUERY_SECURITY", "IRP_MJ_SET_SECURITY", "IRP_MJ_POWER", "IRP_MJ_SYSTEM_CONTROL", "IRP_MJ_DEVICE_CHANGE", "IRP_MJ_QUERY_QUOTA", "IRP_MJ_SET_QUOTA", "IRP_MJ_PNP", }; UCHAR type = stack->MajorFunction; if (type >= CountArray(irpname)) KdPrint(("無效的IRP類型 %X\n", type)); else KdPrint(("%s\n", irpname[type])); pIrP->IoStatus.Status=STATUS_SUCCESS; //設置完成狀態 pIrP->IoStatus.Information=0; //設置操做字節爲0 IoCompleteRequest(pIrP,IO_NO_INCREMENT); //結束IRP派遣函數,第二個參數表示不增長優先級 return STATUS_SUCCESS; }