‹‹ 上一主题 | 下一主题 ››
发新话题
打印

[原创]驱动和GUI应用通信

dream2fly

荣誉会员

Rank: 6Rank: 6Rank: 6

E.S.T论坛贵宾

帖子
593 
精华
41 
积分
4641 
阅读权限
100 
性别
男 
在线时间
478 小时 
注册时间
2004-11-20 
最后登录
2008-11-15 

原创技术奖 软件研发奖

楼主 发表于 2007-6-25 16:29  只看该作者

[原创]驱动和GUI应用通信

文章作者:dream2fly
信息来源:邪恶八进制信息安全团队(www.eviloctal.com

其实不算原创,不过算是偶三天学习DDK第一个调试通过的DDK程序,庆祝下!!
驱动加载
Code Language : C
  1. #include <windows.h>
  2. #include <stdio.h>
  3.  
  4. /*********************************************************
  5.  *  Main Function Entry
  6.  *
  7.  *********************************************************/
  8. int _cdecl main(int argc, char *argv[])
  9. {
  10.   /*
  11.   if (argv[1] == \"\")
  12.   {
  13.     printf(\"input sys!\");
  14.     return -1;
  15.   }
  16.   */
  17.   HANDLE hSCManager;
  18.   HANDLE hService;
  19.   SERVICE_STATUS ss;
  20.  
  21.   hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
  22.  
  23.   printf(\"Load Driver\n\");
  24.  
  25.  if(hSCManager)
  26.  {
  27.    printf(\"Create Service\n\");
  28.  
  29.    hService = CreateService(hSCManager, \"CommDriverDev\", \"CommDriverDev Driver\", SERVICE_START | DELETE | SERVICE_STOP, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_IGNORE,
  30.      \"D:\\DriverEnv\\DriveGUIComm_demo\\Driver\\i386\\CommDriver.sys\", NULL, NULL, NULL, NULL, NULL);
  31.  
  32.    if(!hService)
  33.    {
  34.      hService = OpenService(hSCManager, \"CommDriverDev\", SERVICE_START | DELETE | SERVICE_STOP);
  35.    }
  36.  
  37.    if(hService)
  38.    {
  39.      printf(\"Start Service\n\");
  40.  
  41.      StartService(hService, 0, NULL);
  42.      printf(\"Press Enter to close service\r\n\");
  43.      getchar();
  44.      ControlService(hService, SERVICE_CONTROL_STOP, &ss);
  45.  
  46.      CloseServiceHandle(hService);
  47.  
  48.      DeleteService(hService);
  49.    }
  50.  
  51.    CloseServiceHandle(hSCManager);
  52.  }
  53.  
  54.  return 0;
  55. }
Parsed in 0.009 seconds
驱动 ,激动人心啊,DRIVERENTRY,哈哈
Code Language : C
  1. #include <ntddk.h>
  2. #include \"CommDriver.h\"
  3. #include \"..\include\IoControl.h\"
  4.  
  5.  
  6. PVOID  gpEventObject = NULL;
  7.  
  8. /*
  9. Response to CreateFile
  10. */
  11. NTSTATUS CommDriver_Create(
  12.   IN PDEVICE_OBJECT DeviceObject,
  13.   IN PIRP Irp
  14.   )
  15. {
  16.   NTSTATUS status = STATUS_SUCCESS;
  17.  
  18.   DbgPrint(\"CommDriver_Create\n\");
  19.  
  20.  Irp->IoStatus.Status = STATUS_SUCCESS;
  21.  Irp->IoStatus.Information = 0;
  22.  IoCompleteRequest(Irp, IO_NO_INCREMENT);
  23.  
  24.  return status;
  25. }
  26.  
  27. /*
  28. Response to CloseHandle
  29. */
  30. NTSTATUS CommDriver_Close(
  31.  IN PDEVICE_OBJECT DeviceObject,
  32.  IN PIRP Irp
  33.  )
  34. {
  35.  NTSTATUS status = STATUS_SUCCESS;
  36.  
  37.  DbgPrint(\"CommDriver_Close\n\");
  38.  
  39.  Irp->IoStatus.Status = STATUS_SUCCESS;
  40.  Irp->IoStatus.Information = 0;
  41.  IoCompleteRequest(Irp, IO_NO_INCREMENT);
  42.  
  43.  return status;
  44. }
  45.  
  46. /*
  47. Resonse to DeviceIoControl
  48. */
  49. NTSTATUS CommDriver_IoControl(
  50.  IN PDEVICE_OBJECT DeviceObject,
  51.  IN PIRP Irp
  52.  )
  53. {
  54.  NTSTATUS          status = STATUS_SUCCESS;
  55.  ULONG            controlCode;
  56.  PIO_STACK_LOCATION      irpStack;
  57.  HANDLE            hEvent;
  58.  OBJECT_HANDLE_INFORMATION  objHandleInfo;
  59.  LONG*            outBuf;
  60.  
  61.  irpStack = IoGetCurrentIrpStackLocation(Irp);
  62.  controlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;
  63.  
  64.  switch(controlCode)
  65.  {
  66.  case IO_REFERENCE_EVENT:
  67.    hEvent = (HANDLE) irpStack->Parameters.DeviceIoControl.Type3InputBuffer;
  68.    status = ObReferenceObjectByHandle(
  69.        hEvent,
  70.        GENERIC_ALL,
  71.        NULL,
  72.        KernelMode,
  73.        &gpEventObject,
  74.        &objHandleInfo);
  75.    if(status != STATUS_SUCCESS)
  76.    {
  77.      DbgPrint(\"ObReferenceObjectByHandle failed! status = %x\n\", status);
  78.      break;
  79.    }
  80.    DbgPrint(\"Referenct object sussfully!\n\");
  81.    break;
  82.    
  83.  case IO_DEREFERENCE_EVENT:
  84.    if(gpEventObject)
  85.      ObDereferenceObject(gpEventObject);
  86.    DbgPrint(\"Dereferenct object sussfully!\n\");
  87.    break;
  88.  
  89.  case IO_SET_EVENT:
  90.    KeSetEvent(gpEventObject,
  91.      0,
  92.      FALSE);
  93.    DbgPrint(\"KeSetEvent sussfully!\n\");
  94.    break;
  95.    
  96.  case IO_CLEAR_EVENT:
  97.    KeClearEvent(gpEventObject);
  98.    DbgPrint(\"KeClearEvent sussfully!\n\");
  99.    break;
  100.  
  101.  case IO_QUERY_EVENT_STATE:
  102.    DbgPrint(\"in KeReadStateEvent !\n\");
  103.    outBuf = (LONG*) Irp->UserBuffer;
  104.    *outBuf = KeReadStateEvent(gpEventObject);
  105.    DbgPrint(\"KeReadStateEvent sussfully!\n\");
  106.    
  107.    Irp->IoStatus.Status = STATUS_SUCCESS;
  108.    Irp->IoStatus.Information = sizeof(LONG);
  109.    IoCompleteRequest(Irp, IO_NO_INCREMENT);
  110.    return status;
  111.  
  112.  default:
  113.    break;
  114.  }
  115.  
  116.  Irp->IoStatus.Status = STATUS_SUCCESS;
  117.  Irp->IoStatus.Information = 0;
  118.  IoCompleteRequest(Irp, IO_NO_INCREMENT);
  119.  
  120.  return status;
  121. }
  122.  
  123.  
  124. void CommDriver_Unload(
  125.  IN PDRIVER_OBJECT DriverObject
  126.  )
  127. {
  128.  UNICODE_STRING  SymbolicName;
  129.  
  130.  RtlInitUnicodeString(&SymbolicName, COMM_DRIVER_WIN32_DEV_NAME);
  131.  IoDeleteSymbolicLink(&SymbolicName);
  132.  
  133.  IoDeleteDevice(DriverObject->DeviceObject);
  134. }
  135.  
  136. NTSTATUS DriverEntry(
  137.  IN PDRIVER_OBJECT DriverObject,
  138.  IN PUNICODE_STRING RegistryPath
  139.  )
  140. {
  141.  NTSTATUS    status = STATUS_SUCCESS;
  142.  UNICODE_STRING  DeviceName;
  143.  UNICODE_STRING  SymbolicName;
  144.  
  145.  /* Driver unload routine */
  146.  DriverObject->DriverUnload = CommDriver_Unload;
  147.  
  148.  /* Initialize major functions */
  149.  DriverObject->MajorFunction[IRP_MJ_CREATE] = CommDriver_Create;
  150.  DriverObject->MajorFunction[IRP_MJ_CLOSE] = CommDriver_Close;
  151.  DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = CommDriver_IoControl;
  152.  
  153.  /* Initizlize device name and symbolic name */
  154.  RtlInitUnicodeString(&DeviceName, COMM_DRIVER_DEV_NAME);
  155.  RtlInitUnicodeString(&SymbolicName, COMM_DRIVER_WIN32_DEV_NAME);
  156.  
  157.  /*
  158.  Create a communication object,
  159.  GUI application can open the device and communicate with this kernel module.
  160.  */
  161.  status = IoCreateDevice(
  162.      DriverObject,
  163.      sizeof(COMM_DRIVER_EXT),
  164.      &DeviceName,
  165.      FILE_DEVICE_UNKNOWN,
  166.      0,
  167.      TRUE,
  168.      &DriverObject->DeviceObject
  169.      );
  170.  if(status != STATUS_SUCCESS)
  171.  {
  172.    DbgPrint(\"IoCreateDevice failed\n\");
  173.    return status;
  174.  }
  175.  
  176.  /* Create symbilic link */
  177.  status = IoCreateSymbolicLink(&SymbolicName, &DeviceName);
  178.  if(status != STATUS_SUCCESS)
  179.  {
  180.    DbgPrint(\"IoCreateSymbolicLink failed\n\");
  181.    return status;
  182.  }
  183.  
  184.  DbgPrint(\"Exit DriverEntry\n\");
  185.  
  186.  return status;
  187. }
Parsed in 0.033 seconds
其他看代码附件

后记:现在研究完TDI和FSD才知道当初的疯狂多么白痴啊

附件

DriveGUIComm_demo.rar (16 KB)

2007-6-25 16:29, 下载次数: 76

QQ:838468959

TOP

gary.wing

荣誉会员

Rank: 6Rank: 6Rank: 6

帖子
68 
精华
0 
积分
3269 
阅读权限
100 
性别
男 
在线时间
133 小时 
注册时间
2007-6-1 
最后登录
2008-6-12 
沙发 发表于 2007-6-25 19:16  只看该作者
我写的第一个driver乱改内存居然没有bsod的时候的确也很让我激动了一把...

TOP

flying_bat

晶莹剔透§烈日灼然

Rank: 1

帖子
精华
0 
积分
30 
阅读权限
40 
在线时间
33 小时 
注册时间
2006-7-31 
最后登录
2008-11-14 
椅子 发表于 2007-7-13 14:27  只看该作者
LZ用内存文件应该容易点.

TOP

dream2fly

荣誉会员

Rank: 6Rank: 6Rank: 6

E.S.T论坛贵宾

帖子
593 
精华
41 
积分
4641 
阅读权限
100 
性别
男 
在线时间
478 小时 
注册时间
2004-11-20 
最后登录
2008-11-15 

原创技术奖 软件研发奖

板凳 发表于 2007-7-13 15:29  只看该作者
引用:
引用第2楼flying_bat于2007-07-13 14:27发表的 :
LZ用内存文件应该容易点.
容易个鸟啊,内存文件很少有人用的说
QQ:838468959

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题