官方bilibiliWindows破解入门Android逆向入门
【网络诊断修复工具】切换到窄版

吾爱破解 - LCG - LSG |安卓破解|病毒分析|www.52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

吾爱破解 - LCG - LSG |安卓破解|病毒分析|www.52pojie.cn»网站 【 软件安全 】 『编程语言区』 驱动调用驱动 小例子
返回列表 发新帖
查看: 1501|回复: 0
收起左侧

[C&C++ 转载] 驱动调用驱动 小例子

[复制链接]
古月不傲
古月不傲 发表于 2019-12-25 13:17
[C] 纯文本查看 复制代码
#pragma once
//DriverA
#include <ntddk.h>

//创建自定义设备扩展
typedef struct _DEVICE_EXTENTION
{
	PDEVICE_OBJECT pDeviceObject;
	UNICODE_STRING uszDeviceName;
	UNICODE_STRING uszSymbolName;
	PIRP pCurrentIrp;
	KTIMER kTimer;
	KDPC kDpc;
}DEVICE_EXTENTION, *PDEVICE_EXTENTION;

//驱动入口
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING puszRegPathName);
//驱动卸载
VOID MyDriverUnload(PDRIVER_OBJECT pDriverObject);
//创建设备对象 为了交互数据
NTSTATUS CreateDevice(PDRIVER_OBJECT pDriverObject);
//普通回调
NTSTATUS DispatchGeneral(PDEVICE_OBJECT pDeviceObject, PIRP pIrp);
//读取回调 将当前要处理的IRP挂起 3秒后触发DPC回调结束IRP 同步
NTSTATUS DispatchRead(PDEVICE_OBJECT pDeviceObject, PIRP pIrp);

#include "DriverA.h"

//DPC回调
VOID DeferTimer(
	_In_     struct _KDPC *Dpc,
	_In_opt_ PVOID        DeferredContext,
	_In_opt_ PVOID        SystemArgument1,
	_In_opt_ PVOID        SystemArgument2
)
{
	PDEVICE_EXTENTION pDeviceExtention = NULL;
	PDEVICE_OBJECT pDeviceObject = (PDEVICE_OBJECT)DeferredContext;
	pDeviceExtention = (PDEVICE_EXTENTION)pDeviceObject->DeviceExtension;
	PIRP pCurrentIrp = pDeviceExtention->pCurrentIrp;
	KdPrint(("DriverA\n"));
	pCurrentIrp->IoStatus.Information = 0;
	pCurrentIrp->IoStatus.Status = STATUS_SUCCESS;
	IoCompleteRequest(pCurrentIrp, IO_NO_INCREMENT);
}

//驱动卸载
VOID MyDriverUnload(PDRIVER_OBJECT pDriverObject)
{
	PDEVICE_EXTENTION pDeviceExtention = NULL;
	PDEVICE_OBJECT pFirstDeviceObject = NULL;
	pFirstDeviceObject = pDriverObject->DeviceObject;
	ASSERT(pFirstDeviceObject != NULL);
	pDeviceExtention = (PDEVICE_EXTENTION)(pFirstDeviceObject->DeviceExtension);
	KeCancelTimer(&pDeviceExtention->kTimer);
	pDeviceExtention = (PDEVICE_EXTENTION)pFirstDeviceObject->DeviceExtension;
	IoDeleteSymbolicLink(&pDeviceExtention->uszSymbolName);
	IoDeleteDevice(pDeviceExtention->pDeviceObject);
}

//创建设备对象 为了交互数据
NTSTATUS CreateDevice(PDRIVER_OBJECT pDriverObject)
{
	NTSTATUS ntStatus = STATUS_SUCCESS;
	UNICODE_STRING uszDeviceName = RTL_CONSTANT_STRING(L"\\Device\\DriverA");
	UNICODE_STRING uszSymbolName = RTL_CONSTANT_STRING(L"\\??\\DriverASymbol");
	PDEVICE_OBJECT pDeviceObject = NULL;
	PDEVICE_EXTENTION pDeviceExtention = NULL;

	ntStatus = IoCreateDevice(pDriverObject, sizeof(DEVICE_EXTENTION), &uszDeviceName,
		FILE_DEVICE_UNKNOWN, 0, TRUE, &pDeviceObject);
	if (!NT_SUCCESS(ntStatus))
	{
		KdPrint(("IoCreateDevice 错误:%x\n", ntStatus));
		return ntStatus;
	}
	ntStatus = IoCreateSymbolicLink(&uszSymbolName, &uszDeviceName);
	if (!NT_SUCCESS(ntStatus))
	{
		KdPrint(("IoCreateSymbolicLink 错误:%x\n", ntStatus));
		return ntStatus;
	}
	pDeviceExtention = (PDEVICE_EXTENTION)(pDeviceObject->DeviceExtension);
	//初始化时间对象
	KeInitializeTimer(&pDeviceExtention->kTimer);
	//初始化DPC对象
	KeInitializeDpc(&pDeviceExtention->kDpc, DeferTimer, (PVOID)pDeviceObject);
	pDeviceExtention->pDeviceObject = pDeviceObject;
	pDeviceExtention->uszDeviceName = uszDeviceName;
	pDeviceExtention->uszSymbolName = uszSymbolName;
	pDeviceObject->Flags |= DO_DIRECT_IO;

	return ntStatus;
}

//普通回调
NTSTATUS DispatchGeneral(PDEVICE_OBJECT pDeviceObject, PIRP pIrp)
{
	NTSTATUS ntStatus = STATUS_SUCCESS;
	pIrp->IoStatus.Information = 0;
	pIrp->IoStatus.Status = ntStatus;
	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
	return ntStatus;
}

//读取回调 将当前要处理的IRP挂起 3秒后触发DPC回调结束IRP 同步
NTSTATUS DispatchRead(PDEVICE_OBJECT pDeviceObject, PIRP pIrp)
{
	PDEVICE_EXTENTION pDeviceExtention = NULL;

	IoMarkIrpPending(pIrp);

	pDeviceExtention = (PDEVICE_EXTENTION)(pDeviceObject->DeviceExtension);
	pDeviceExtention->pCurrentIrp = pIrp;
	LARGE_INTEGER aa = { 0 };
	aa.QuadPart = -30000000;
	//启动定时器 3秒后进入DPC回调
	KeSetTimer(
		&pDeviceExtention->kTimer,
		aa,
		&pDeviceExtention->kDpc);
	return STATUS_PENDING;
}

//驱动入口
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING puszRegPathName)
{
	NTSTATUS ntStatus = STATUS_SUCCESS;
	pDriverObject->DriverUnload = MyDriverUnload;
	CreateDevice(pDriverObject);
	for (ULONG64 uCount = 0; uCount < IRP_MJ_MAXIMUM_FUNCTION; uCount++)
	{
		pDriverObject->MajorFunction[uCount] = DispatchGeneral;
	}
	pDriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead;
	return ntStatus;
}

#include <ntddk.h>
//DriverB
VOID DriverUnLoad(PDRIVER_OBJECT pDriverObj)
{
	KdPrint(("Driver unload\n"));
}

NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegPath)
{
	KdPrint(("Driver load\n"));
	pDriverObj->DriverUnload = DriverUnLoad;
	HANDLE hDeivce = NULL;
	OBJECT_ATTRIBUTES objAttr = { 0 };
	IO_STATUS_BLOCK ioStack = { 0 };
	NTSTATUS ntStatus = 0;
	UNICODE_STRING uszDeviceName = RTL_CONSTANT_STRING(L"\\Device\\DriverA");
	InitializeObjectAttributes(&objAttr, &uszDeviceName, OBJ_CASE_INSENSITIVE, NULL, NULL);
	ntStatus = ZwCreateFile(&hDeivce, GENERIC_ALL, &objAttr, &ioStack, 0, FILE_ATTRIBUTE_NORMAL, FILE_READ_ACCESS, FILE_OPEN_IF, FILE_SYNCHRONOUS_IO_ALERT, NULL, 0);
	if (!NT_SUCCESS(ntStatus))
	{
		KdPrint(("ZwCreateFile 错误\n"));
		return ntStatus;
	}
	ntStatus = ZwReadFile(hDeivce, NULL, NULL, NULL, &ioStack, NULL, 0, 0, NULL);
	if (!NT_SUCCESS(ntStatus))
	{
		KdPrint(("ZwReadFile 错误\n"));
		ZwClose(hDeivce);
		return ntStatus;
	}
	ZwClose(hDeivce);
	KdPrint(("DriverB\n"));
	return STATUS_SUCCESS;
}

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则 警告:本版块禁止灌水或回复与主题无关内容,违者重罚!


免责声明:
吾爱破解所发布的一切破解补丁、注册机和注册信息及软件的解密分析文章仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。本站信息来自网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。如有侵权请邮件与我们联系处理。

Mail To:Service@52pojie.cn

快速回复 收藏帖子 返回列表 搜索

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-4-29 17:41

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表