EXE部分
head.h
- #ifndef CTL_CODE
- #pragma message("\n \n-----------EXE . Include winioctl.h ")
- #include<winioctl.h> //CTL_CODE ntddk.h wdm.h
- #else
- #pragma message("\n \n----------SYS NO Include winioctl.h ")
- #endif
- #define add_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_NEITHER,FILE_ANY_ACCESS)
- #define sub_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_NEITHER,FILE_ANY_ACCESS)
main.cpp
- #include <stdio.h>
- #include <tchar.h>
- #include <windows.h>
- #include "head.h"
- int add (HANDLE hDevice ,int a,int b)
- {
- int port[2]={a,b};
- int bufret=0;
- ULONG dwWrite=0;
- DeviceIoControl(hDevice,add_code,&port,sizeof(port),&bufret,sizeof(bufret),&dwWrite,NULL);
- return bufret;
- }
- int main (void)
- {
- getchar();
- getchar();
- HANDLE hDevice=CreateFile(TEXT("\\\\.\\My_DriverLinkName"),
- GENERIC_READ|GENERIC_WRITE,
- 0,
- NULL,
- OPEN_EXISTING,
- FILE_ATTRIBUTE_NORMAL,
- NULL);
- if (hDevice==INVALID_HANDLE_VALUE)
- {
- printf("打开设备失败\n");
- getchar();
- getchar();
- return 0;
- }
- int k=add(hDevice,11,22);
- printf("%d\n",k);
- getchar();
- getchar();
- return 0;
- }
SYS部分
head.h
- #ifndef CTL_CODE
- #pragma message("\n \n-----------EXE . Include winioctl.h ")
- #include<winioctl.h> //CTL_CODE ntddk.h wdm.h
- #else
- #pragma message("\n \n----------SYS NO Include winioctl.h ")
- #endif
- #define add_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_NEITHER,FILE_ANY_ACCESS)
- #define sub_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_NEITHER,FILE_ANY_ACCESS)
cpp部分
- #include <ntdef.h>
- #include <ntddk.h>
- #include "head.h"
- #ifdef __cplusplus
- extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath);
- #endif
- NTSTATUS ddk_DispatchRoutine_CONTROL(IN PDEVICE_OBJECT pDevobj,IN PIRP pIrp );
- void TestDDK125096Unload(IN PDRIVER_OBJECT DriverObject);
- NTSTATUS CreateMyDevice (IN PDRIVER_OBJECT pDriverObject);
- NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
- {
- DbgPrint("Hello from TestDDK125096!\n");
- DriverObject->DriverUnload = TestDDK125096Unload;
- DriverObject->MajorFunction[IRP_MJ_CREATE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
- DriverObject->MajorFunction[IRP_MJ_CLOSE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
- DriverObject->MajorFunction[IRP_MJ_READ]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
- DriverObject->MajorFunction[IRP_MJ_CLOSE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
- DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
- CreateMyDevice(DriverObject);//创建相应的设备
- return STATUS_SUCCESS;
- }
- void TestDDK125096Unload(IN PDRIVER_OBJECT DriverObject)
- {
- DbgPrint("Goodbye from TestDDK125096!\n");
- PDEVICE_OBJECT pDev;//用来取得要删除设备对象
- UNICODE_STRING symLinkName; //
- pDev=DriverObject->DeviceObject;
- IoDeleteDevice(pDev); //删除设备
- //取符号链接名字
- RtlInitUnicodeString(&symLinkName,L"\\??\\My_DriverLinkName");
- //删除符号链接
- IoDeleteSymbolicLink(&symLinkName);
- KdPrint(("驱动成功被卸载...OK-----------")); //sprintf,printf
- //取得要删除设备对象
- //删掉所有设备
- DbgPrint("卸载成功");
- }
- NTSTATUS ddk_DispatchRoutine_CONTROL(IN PDEVICE_OBJECT pDevobj,IN PIRP pIrp )
- { //
- ULONG info;
- //得到当前栈指针
- PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);
- ULONG mf=stack->MajorFunction;//区分IRP
- switch (mf)
- {
- case IRP_MJ_DEVICE_CONTROL:
- {
- KdPrint(("Enter myDriver_DeviceIOControl\n"));
- NTSTATUS status = STATUS_SUCCESS;
- //得到输入缓冲区大小
- ULONG cbin = stack->Parameters.DeviceIoControl.InputBufferLength;
- //得到输出缓冲区大小
- ULONG cbout = stack->Parameters.DeviceIoControl.OutputBufferLength;
- //得到IOCTL码
- ULONG code = stack->Parameters.DeviceIoControl.IoControlCode;
- switch (code)
- {
- case add_code:
- {
- int a,b;
- KdPrint(("add_code 1111111111111111111\n"));
- int * InputBuffer=(int*)stack->Parameters.DeviceIoControl.Type3InputBuffer;
- __try
- {
- ProbeForRead(InputBuffer,cbin,__alignof(int));//sizeof(XX)
- _asm
- {
- mov eax,InputBuffer
- mov ebx,[eax]
- mov a,ebx
- mov ebx,[eax+4]
- mov b,ebx
- }
- KdPrint(("a=%d,b=%d \n", a,b));
- a=a+b;
- int* OutputBuffer=(int*)pIrp->UserBuffer;
- ProbeForWrite(OutputBuffer,cbout,sizeof(int));
- KdPrint(("OutputBuffer=%x",OutputBuffer));
- _asm
- {
- mov eax,a
- mov ebx,OutputBuffer
- mov [ebx],eax //bufferet=a+b
- }
- KdPrint(("a+b=%d \n",a));
- }
- __except(EXCEPTION_EXECUTE_HANDLER)
- {
- KdPrint(("指定地址不可读 或者 写 \n"));
- }
- //设置实际操作输出缓冲区长度
- info = 4;
- break;
- }
- case sub_code:
- {
- break;
- }
- }//end code switch
- break;
- }
- case IRP_MJ_CREATE:
- {
- break;
- }
- case IRP_MJ_CLOSE:
- {
- break;
- }
- case IRP_MJ_READ:
- {
- break;
- }
- }
- //对相应的IPR进行处理
- pIrp->IoStatus.Information=info;//设置操作的字节数为0,这里无实际意义
- pIrp->IoStatus.Status=STATUS_SUCCESS;//返回成功
- IoCompleteRequest(pIrp,IO_NO_INCREMENT);//指示完成此IRP
- KdPrint(("离开派遣函数\n"));//调试信息
- return STATUS_SUCCESS; //返回成功
- }
- NTSTATUS CreateMyDevice (IN PDRIVER_OBJECT pDriverObject)
- {
- NTSTATUS status;
- PDEVICE_OBJECT pDevObj;/*用来返回创建设备*/
- //创建设备名称
- UNICODE_STRING devName;
- UNICODE_STRING symLinkName; //
- RtlInitUnicodeString(&devName,L"\\Device\\125DDK_Device");/*对devName初始化字串为 "\\Device\\125DDK_Device"*/
- //创建设备
- status = IoCreateDevice( pDriverObject,\
- 0,\
- &devName,\
- FILE_DEVICE_UNKNOWN,\
- 0, TRUE,\
- &pDevObj);
- if (!NT_SUCCESS(status))
- {
- if (status==STATUS_INSUFFICIENT_RESOURCES)
- {
- KdPrint(("资源不足 STATUS_INSUFFICIENT_RESOURCES"));
- }
- if (status==STATUS_OBJECT_NAME_EXISTS )
- {
- KdPrint(("指定对象名存在"));
- }
- if (status==STATUS_OBJECT_NAME_COLLISION)
- {
- KdPrint(("//对象名有冲突"));
- }
- KdPrint(("设备创建失败...++++++++"));
- return status;
- }
- KdPrint(("设备创建成功...++++++++"));
- pDevObj->Flags |= DO_BUFFERED_IO;
- //创建符号链接
- RtlInitUnicodeString(&symLinkName,L"\\??\\My_DriverLinkName");
- status = IoCreateSymbolicLink( &symLinkName,&devName );
- if (!NT_SUCCESS(status)) /*status等于0*/
- {
- IoDeleteDevice( pDevObj );
- return status;
- }
- return STATUS_SUCCESS;
- }