//========================================================================
//TITLE:
// 串口伪驱动实例
//AUTHOR:
// norains
//DATE:
// Monday 23-April-2007
//Environment:
// EVC4.0 + Standard SDK 4.2
// EVC4.0 + Standard SDK 5.0
//========================================================================
所谓的伪驱动,就是不是真正意义上的驱动;而挂着驱动的名号,却又是因为和底层驱动有着千丝万缕的联系.
在此之前,先让我们看看wince的驱动结构:(图1)
而我们的伪驱动是挂接在PDD层之上,MDD层之下,形成一个"通道":(图2)
伪驱动的实现其实很简单,对外实现MDD层的借口,而其内则是通过调用原串口驱动实现其功能.
现在以夏普LH7A404平台为基础编写串口伪驱动,代码如下:
//--------------------------------------------------------------------
//Macro define
//For SHARP LH404
#define COM_DLL_PATH TEXT("\WINDOWS\OEMserial.dll")
//-------------------------------------------------------------------
//Function define
typedef HANDLE (WINAPI *DLL_COM_INIT)(ULONG Identifie);
typedef BOOL (WINAPI *DLL_COM_DEINIT)(void);
typedef HANDLE (WINAPI *DLL_COM_OPEN)(HANDLE pContext,DWORD AccessCode,DWORD ShareMode);
typedef BOOL (WINAPI *DLL_COM_CLOSE)(DWORD pContext);
typedef ULONG (WINAPI *DLL_COM_READ)(HANDLE pContext,PUCHAR pTargetBuffer,ULONG BufferLength,PULONG pBytesRead);
typedef ULONG (WINAPI *DLL_COM_WRITE)(HANDLE COM_Write,PUCHAR pSourceBytes,ULONG NumberOfBytes);
typedef BOOL (WINAPI *DLL_COM_POWERDOWN)(HANDLE pContext);
typedef BOOL (WINAPI *DLL_COM_POWERUP)(HANDLE pContext);
typedef BOOL (WINAPI *DLL_COM_IOCONTROL)(DWORD dwOpenData,DWORD dwCode,PBYTE pBufIn,DWORD dwLenIn,PBYTE pBufOut,DWORD dwLenOut,PDWORD pdwActualOut);
typedef DWORD (WINAPI *DLL_COM_SEEK)(DWORD hOpenContext,long Amount,WORD Type);
DLL_COM_INIT COM_INIT;
DLL_COM_DEINIT COM_DEINIT;
DLL_COM_OPEN COM_OPEN;
DLL_COM_CLOSE COM_CLOSE;
DLL_COM_READ COM_READ;
DLL_COM_WRITE COM_WRITE;
DLL_COM_SEEK COM_SEEK;
DLL_COM_POWERDOWN COM_POWERDOWN;
DLL_COM_POWERUP COM_POWERUP;
DLL_COM_IOCONTROL COM_IOCONTROL;
//-------------------------------------------------------------------
BOOL APIENTRY DllMain( HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
...{
HINSTANCE hInstComDll = LoadLibrary(COM_DLL_PATH);
if(hInstComDll != NULL)
...{
COM_INIT = (DLL_COM_INIT) GetProcAddress(hInstComDll,TEXT("COM_Init"));
COM_DEINIT = (DLL_COM_DEINIT) GetProcAddress(hInstComDll,TEXT("COM_Deinit"));
COM_OPEN = (DLL_COM_OPEN) GetProcAddress(hInstComDll,TEXT("COM_Open"));
COM_CLOSE = (DLL_COM_CLOSE) GetProcAddress(hInstComDll,TEXT("COM_Close"));
COM_READ = (DLL_COM_READ) GetProcAddress(hInstComDll,TEXT("COM_Read"));
COM_WRITE = (DLL_COM_WRITE) GetProcAddress(hInstComDll,TEXT("COM_Write"));
COM_POWERDOWN = (DLL_COM_POWERDOWN) GetProcAddress(hInstComDll,TEXT("COM_PowerDown"));
COM_POWERUP = (DLL_COM_POWERUP) GetProcAddress(hInstComDll,TEXT("COM_PowerUp"));
COM_IOCONTROL = (DLL_COM_IOCONTROL) GetProcAddress(hInstComDll,TEXT("COM_IOControl"));
COM_SEEK = (DLL_COM_SEEK) GetProcAddress(hInstComDll,TEXT("COM_Seek"));
}
else
...{
WRITELOG("DllMain() hInstComDll is NULL");
return FALSE;
}
if(COM_INIT == NULL ||
COM_DEINIT == NULL ||
COM_OPEN == NULL ||
COM_CLOSE == NULL ||
COM_READ == NULL ||
COM_WRITE == NULL ||
COM_SEEK == NULL ||
COM_POWERDOWN == NULL ||
COM_POWERUP == NULL ||
COM_IOCONTROL == NULL)
...{
WRITELOG("Function of DllMain() is NULL");
return FALSE;
}
return TRUE;
}
HANDLE COM_Init(ULONG Identifier)
...{
return COM_INIT(Identifier);
}
BOOL COM_Deinit(void)
...{
return COM_DEINIT();
}
HANDLE COM_Open(HANDLE pContext,DWORD AccessCode,DWORD ShareMode)
...{
return COM_OPEN(pContext,AccessCode,ShareMode);
}
BOOL COM_Close(DWORD pContext)
...{
return COM_CLOSE(pContext);
}
ULONG COM_Read(HANDLE pContext,PUCHAR pTargetBuffer,ULONG BufferLength)
...{
return COM_READ(pContext,pTargetBuffer,BufferLengthd);
}
ULONG COM_Write(HANDLE COM_Write,PUCHAR pSourceBytes,ULONG NumberOfBytes)
...{
return COM_WRITE(COM_Write,pSourceBytes,NumberOfBytes);
}
DWORD COM_Seek(DWORD hOpenContext,long Amount,WORD Type)
...{
return COM_SEEK(hOpenContext,Amount,Type);
}
BOOL COM_PowerDown(HANDLE pContext)
...{
return COM_POWERDOWN(pContext);
}
BOOL COM_PowerUp(HANDLE pContext)
...{
return COM_POWERUP(pContext);
}
BOOL COM_IOControl(DWORD dwOpenData,DWORD dwCode,PBYTE pBufIn,DWORD dwLenIn,PBYTE pBufOut,DWORD dwLenOut,PDWORD pdwActualOut)
...{
return COM_IOCONTROL(dwOpenData,dwCode,pBufIn,dwLenIn,pBufOut,dwLenOut,pdwActualOut);
}
"OEMserial.dll"是原来LH404的驱动,我们这个伪驱动仅仅是在代码中调用该动态链接库实现该实现的功能而已.
如果需要让我们的伪驱动正常运作,在将伪驱动包含进系统之后,还需要更改相关的注册表----将位于[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\series]的"DLL"键值改为我们伪驱动的名字即可.
这伪驱动有什么现实上的意义呢?对于应用层的话,也许不会起到任何作用;但如果是用作分析数据或破解算法的话,有时候确实一个挺方便的方法,毕竟调用驱动的任何数据都会经过我们的这个伪驱动,还有什么不能做的呢?
发表于 @ 2007年04月23日 22:51:00|评论(loading...)|编辑