应用层加载NT驱动代码

//
// load NT driver
//
BOOL LoadNTDriver(LPTSTR lpszDriverName, LPTSTR lpszDriverPath)
{
 TCHAR  szDriverImagePath[256] = {0};
 
 //
 // get complete driver path
 //
 GetFullPathName(lpszDriverPath, 256, szDriverImagePath, NULL);

 BOOL bRet = FALSE;

 SC_HANDLE hServiceMgr = NULL;  // SCM handle(SCM-->Service Control Manager)
 SC_HANDLE hServiceDDK = NULL;  // NT driver service handle
 
 CComMonitorApp *ptheApp = (CComMonitorApp *)AfxGetApp();

 //
 // open SCM
 //
 hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );

 if( hServiceMgr == NULL ) 
 {
  // OpenSCManager fail
  DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "OpenSCManager() failed");
  bRet = FALSE;
  goto BeforeLeave;
 }
// else
// {
//  // OpenSCManager successfully
//  printf( "OpenSCManager() ok! /n" ); 
// }
 
 //
 // create service for the driver
 //
 hServiceDDK = CreateService( hServiceMgr,
  lpszDriverName, // 驱动程序的在注册表中的名字 
  lpszDriverName, // 注册表驱动程序的DisplayName 值 
  SERVICE_ALL_ACCESS, // 加载驱动程序的访问权限 
  SERVICE_KERNEL_DRIVER,// 表示加载的服务是驱动程序 
  SERVICE_DEMAND_START, // 注册表驱动程序的 Start 值 
  SERVICE_ERROR_IGNORE, // 注册表驱动程序的 ErrorControl 值 
  szDriverImagePath, // 注册表驱动程序的 ImagePath 值 
  NULL, 
  NULL, 
  NULL, 
  NULL, 
  NULL); 
 
 DWORD dwRtn;

 //
 // judge whether service is created.
 //
 if( hServiceDDK == NULL ) 
 { 
  dwRtn = GetLastError();
  if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_EXISTS ) 
  { 
   //
   // an error occurs
   //
   DisplayError( ptheApp->m_pMainWnd->GetSafeHwnd(), "CreateService() failed");
   bRet = FALSE;
   goto BeforeLeave;
  }
  
  //
  // just open the service as the service is already set up.
  //
  hServiceDDK = OpenService( hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS ); 
  if( hServiceDDK == NULL ) 
  {
   //
   // if open the service failed, an error occured.
   //
   DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "OpenService() failed");
   bRet = FALSE;
   goto BeforeLeave;
  } 
 } 
 
 // AdjustServicePrevelidge(hServiceDDK);  // 提权

 //
 // start the service
 //
 bRet = StartService( hServiceDDK, NULL, NULL ); 
 if( !bRet ) 
 { 
  DWORD dwRtn = GetLastError(); 
  if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_ALREADY_RUNNING ) 
  { 
   DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "StartService() failed");
   bRet = FALSE;
   goto BeforeLeave;
  } 
  else 
  { 
   if( dwRtn == ERROR_IO_PENDING ) 
   {
    //
    // device is pending
    //
    bRet = FALSE;
    goto BeforeLeave;
   } 
   else 
   { 
    //
    // service is already running
    //
    bRet = TRUE;
    goto BeforeLeave;
   } 
  } 
 }
 bRet = TRUE;

//
// close all handles before return.
//
BeforeLeave:
 if (hServiceDDK)
 {
  CloseServiceHandle(hServiceDDK);
 }
 if (hServiceMgr)
 {
  CloseServiceHandle(hServiceMgr);
 }

 return bRet;
}

//
// unload a driver
//
BOOL UnloadNTDriver(LPTSTR szSvrName) 
{
 BOOL bRet = TRUE;
 SC_HANDLE hServiceMgr = NULL;  // SCM handle
 SC_HANDLE hServiceDDK = NULL;  // NT driver's service handle
 SERVICE_STATUS SvrSta;
 
 CComMonitorApp *ptheApp = (CComMonitorApp *)AfxGetApp();

 //
 // open SCM---service control manager.
 //
 hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS ); 
 if( hServiceMgr == NULL ) 
 {
  DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "OpenSCManager() failed");
  bRet = FALSE;
  goto BeforeLeave;
 }

 //
 // open the service for the driver.
 //
 hServiceDDK = OpenService( hServiceMgr, szSvrName, SERVICE_ALL_ACCESS ); 

 if( hServiceDDK == NULL ) 
 {
  // open service failed.
  DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "OpenService() failed");

  bRet = FALSE;
  goto BeforeLeave;
 } 
 
 //
 // stop the driver, if failed, restart the system and reload it.
 //
 if( !ControlService(hServiceDDK, SERVICE_CONTROL_STOP, &SvrSta) ) 
 { 
  DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "ControlService() failed");
  bRet = FALSE;
 } 

 // delete the service of the driver, here don't delete the , just stop the service.
// if( !DeleteService(hServiceDDK) ) 
// {
//  DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "DeleteService() failed");
//  bRet = FALSE;
// }

BeforeLeave:
//离开前关闭打开的句柄
 if (hServiceDDK)
 {
  CloseServiceHandle(hServiceDDK);
 }
 if (hServiceMgr)
 {
  CloseServiceHandle(hServiceMgr);
 }
 
 return bRet; 
}

 

 

应该叫“手动加载”驱动程序。驱动程序也属于服务，应用程序可以用CreateService来安装，用StartService来加载；驱动程序可以用ZwLoadDriver来加载另一个驱动程序。

另注：驱动程序安装后，其注册表键中有一个Start键值，该值含义为：
0——系统启动时加载；
1——内核初始化完成后加载；
2——系统启动后加载；
3——手动加载；
4——不加载。