EXE部分
head.h
#ifndef CTL_CODE
#pragma message("\n \n-----------EXE . Include winioctl.h ")
#include<winioctl.h> //CTL_CODE ntddk.h wdm.h
#else
#pragma message("\n \n----------SYS NO Include winioctl.h ")
#endif
#define add_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_IN_DIRECT,FILE_ANY_ACCESS)
#define sub_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_IN_DIRECT,FILE_ANY_ACCESS)
main.cpp
#include <stdio.h>
#include <tchar.h>
#include <windows.h>
#include "head.h"
int add (HANDLE hDevice ,int a,int b)
{
int port[2]={a,b};
int bufret=0;
ULONG dwWrite=0;
DeviceIoControl(hDevice,add_code,&port,sizeof(port),&bufret,sizeof(bufret),&dwWrite,NULL);
return bufret;
}
int main (void)
{
getchar();
getchar();
HANDLE hDevice=CreateFile(TEXT("\\\\.\\My_DriverLinkName"),
GENERIC_READ|GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hDevice==INVALID_HANDLE_VALUE)
{
printf("打开设备失败\n");
getchar();
getchar();
return 0;
}
int k=add(hDevice,11,22);
printf("%d\n",k);
getchar();
getchar();
return 0;
}
SYS部分
head.h
#ifndef CTL_CODE
#pragma message("\n \n-----------EXE . Include winioctl.h ")
#include<winioctl.h> //CTL_CODE ntddk.h wdm.h
#else
#pragma message("\n \n----------SYS NO Include winioctl.h ")
#endif
#define add_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_IN_DIRECT,FILE_ANY_ACCESS)
#define sub_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_IN_DIRECT,FILE_ANY_ACCESS)
cpp
#include <ntdef.h>
#include <ntddk.h>
#include "head.h"
#ifdef __cplusplus
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath);
#endif
NTSTATUS ddk_DispatchRoutine_CONTROL(IN PDEVICE_OBJECT pDevobj,IN PIRP pIrp );
void TestDDK125096Unload(IN PDRIVER_OBJECT DriverObject);
NTSTATUS CreateMyDevice (IN PDRIVER_OBJECT pDriverObject);
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
DbgPrint("Hello from TestDDK125096!\n");
DriverObject->DriverUnload = TestDDK125096Unload;
DriverObject->MajorFunction[IRP_MJ_CREATE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
DriverObject->MajorFunction[IRP_MJ_CLOSE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
DriverObject->MajorFunction[IRP_MJ_READ]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
DriverObject->MajorFunction[IRP_MJ_CLOSE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数
CreateMyDevice(DriverObject);//创建相应的设备
return STATUS_SUCCESS;
}
void TestDDK125096Unload(IN PDRIVER_OBJECT DriverObject)
{
DbgPrint("Goodbye from TestDDK125096!\n");
PDEVICE_OBJECT pDev;//用来取得要删除设备对象
UNICODE_STRING symLinkName; //
pDev=DriverObject->DeviceObject;
IoDeleteDevice(pDev); //删除设备
//取符号链接名字
RtlInitUnicodeString(&symLinkName,L"\\??\\My_DriverLinkName");
//删除符号链接
IoDeleteSymbolicLink(&symLinkName);
KdPrint(("驱动成功被卸载...OK-----------")); //sprintf,printf
//取得要删除设备对象
//删掉所有设备
DbgPrint("卸载成功");
}
NTSTATUS ddk_DispatchRoutine_CONTROL(IN PDEVICE_OBJECT pDevobj,IN PIRP pIrp )
{ //
ULONG info;
//得到当前栈指针
PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);
ULONG mf=stack->MajorFunction;//区分IRP
switch (mf)
{
case IRP_MJ_DEVICE_CONTROL:
{
KdPrint(("Enter myDriver_DeviceIOControl\n"));
NTSTATUS status = STATUS_SUCCESS;
//得到输入缓冲区大小
ULONG cbin = stack->Parameters.DeviceIoControl.InputBufferLength;
//得到输出缓冲区大小
ULONG cbout = stack->Parameters.DeviceIoControl.OutputBufferLength;
//得到IOCTL码
ULONG code = stack->Parameters.DeviceIoControl.IoControlCode;
switch (code)
{
case add_code:
{
int a,b;
KdPrint(("add_code 1111111111111111111\n"));
//缓冲区方式IOCTL
//获取缓冲区数据 a,b
int * InputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer;
_asm
{
mov eax,InputBuffer
mov ebx,[eax]
mov a,ebx
mov ebx,[eax+4]
mov b,ebx
}
KdPrint(("a=%d,b=%d \n", a,b));
a=a+b;
//C、驱动层返回数据至用户层
//操作输出缓冲区
//int* OutputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer;
int OutputBuffer =(int)MmGetSystemAddressForMdlSafe(pIrp->MdlAddress,NormalPagePriority);
_asm
{
mov eax,a
mov ebx,OutputBuffer
mov [ebx],eax //bufferet=a+b
}
KdPrint(("a+b=%d \n",a));
//设置实际操作输出缓冲区长度
info = 4;
break;
}
case sub_code:
{
break;
}
}//end code switch
break;
}
case IRP_MJ_CREATE:
{
break;
}
case IRP_MJ_CLOSE:
{
break;
}
case IRP_MJ_READ:
{
break;
}
}
//对相应的IPR进行处理
pIrp->IoStatus.Information=info;//设置操作的字节数为0,这里无实际意义
pIrp->IoStatus.Status=STATUS_SUCCESS;//返回成功
IoCompleteRequest(pIrp,IO_NO_INCREMENT);//指示完成此IRP
KdPrint(("离开派遣函数\n"));//调试信息
return STATUS_SUCCESS; //返回成功
}
NTSTATUS CreateMyDevice (IN PDRIVER_OBJECT pDriverObject)
{
NTSTATUS status;
PDEVICE_OBJECT pDevObj;/*用来返回创建设备*/
//创建设备名称
UNICODE_STRING devName;
UNICODE_STRING symLinkName; //
RtlInitUnicodeString(&devName,L"\\Device\\125DDK_Device");/*对devName初始化字串为 "\\Device\\125DDK_Device"*/
//创建设备
status = IoCreateDevice( pDriverObject,\
0,\
&devName,\
FILE_DEVICE_UNKNOWN,\
0, TRUE,\
&pDevObj);
if (!NT_SUCCESS(status))
{
if (status==STATUS_INSUFFICIENT_RESOURCES)
{
KdPrint(("资源不足 STATUS_INSUFFICIENT_RESOURCES"));
}
if (status==STATUS_OBJECT_NAME_EXISTS )
{
KdPrint(("指定对象名存在"));
}
if (status==STATUS_OBJECT_NAME_COLLISION)
{
KdPrint(("//对象名有冲突"));
}
KdPrint(("设备创建失败...++++++++"));
return status;
}
KdPrint(("设备创建成功...++++++++"));
pDevObj->Flags |= DO_BUFFERED_IO;
//创建符号链接
RtlInitUnicodeString(&symLinkName,L"\\??\\My_DriverLinkName");
status = IoCreateSymbolicLink( &symLinkName,&devName );
if (!NT_SUCCESS(status)) /*status等于0*/
{
IoDeleteDevice( pDevObj );
return status;
}
return STATUS_SUCCESS;
}