管理博文 win10驱动开发17——驱动交互

最新推荐文章于 2024-01-25 14:53:44 发布
最新推荐文章于 2024-01-25 14:53:44 发布
阅读量622 收藏
点赞数
文章标签: 驱动开发 交互
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_41610493/article/details/121885255
版权

内核驱动 用户空间 直接内存模式 IO控制码 设备控制
关键词由CSDN通过智能技术生成

直接内存模式

参数位置
输入缓冲区Irp->AssociatedIrp.SystemBuffer
输入缓冲区大小stack->Parameters.DeviceIoControl.InputBufferLength
输出缓冲区Irp->AssociatedIrp.SystemBuffer
输出缓冲区大小stack->Parameters.DeviceIoControl.OutputBufferLength
IO控制码stack->Parameters.DeviceIoControl.IoControlCode

内核层

#include <ntddk.h>   
#include <windef.h>
#define  CTLBUFFERED CTL_CODE(FILE_DEVICE_UNKNOWN,0x800,METHOD_BUFFERED,FILE_ANY_ACCESS)
typedef struct _DEVICE_EXTENSION
{
	PCHAR Buffer;//内存首地址
	ULONG Length;//文件长度
#define MAX_FILE_LEN 4096
}DEVICE_EXTENSION, *PDEVICE_EXTENSION;

VOID Unload(IN PDRIVER_OBJECT pDriverObject)
{
	UNICODE_STRING SymbolicLinkName = RTL_CONSTANT_STRING(L"\\??\\HelloDDK");
	IoDeleteSymbolicLink(&SymbolicLinkName);//删除连接
	IoDeleteDevice(pDriverObject->DeviceObject);//释放驱动对象
	//驱动卸载的时候显示
	KdPrint(("Goodbye driver\n"));
}


NTSTATUS DispatchRoutine(IN PDEVICE_OBJECT deviceObject, IN PIRP Irp)
{
	static char* irpname[] = {
		"IRP_MJ_CREATE                  ",
		"IRP_MJ_CREATE_NAMED_PIPE       ",
		"IRP_MJ_CLOSE                   ",
		"IRP_MJ_READ                    ",
		"IRP_MJ_WRITE                   ",
		"IRP_MJ_QUERY_INFORMATION       ",
		"IRP_MJ_SET_INFORMATION         ",
		"IRP_MJ_QUERY_EA                ",
		"IRP_MJ_SET_EA                  ",
		"IRP_MJ_FLUSH_BUFFERS           ",
		"IRP_MJ_QUERY_VOLUME_INFORMATION",
		"IRP_MJ_SET_VOLUME_INFORMATION  ",
		"IRP_MJ_DIRECTORY_CONTROL       ",
		"IRP_MJ_FILE_SYSTEM_CONTROL     ",
		"IRP_MJ_DEVICE_CONTROL          ",
		"IRP_MJ_INTERNAL_DEVICE_CONTROL ",
		"IRP_MJ_SHUTDOWN                ",
		"IRP_MJ_LOCK_CONTROL            ",
		"IRP_MJ_CLEANUP                 ",
		"IRP_MJ_CREATE_MAILSLOT         ",
		"IRP_MJ_QUERY_SECURITY          ",
		"IRP_MJ_SET_SECURITY            ",
		"IRP_MJ_POWER                   ",
		"IRP_MJ_SYSTEM_CONTROL          ",
		"IRP_MJ_DEVICE_CHANGE           ",
		"IRP_MJ_QUERY_QUOTA             ",
		"IRP_MJ_SET_QUOTA               ",
		"IRP_MJ_PNP                     ",
		"IRP_MJ_PNP_POWER               ",
		"IRP_MJ_MAXIMUM_FUNCTION        "
	};

	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);//获取当前栈单元
	KdPrint(("%s\n", irpname[stack->MajorFunction]));
	Irp->IoStatus.Information = 0;
	Irp->IoStatus.Status = STATUS_SUCCESS;//设置返回状态,告诉操作是成功还是失败
	IoCompleteRequest(Irp, IO_NO_INCREMENT);//是不改变
	return STATUS_SUCCESS;
};
//其他方式读取
NTSTATUS NeitherRead(IN PDEVICE_OBJECT deviceObject, IN PIRP Irp)
{
	NTSTATUS status = STATUS_SUCCESS;
	ULONG Length;
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);
	__try
	{
		ProbeForWrite(Irp->UserBuffer, stack->Parameters.Read.Length, 4);
		Length = strlen("这是一段来自内核地址空间的数据");
		RtlCopyMemory(Irp->UserBuffer, "这是一段来自内核地址空间的数据", Length);
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		status = GetExceptionCode();
		Length = 0;
	}

	Irp->IoStatus.Status = status;//设置返回状态,告诉操作是成功还是失败
	Irp->IoStatus.Information = 0;
	IoCompleteRequest(Irp, IO_NO_INCREMENT);//是不改变
	return status;
}
//mdl直接方式读取
NTSTATUS DirectRead(IN PDEVICE_OBJECT deviceObject, IN PIRP Irp)
{
	KdPrint(("进入DirectRead:\n"));
	NTSTATUS status = STATUS_SUCCESS;
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);
	PCHAR Buffer;
	ULONG ByteOffset;
	ULONG ByteCount;
	ULONG Length;
	PVOID Va;
	__try
	{
		ByteOffset = MmGetMdlByteCount(Irp->MdlAddress);
		ByteCount = MmGetMdlByteCount(Irp->MdlAddress);
		Va = MmGetMdlVirtualAddress(Irp->MdlAddress);
		KdPrint(("ByteOffset:%d\n", ByteOffset));
		KdPrint(("ByteCount:%d\n", ByteCount));
		KdPrint(("用户空间地址:%p\n", Va));
		Buffer = (PCHAR)MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority);
		if (stack->Parameters.Read.Length <= ByteCount)
		{
			Length = strlen("这是一段来自内核地址空间的数据");
			RtlCopyMemory(Buffer, "这是一段来自内核地址空间的数据", Length);
		}
		else 
		{
			status = STATUS_UNSUCCESSFUL;
			Length = 0;
		}
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		status = GetExceptionCode();
		Length = 0;
	}

	Irp->IoStatus.Status = status;//设置返回状态,告诉操作是成功还是失败
	Irp->IoStatus.Information = 0;
	IoCompleteRequest(Irp, IO_NO_INCREMENT);//是不改变
	return status;
}

//首先不能超过内存块,在内存卡之内我写的文件长度,超过文件长度就需要更新文件长度,不超过文件长度保持不变
NTSTATUS DispatchWrite(IN PDEVICE_OBJECT deviceObject, IN PIRP Irp)
{
	NTSTATUS status = STATUS_SUCCESS;
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);//获取当前栈单元
	PDEVICE_EXTENSION pdx = (PDEVICE_EXTENSION)deviceObject->DeviceExtension;
	ULONG Length;
	ULONG offset;
	ULONG WriteLenth;//写出的实际长度
	KdPrint(("写操作\n"));
	__try
	{
		Length = stack->Parameters.Write.Length;
		offset = stack->Parameters.Write.ByteOffset.LowPart;
		if (Length + offset <= MAX_FILE_LEN)
		{
			if (Length + offset > pdx->Length)
			{
				//更新文件长度
				pdx->Length = Length + offset;
			}
			RtlCopyMemory(pdx->Buffer + offset, Irp->AssociatedIrp.SystemBuffer, Length);
			WriteLenth = Length;
		}
		else
		{
			status = STATUS_BUFFER_TOO_SMALL;//缓冲区太小的错误
			WriteLenth = 0;
		}
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		status = GetExceptionCode();
		WriteLenth = 0;
	}
	Irp->IoStatus.Status = status;
	Irp->IoStatus.Information = WriteLenth;
	IoCompleteRequest(Irp, IO_NO_INCREMENT);//是不改变
	return status;
}

NTSTATUS DispatchQueryInfo(IN PDEVICE_OBJECT deviceObject, IN PIRP Irp)
{
	NTSTATUS status;
	PDEVICE_EXTENSION pdx = (PDEVICE_EXTENSION)deviceObject->DeviceExtension;
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);//获取当前栈单元
	ULONG Length;
	KdPrint(("查操作\n"));
	__try
	{
		Length = stack->Parameters.QueryFile.Length;
		if (stack->Parameters.QueryFile.FileInformationClass == FileStandardInformation &&
			Length >= sizeof(FILE_STANDARD_INFORMATION)
			)
		{
			PFILE_STANDARD_INFORMATION  pfsi = (PFILE_STANDARD_INFORMATION)Irp->AssociatedIrp.SystemBuffer;
			pfsi->EndOfFile.LowPart = pdx->Length;
			status = STATUS_SUCCESS;
			Length = sizeof(FILE_STANDARD_INFORMATION);
		}
		else
		{
			status = STATUS_BUFFER_TOO_SMALL;
			Length = 0;
		}
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		status = GetExceptionCode();
		Length = 0;
	}
	Irp->IoStatus.Status = status;
	Irp->IoStatus.Information = Length;
	IoCompleteRequest(Irp, IO_NO_INCREMENT);//是不改变
	return status;
}

NTSTATUS DispatchControl(IN PDEVICE_OBJECT deviceObject, IN PIRP Irp)
{
	NTSTATUS status = STATUS_SUCCESS;
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);//获取当前栈单元
	ULONG IoCode = stack->Parameters.DeviceIoControl.IoControlCode;
	ULONG InputLength;
	ULONG OutputLength;
	PVOID InputBuffer;
	PVOID OutputBuffer;
	ULONG Length;
	switch (IoCode)
	{
	case CTLBUFFERED:
		InputBuffer = Irp->AssociatedIrp.SystemBuffer;
		InputLength = stack->Parameters.DeviceIoControl.InputBufferLength;
		OutputBuffer = Irp->AssociatedIrp.SystemBuffer;
		OutputLength = stack->Parameters.DeviceIoControl.OutputBufferLength;
		KdPrint(("InputBuffer:%s\n", InputBuffer));
		KdPrint(("InputLength:%d\n", InputLength));
		RtlCopyMemory(OutputBuffer, "这是缓冲区io方式", strlen("这是缓冲区io方式"));
		Length = strlen("这是缓冲区io方式");
		KdPrint(("OutputBuffer:%s\n", OutputBuffer));
		KdPrint(("OutputLength:%d\n", OutputLength));
		break;
	default:
		break;
	}
	Irp->IoStatus.Status = status;
	Irp->IoStatus.Information = Length;
	IoCompleteRequest(Irp, IO_NO_INCREMENT);//是不改变
	return status;
}
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
	UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(L"\\Device\\HelloDDK");
	UNICODE_STRING SymbolicLinkName = RTL_CONSTANT_STRING(L"\\??\\HelloDDK");
	NTSTATUS status;
	PDEVICE_OBJECT DeviceObject;
	PDEVICE_EXTENSION pdx;
	ULONG i = 0;
	KdPrint(("Hello driver\n"));
	DriverObject->DriverUnload = Unload;
	for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION + 1; i++)
	{
		DriverObject->MajorFunction[i] = DispatchRoutine;
	}
	//读操作
	DriverObject->MajorFunction[IRP_MJ_READ] = NeitherRead;
	//写操作
	//DriverObject->MajorFunction[IRP_MJ_WRITE] = DispatchWrite;
	//查操作
	DriverObject->MajorFunction[IRP_MJ_QUERY_INFORMATION] = DispatchQueryInfo;
	DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchControl;
	//让设备对象知道驱动的位置
	status = IoCreateDevice(DriverObject, sizeof(DEVICE_EXTENSION), &DeviceName, FILE_DEVICE_UNKNOWN, 0, FALSE, &DeviceObject);
	if (!NT_SUCCESS(status))
	{
		KdPrint(("创建设备失败%x\n", status));
		return status;
	}
	status = IoCreateSymbolicLink(&SymbolicLinkName, &DeviceName);
	if (!NT_SUCCESS(status))
	{
		KdPrint(("符号连接创建失败%x\n", status));
		IoDeleteDevice(DeviceObject);
		return status;
	}
	DeviceObject->Flags |= 0;//0表示其他方式读取 配合NeitherRead方法使用  //DO_BUFFERED_IO 配合DirectRead方法使用
	DeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
	pdx = (PDEVICE_EXTENSION)DeviceObject->DeviceExtension;
	pdx->Buffer = (PCHAR)ExAllocatePoolWithTag(PagedPool, 4096, 'a');
	pdx->Length = 0;
	return STATUS_SUCCESS;
}

应用层

#include <windows.h>
#include <stdio.h>
#include <winioctl.h>

#define IOTEST CTL_CODE(FILE_DEVICE_UNKNOWN,0X800,METHOD_BUFFERED,FILE_ANY_ACCESS)
#define  CTLBUFFERED CTL_CODE(FILE_DEVICE_UNKNOWN,0x800,METHOD_BUFFERED,FILE_ANY_ACCESS)
int main()
{
	HANDLE hDevice = CreateFile(TEXT("\\\\.\\HelloDDK"),
		GENERIC_ALL,
		FILE_SHARE_READ | FILE_SHARE_WRITE,
		NULL,
		OPEN_EXISTING,
		FILE_ATTRIBUTE_NORMAL,
		NULL
	);
	if (hDevice == INVALID_HANDLE_VALUE)
	{
		printf("设备打开失败%d\n", GetLastError());
		return -1;
	}
	DWORD dwRet;
	CHAR Buffer[1024] = { 0 };
	WriteFile(hDevice, "这是一段来自用户层的数据", strlen("这是一段来自用户层的数据"), &dwRet, NULL);
	printf("驱动提供的地址:%p\n", Buffer);
	ReadFile(hDevice, Buffer, sizeof(Buffer), &dwRet, NULL);
	printf("读回来的数据%s\n", Buffer);
	printf("读取数据的个数%d\n", dwRet);
	DWORD dwSize = GetFileSize(hDevice, NULL);
	printf("文件长度%d\n", dwSize);
	char IoBuffer[1024] = { 0 };
	//+1 不至于输出乱码的情况
	DeviceIoControl(hDevice, CTLBUFFERED, (LPVOID)"这是缓冲区方式", strlen("这是缓冲区方式")+1, IoBuffer, sizeof(IoBuffer), &dwRet, NULL);
	printf("%s\n",IoBuffer);
	CloseHandle(hDevice);
	return 0;
}

在这里插入图片描述

其他内存模式

参数位置
输入缓冲区stack->Parameters.DeviceIoControl.Type3InputBuffer
输入缓冲区大小stack->Parameters.DeviceIoControl.InputBufferLength
输出缓冲区Irp->UserBuffer
输出缓冲区大小stack->Parameters.DeviceIoControl.OutputBufferLength
IO控制码stack->Parameters.DeviceIoControl.IoControlCode

内核层

#include <ntddk.h>   
#include <windef.h>
#define  CTLBUFFERED CTL_CODE(FILE_DEVICE_UNKNOWN,0x800,METHOD_BUFFERED,FILE_ANY_ACCESS)
// METHOD_IN_DIRECT              只能输入
// METHOD_OUT_DIRECT             能输入也能输出
#define  CTLDIRECT   CTL_CODE(FILE_DEVICE_UNKNOWN,0x801,METHOD_OUT_DIRECT,FILE_ANY_ACCESS)
#define  CTLNEITHER   CTL_CODE(FILE_DEVICE_UNKNOWN,0x802,METHOD_NEITHER,FILE_ANY_ACCESS)
typedef struct _DEVICE_EXTENSION
{
	PCHAR Buffer;//内存首地址
	ULONG Length;//文件长度
#define MAX_FILE_LEN 4096
}DEVICE_EXTENSION, *PDEVICE_EXTENSION;

VOID Unload(IN PDRIVER_OBJECT pDriverObject)
{
	UNICODE_STRING SymbolicLinkName = RTL_CONSTANT_STRING(L"\\??\\HelloDDK");
	IoDeleteSymbolicLink(&SymbolicLinkName);//删除连接
	IoDeleteDevice(pDriverObject->DeviceObject);//释放驱动对象
	//驱动卸载的时候显示
	KdPrint(("Goodbye driver\n"));
}


NTSTATUS DispatchRoutine(IN PDEVICE_OBJECT deviceObject, IN PIRP Irp)
{
	static char* irpname[] = {
		"IRP_MJ_CREATE                  ",
		"IRP_MJ_CREATE_NAMED_PIPE       ",
		"IRP_MJ_CLOSE                   ",
		"IRP_MJ_READ                    ",
		"IRP_MJ_WRITE                   ",
		"IRP_MJ_QUERY_INFORMATION       ",
		"IRP_MJ_SET_INFORMATION         ",
		"IRP_MJ_QUERY_EA                ",
		"IRP_MJ_SET_EA                  ",
		"IRP_MJ_FLUSH_BUFFERS           ",
		"IRP_MJ_QUERY_VOLUME_INFORMATION",
		"IRP_MJ_SET_VOLUME_INFORMATION  ",
		"IRP_MJ_DIRECTORY_CONTROL       ",
		"IRP_MJ_FILE_SYSTEM_CONTROL     ",
		"IRP_MJ_DEVICE_CONTROL          ",
		"IRP_MJ_INTERNAL_DEVICE_CONTROL ",
		"IRP_MJ_SHUTDOWN                ",
		"IRP_MJ_LOCK_CONTROL            ",
		"IRP_MJ_CLEANUP                 ",
		"IRP_MJ_CREATE_MAILSLOT         ",
		"IRP_MJ_QUERY_SECURITY          ",
		"IRP_MJ_SET_SECURITY            ",
		"IRP_MJ_POWER                   ",
		"IRP_MJ_SYSTEM_CONTROL          ",
		"IRP_MJ_DEVICE_CHANGE           ",
		"IRP_MJ_QUERY_QUOTA             ",
		"IRP_MJ_SET_QUOTA               ",
		"IRP_MJ_PNP                     ",
		"IRP_MJ_PNP_POWER               ",
		"IRP_MJ_MAXIMUM_FUNCTION        "
	};

	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);//获取当前栈单元
	KdPrint(("%s\n", irpname[stack->MajorFunction]));
	Irp->IoStatus.Information = 0;
	Irp->IoStatus.Status = STATUS_SUCCESS;//设置返回状态,告诉操作是成功还是失败
	IoCompleteRequest(Irp, IO_NO_INCREMENT);//是不改变
	return STATUS_SUCCESS;
};
//其他方式读取
NTSTATUS NeitherRead(IN PDEVICE_OBJECT deviceObject, IN PIRP Irp)
{
	NTSTATUS status = STATUS_SUCCESS;
	ULONG Length;
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);
	__try
	{
		ProbeForWrite(Irp->UserBuffer, stack->Parameters.Read.Length, 4);
		Length = strlen("这是一段来自内核地址空间的数据");
		RtlCopyMemory(Irp->UserBuffer, "这是一段来自内核地址空间的数据", Length);
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		status = GetExceptionCode();
		Length = 0;
	}

	Irp->IoStatus.Status = status;//设置返回状态,告诉操作是成功还是失败
	Irp->IoStatus.Information = 0;
	IoCompleteRequest(Irp, IO_NO_INCREMENT);//是不改变
	return status;
}
//mdl直接方式读取
NTSTATUS DirectRead(IN PDEVICE_OBJECT deviceObject, IN PIRP Irp)
{
	KdPrint(("进入DirectRead:\n"));
	NTSTATUS status = STATUS_SUCCESS;
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);
	PCHAR Buffer;
	ULONG ByteOffset;
	ULONG ByteCount;
	ULONG Length;
	PVOID Va;
	__try
	{
		ByteOffset = MmGetMdlByteCount(Irp->MdlAddress);
		ByteCount = MmGetMdlByteCount(Irp->MdlAddress);
		Va = MmGetMdlVirtualAddress(Irp->MdlAddress);
		KdPrint(("ByteOffset:%d\n", ByteOffset));
		KdPrint(("ByteCount:%d\n", ByteCount));
		KdPrint(("用户空间地址:%p\n", Va));
		Buffer = (PCHAR)MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority);
		if (stack->Parameters.Read.Length <= ByteCount)
		{
			Length = strlen("这是一段来自内核地址空间的数据");
			RtlCopyMemory(Buffer, "这是一段来自内核地址空间的数据", Length);
		}
		else
		{
			status = STATUS_UNSUCCESSFUL;
			Length = 0;
		}
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		status = GetExceptionCode();
		Length = 0;
	}

	Irp->IoStatus.Status = status;//设置返回状态,告诉操作是成功还是失败
	Irp->IoStatus.Information = 0;
	IoCompleteRequest(Irp, IO_NO_INCREMENT);//是不改变
	return status;
}

//首先不能超过内存块,在内存卡之内我写的文件长度,超过文件长度就需要更新文件长度,不超过文件长度保持不变
NTSTATUS DispatchWrite(IN PDEVICE_OBJECT deviceObject, IN PIRP Irp)
{
	NTSTATUS status = STATUS_SUCCESS;
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);//获取当前栈单元
	PDEVICE_EXTENSION pdx = (PDEVICE_EXTENSION)deviceObject->DeviceExtension;
	ULONG Length;
	ULONG offset;
	ULONG WriteLenth;//写出的实际长度
	KdPrint(("写操作\n"));
	__try
	{
		Length = stack->Parameters.Write.Length;
		offset = stack->Parameters.Write.ByteOffset.LowPart;
		if (Length + offset <= MAX_FILE_LEN)
		{
			if (Length + offset > pdx->Length)
			{
				//更新文件长度
				pdx->Length = Length + offset;
			}
			RtlCopyMemory(pdx->Buffer + offset, Irp->AssociatedIrp.SystemBuffer, Length);
			WriteLenth = Length;
		}
		else
		{
			status = STATUS_BUFFER_TOO_SMALL;//缓冲区太小的错误
			WriteLenth = 0;
		}
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		status = GetExceptionCode();
		WriteLenth = 0;
	}
	Irp->IoStatus.Status = status;
	Irp->IoStatus.Information = WriteLenth;
	IoCompleteRequest(Irp, IO_NO_INCREMENT);//是不改变
	return status;
}

NTSTATUS DispatchQueryInfo(IN PDEVICE_OBJECT deviceObject, IN PIRP Irp)
{
	NTSTATUS status;
	PDEVICE_EXTENSION pdx = (PDEVICE_EXTENSION)deviceObject->DeviceExtension;
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);//获取当前栈单元
	ULONG Length;
	KdPrint(("查操作\n"));
	__try
	{
		Length = stack->Parameters.QueryFile.Length;
		if (stack->Parameters.QueryFile.FileInformationClass == FileStandardInformation &&
			Length >= sizeof(FILE_STANDARD_INFORMATION)
			)
		{
			PFILE_STANDARD_INFORMATION  pfsi = (PFILE_STANDARD_INFORMATION)Irp->AssociatedIrp.SystemBuffer;
			pfsi->EndOfFile.LowPart = pdx->Length;
			status = STATUS_SUCCESS;
			Length = sizeof(FILE_STANDARD_INFORMATION);
		}
		else
		{
			status = STATUS_BUFFER_TOO_SMALL;
			Length = 0;
		}
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		status = GetExceptionCode();
		Length = 0;
	}
	Irp->IoStatus.Status = status;
	Irp->IoStatus.Information = Length;
	IoCompleteRequest(Irp, IO_NO_INCREMENT);//是不改变
	return status;
}

NTSTATUS DispatchControl(IN PDEVICE_OBJECT deviceObject, IN PIRP Irp)
{
	NTSTATUS status = STATUS_SUCCESS;
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);//获取当前栈单元
	ULONG IoCode = stack->Parameters.DeviceIoControl.IoControlCode;
	ULONG InputLength;
	ULONG OutputLength;
	PVOID InputBuffer;
	PVOID OutputBuffer;
	ULONG Length;
	__try
	{
		switch (IoCode)
		{
		case CTLBUFFERED:
			InputBuffer = Irp->AssociatedIrp.SystemBuffer;
			InputLength = stack->Parameters.DeviceIoControl.InputBufferLength;
			OutputBuffer = Irp->AssociatedIrp.SystemBuffer;
			OutputLength = stack->Parameters.DeviceIoControl.OutputBufferLength;
			KdPrint(("InputBuffer:%s\n", InputBuffer));
			KdPrint(("InputLength:%d\n", InputLength));
			RtlCopyMemory(OutputBuffer, "这是缓冲区io方式", strlen("这是缓冲区io方式"));
			Length = strlen("这是缓冲区io方式");
			break;

		case CTLDIRECT:
			InputBuffer = Irp->AssociatedIrp.SystemBuffer;
			InputLength = stack->Parameters.DeviceIoControl.InputBufferLength;
			OutputBuffer = MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority);
			OutputLength = stack->Parameters.DeviceIoControl.OutputBufferLength;
			KdPrint(("InputBuffer:%s\n", InputBuffer));
			KdPrint(("InputLength:%d\n", InputLength));
			RtlCopyMemory(OutputBuffer, "直接方式io控制操作", strlen("直接方式io控制操作"));
			Length = strlen("直接方式io控制操作");
			break;
		case CTLNEITHER:
			InputBuffer = stack->Parameters.DeviceIoControl.Type3InputBuffer;
			InputLength = stack->Parameters.DeviceIoControl.InputBufferLength;
			OutputBuffer = Irp->UserBuffer;
			OutputLength = stack->Parameters.DeviceIoControl.OutputBufferLength;
			KdPrint(("InputBuffer:%s\n", InputBuffer));
			KdPrint(("InputLength:%d\n", InputLength));
			RtlCopyMemory(OutputBuffer, "其他方式io控制操作", strlen("其他方式io控制操作"));
			Length = strlen("其他方式io控制操作");
			break;
		default:
			break;
		}
	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		status = GetExceptionCode();
		Length = 0;
	}

	Irp->IoStatus.Status = status;
	Irp->IoStatus.Information = Length;
	IoCompleteRequest(Irp, IO_NO_INCREMENT);//是不改变
	return status;
}
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
	UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(L"\\Device\\HelloDDK");
	UNICODE_STRING SymbolicLinkName = RTL_CONSTANT_STRING(L"\\??\\HelloDDK");
	NTSTATUS status;
	PDEVICE_OBJECT DeviceObject;
	PDEVICE_EXTENSION pdx;
	ULONG i = 0;
	KdPrint(("Hello driver\n"));
	DriverObject->DriverUnload = Unload;
	for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION + 1; i++)
	{
		DriverObject->MajorFunction[i] = DispatchRoutine;
	}
	//读操作
	DriverObject->MajorFunction[IRP_MJ_READ] = NeitherRead;
	//写操作
	//DriverObject->MajorFunction[IRP_MJ_WRITE] = DispatchWrite;
	//查操作
	DriverObject->MajorFunction[IRP_MJ_QUERY_INFORMATION] = DispatchQueryInfo;
	DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchControl;
	//让设备对象知道驱动的位置
	status = IoCreateDevice(DriverObject, sizeof(DEVICE_EXTENSION), &DeviceName, FILE_DEVICE_UNKNOWN, 0, FALSE, &DeviceObject);
	if (!NT_SUCCESS(status))
	{
		KdPrint(("创建设备失败%x\n", status));
		return status;
	}
	status = IoCreateSymbolicLink(&SymbolicLinkName, &DeviceName);
	if (!NT_SUCCESS(status))
	{
		KdPrint(("符号连接创建失败%x\n", status));
		IoDeleteDevice(DeviceObject);
		return status;
	}
	DeviceObject->Flags |= 0;//0表示其他方式读取 配合NeitherRead方法使用
	DeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
	pdx = (PDEVICE_EXTENSION)DeviceObject->DeviceExtension;
	pdx->Buffer = (PCHAR)ExAllocatePoolWithTag(PagedPool, 4096, 'a');
	pdx->Length = 0;
	return STATUS_SUCCESS;
}

应用层

#include <windows.h>
#include <stdio.h>
#include <winioctl.h>

#define  IOTEST       CTL_CODE(FILE_DEVICE_UNKNOWN,0X800,METHOD_BUFFERED,FILE_ANY_ACCESS)
#define  CTLBUFFERED  CTL_CODE(FILE_DEVICE_UNKNOWN,0x800,METHOD_BUFFERED,FILE_ANY_ACCESS)
// METHOD_IN_DIRECT              只能输入
// METHOD_OUT_DIRECT             能输入也能输出
#define  CTLDIRECT   CTL_CODE(FILE_DEVICE_UNKNOWN,0x801,METHOD_OUT_DIRECT,FILE_ANY_ACCESS)
#define  CTLNEITHER   CTL_CODE(FILE_DEVICE_UNKNOWN,0x802,METHOD_NEITHER,FILE_ANY_ACCESS)
int main()
{
	HANDLE hDevice = CreateFile(TEXT("\\\\.\\HelloDDK"),
		GENERIC_ALL,
		FILE_SHARE_READ | FILE_SHARE_WRITE,
		NULL,
		OPEN_EXISTING,
		FILE_ATTRIBUTE_NORMAL,
		NULL
	);
	if (hDevice == INVALID_HANDLE_VALUE)
	{
		printf("设备打开失败%d\n", GetLastError());
		return -1;
	}
	DWORD dwRet;
	CHAR Buffer[1024] = { 0 };
	WriteFile(hDevice, "这是一段来自用户层的数据", strlen("这是一段来自用户层的数据"), &dwRet, NULL);
	printf("驱动提供的地址:%p\n", Buffer);
	ReadFile(hDevice, Buffer, sizeof(Buffer), &dwRet, NULL);
	printf("读回来的数据%s\n", Buffer);
	printf("读取数据的个数%d\n", dwRet);
	DWORD dwSize = GetFileSize(hDevice, NULL);
	printf("文件长度%d\n", dwSize);
	char IoBuffer[1024] = { 0 };
	//+1 不至于输出乱码的情况
	DeviceIoControl(hDevice, CTLBUFFERED, (LPVOID)"这是缓冲区方式", strlen("这是缓冲区方式")+1, IoBuffer, sizeof(IoBuffer), &dwRet, NULL);
	printf("%s\n", IoBuffer);
	RtlZeroMemory(IoBuffer,sizeof(Buffer));
	DeviceIoControl(hDevice, CTLDIRECT, (LPVOID)"这是直接方式", strlen("这是直接方式")+1, IoBuffer, sizeof(IoBuffer), &dwRet, NULL);
	printf("%s\n", IoBuffer);
	RtlZeroMemory(IoBuffer, sizeof(Buffer));
	DeviceIoControl(hDevice, CTLNEITHER, (LPVOID)"这是其他方式", strlen("这是其他方式")+1, IoBuffer, sizeof(IoBuffer), &dwRet, NULL);
	printf("%s\n", IoBuffer);
	RtlZeroMemory(IoBuffer, sizeof(Buffer));
	CloseHandle(hDevice);
	return 0;
}

在这里插入图片描述

华阙之梦
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Windows 10驱动开发入门(一):环境搭建
haleycat的博客
06-13 6285
windows 10 驱动开发入门,环境的搭建。
windows 驱动与内核调试 学习4
不会写代码的丝丽
11-05 185
参数,这个参数决定输出输入缓存流如何定于,一个常规的创建驱动设备代码。这个参数同时也要受限与。我们举例如下控制码生命。
驱动和应用数据交互四种方式
nihaoma95278的博客
01-02 628
如果条件不满足,poll机制会使应用程序休眠指定时间,休眠时间内条件满足则唤醒进程。如果条件一直不满足,达到指定超时时间后,进程自动唤醒再次判断条件是否满足。:这是一种非阻塞的方式,应用程序通过查询方式与底层驱动交互。如果应用层不断调用read函数,CPU占用较高,是一种耗费资源的方式。:应用程序注册信号处理函数,驱动程序在特定事件发生时发送信号给应用程序。:当条件不满足时,应用程序会休眠,等待条件满足时被唤醒。这种方式可能会导致应用程序一直休眠下去,如果条件一直不满足。
win10驱动开发
momodeconger的博客
04-13 2546
整体开发环境 win10 开发机 vmware 上的 win10 调试机 开发机环境 windows sdk: 版本 10.0.16299.0 wdk 版本10.0.16299.15 vs2017 vmware 16.2 测试机 windows sdk: 版本 10.0.16299.0 driver monitor 工具 驱动签名的问题 修改bootload参数,让系统进入测试模式 管理员模式打开命令行,执行: bcdedit-set loadoptions DDISABLE_INTE
【driver】Win10 驱动开发环境配置及应用
dr0op's blog
05-09 1431
安装VS 安装visual studio 这里安装的是vs 2017 community 查看已经安装的SDK版本。 安装WDK 然后安装wdk: 在链接,找到 https://docs.microsoft.com/zh-cn/windows-hardware/drivers/other-wdk-downloads 这里需要下载安装的wdk版本与sdk版本一致。 可以尝试下载之后查看属性,从而判断wdk是哪个版本的。 然后安装: 安装时候会下载对应的文件到指定文件夹。并且在指定文件夹下继续生成wd
CH340(USB TO TTL串口驱动Win11可用)(0积分下载,如果后续还需要积分下载,请直接私信我!重新发)
11-13
1、CH340(USB TO TTL串口驱动Win11可用) 2、0积分(免费下载) 3、动态积分已设置为不允许!绝不允许多薅大家一根羊毛! 4、双击安装后建议关闭系统驱动自动更新,如果串口调试助手还有问题...请卸载驱动后重新...
PL2303(绿联USB转串口驱动Win11可用)(0积分下载,如果后续还需要积分下载,请直接私信我!重新发)
11-13
1、PL2303(绿联USB转串口驱动Win11可用) 2、0积分(免费下载) 3、动态积分已设置为不允许!绝不允许多薅大家一根羊毛! 4、双击安装后建议关闭系统驱动自动更新,如果串口调试助手还有问题...请卸载驱动后重新...
spi转四路串口驱动,基于nuc977修改
07-18
目前这几款芯片使用的都是相同的 linux 驱动。 WK 系列扩展的子通道的 UART 具备如下功能特点: 1. 每个子通道 UART 的波特率、字长、校验格式可以独立设置,最高可以提供2Mbps 的通信速率。 2. 每个子通道具备收/...
Linux设备驱动程序+字符驱动sample程序
11-12
这个文件是博文:Linux设备驱动 (虚拟 字符设备驱动编写)【demo】的附件;这里展示了如何去编写一个字符设备驱动,以及创建设备节点,对于只知道理论但还不清楚如何编写可运行驱动的人来说,有一个小的提示作用。...
开发随笔——Spring事务管理 第一部分
03-05
spring + hibernate 事务管理demo工程源码(无jar包) 博文链接:https://momoko8443.iteye.com/blog/190995
Win10x64-WDM设备驱动开发入门 - 第六章 VMware-Win10x64+WDK10+VS2015/2019环境搭建与双机调试
最新发布
shune_yin的博客
01-25 467
Win10x64-WDM设备驱动开发入门 - 第六章 VMware-Win10x64+WDK10+VS2015/2019环境搭建与双机调试_vs2015 wdk 驱动调试-CSDN博客
Windows 驱动开发环境搭建
跑不了的你的博客
06-28 3343
本章内容简单介绍了关于 Windows 驱动开发环境的相关知识,并基于 Windows 10 22H2 的操作系统版本进行了 Windows 驱动开发环境的部署验证。要完成 Windows 驱动开发环境需要根据自己开发的目标操作系统版本选择对应的 Visual Studio 版本及 WDK(Windows 驱动工具包)版本。安装步骤也是先安装 Visual Studio 后安装 WDK。
Win10驱动开发1——环境搭建
qq_41610493的博客
11-24 599
开发环境搭建
利用winIO3.0进行windows10 64bit端口读取
jbh_sunshine的博客
03-06 2829
一、winIO介绍 WinIO程序库允许在32位的Windows应用程序中直接对I/O端口和物理内存进行存取操作。通过使用一种内核模式的设备驱动器和其它几种底层编程技巧,它绕过了Windows系统的保护机制。 WinIo可以到官方网站已经不能用了,以下给出我上传的资源的链接。 因为需要加载驱动,程序要以管理员权限运行,已经在win10 64验证成功 为了省去动态加载DLL,再动态获取函数地址去调用...
Windows 10驱动开发入门(三):DeviceIoControl实现上层通讯
haleycat的博客
06-14 1008
在这个例子中我们创建了一个设备对象,使用`DeviceIoControl` 来发送`IRP`,实现了上层程序和驱动之间的通讯。
Windows驱动开发系列之三:WDF驱动开发入门
11-30
我将带领大家学习WDM驱动开发,包括重要的理论与实践。我们逐步深入,在系列一和二的基础上慢慢推进,开始学习WDF驱动模型,包括面向对象和事件机制、重要的WDF对象,具体章节包括:1)WDF编程框架:面向对象和事件机制2)WDF重要对象:驱动对象、设备对象、IO队列、IO请求、等3)事件回调函数:从派遣函数到事件回调函数的原理流程解析4)WDF过滤驱动:掌握WDF对IRP的处理,以及过滤驱动的应用5)WDF驱动安装:掌握驱动安装原理和INF文件的重要概念 Windows内核开发寄语:1、Windows内核非常复杂,相关图书和课程都很少,让很多初学者望而生畏;没关系,我带领大家别有兴致地来领略Windows内核的神秘,解开面纱,层层深入。2、本书以Windows10x64位基准,所有程序都编译、运行在Vmware的Win10x64位机器上。vs2019+wdk3、内核学习并不可怕,授人以鱼不如授人以渔,艺多不压身,学习能提升人的综合能力,尤其是核心技术。
[Win32驱动10] 派遣函数与读写方式
輚至消亡
10-21 542
1. 派遣函数 在Windows中,用户态进程的各类IO请求最后都会转化成对应的IRP请求并发送给底层驱动。其流程差不多是这样的,拿WriteFile来举例: 在用户态调用WriteFile函数 WriteFile会调用NTDLL.dll中的NtWriteFile函数 NtWriteFile会陷入内核调用系统服务NtWriteFile(注意只是相同的名字,但本质完全不同) NtWriteFile会生成相应的IRP,对应IRP类型为: IRP_MJ_WRITE并将其发送给底层对应驱动 IRP会顺次
应用程序和驱动交互原理
zeguang2的博客
02-19 692
驱动就是获取外设、或者传感器数据,控制外设。数据会提交给应用程序。Linux 驱动编译既要编写一个驱动,还要我们编写一个简单的测试应用程序APP。 单片机下(如STM32)驱动和应用都是放到同一个文件里面,也就是杂糅到一起。而Linux 下驱动和应用是完全分开的。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值