/* 描述:对目标驱动对象的所有设备对象挂载过滤设备对象 */ #include <ntddk.h> // 目标驱动对象 PDRIVER_OBJECT DestDriverObject; // 过滤设备对象扩展 typedef struct _FILTER_EXT { PDEVICE_OBJECT LowerDeviceObject; } FILTER_EXT, *PFILTER_EXT; // 驱动入口例程 NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ); // 驱动卸载例程 VOID DriverUnload( IN PDRIVER_OBJECT DriverObject ); // IRP处理例程 NTSTATUS Dispatch( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ); // 取得目标驱动对象例程 VOID InitDestDriverObject(); // 挂载例程 VOID Attach( IN PDRIVER_OBJECT DriverObject ); #ifdef ALLOC_PRAGMA #pragma alloc_text(INIT, DriverEntry) #pragma alloc_text(PAGE, DriverUnload) #pragma alloc_text(PAGE, Dispatch) #pragma alloc_text(INIT, InitDestDriverObject) #pragma alloc_text(INIT, Attach) #endif /* 描述:驱动入口例程 */ NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { NTSTATUS status = STATUS_SUCCESS; USHORT idx; KdPrint(("DriverEntry invoke/n")); for (idx = 0; idx <= IRP_MJ_MAXIMUM_FUNCTION; ++idx) { DriverObject->MajorFunction[idx] = Dispatch; } DriverObject->DriverUnload = DriverUnload; InitDestDriverObject(); Attach(DriverObject); return status; } /* 描述:驱动卸载例程 */ VOID DriverUnload( IN PDRIVER_OBJECT DriverObject ) { LARGE_INTEGER interval; PDEVICE_OBJECT curDeviceObject; KdPrint(("DriverUnload invoke/n")); interval.QuadPart = (-5) * 1000 * 1000 * 10; curDeviceObject = DriverObject->DeviceObject; while (curDeviceObject != NULL) { IoDetachDevice(((PFILTER_EXT)curDeviceObject->DeviceExtension)->LowerDeviceObject); KeDelayExecutionThread(KernelMode, FALSE, &interval); IoDeleteDevice(curDeviceObject); curDeviceObject = curDeviceObject->NextDevice; } } /* 描述:IRP处理例程 */ NTSTATUS Dispatch( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { PDEVICE_OBJECT lowerDeviceObject = ((PFILTER_EXT)DeviceObject->DeviceExtension)->LowerDeviceObject; PIO_STACK_LOCATION irpsp = IoGetCurrentIrpStackLocation(Irp); switch (irpsp->MajorFunction) { case IRP_MJ_POWER: { KdPrint(("IRP_MJ_POWER/n")); PoStartNextPowerIrp(Irp); IoSkipCurrentIrpStackLocation(Irp); return PoCallDriver(lowerDeviceObject, Irp); break; } case IRP_MJ_WRITE: { ULONG len, idx; PUCHAR buf = NULL; KdPrint(("IRP_MJ_WRITE/n")); len = irpsp->Parameters.Write.Length; if (Irp->MdlAddress != NULL) { buf = (PUCHAR)MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority); } else if (Irp->AssociatedIrp.SystemBuffer != NULL) { buf = (PUCHAR)Irp->AssociatedIrp.SystemBuffer; } else if (Irp->UserBuffer != NULL) { buf = (PUCHAR)Irp->UserBuffer; } if (buf != NULL) { for (idx = 0; idx < len; ++idx) { KdPrint(("SendData:%02x %c/n", buf[idx], buf[idx])); } } IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(lowerDeviceObject, Irp); break; } default: { KdPrint(("Unknown Irp:%02x/n", irpsp->MajorFunction)); IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(lowerDeviceObject, Irp); break; } } } /* 描述:取得目标驱动对象例程 */ VOID InitDestDriverObject() { NTSTATUS status; PDEVICE_OBJECT targetDeviceObject; PFILE_OBJECT targetFileObject; UNICODE_STRING comname; KdPrint(("InitDestDriverObject invoke/n")); DestDriverObject = NULL; RtlInitUnicodeString(&comname, L"//Device//Serial0"); status = IoGetDeviceObjectPointer(&comname, FILE_ALL_ACCESS, &targetFileObject, &targetDeviceObject); if (!NT_SUCCESS(status)) { KdPrint(("IoGetDeviceObjectPointer failed/n")); return ; } ObDereferenceObject(targetFileObject); DestDriverObject = targetDeviceObject->DriverObject; } /* 描述:挂载例程 */ VOID Attach( IN PDRIVER_OBJECT DriverObject ) { NTSTATUS status; PDEVICE_OBJECT curDeviceObject; PDEVICE_OBJECT lowerDeviceObject; PDEVICE_OBJECT filterDeviceObject; KdPrint(("Attach invoke/n")); curDeviceObject = DestDriverObject->DeviceObject; while (curDeviceObject != NULL) { status = IoCreateDevice(DriverObject, sizeof(FILTER_EXT), NULL, curDeviceObject->DeviceType, curDeviceObject->Characteristics, FALSE, &filterDeviceObject); if (!NT_SUCCESS(status)) { KdPrint(("IoCreateDevice failed/n")); } else { lowerDeviceObject = IoAttachDeviceToDeviceStack(filterDeviceObject, curDeviceObject); if (lowerDeviceObject == NULL) { KdPrint(("IoAttachDeviceToDeviceStack failed/n")); } else { ((PFILTER_EXT)filterDeviceObject->DeviceExtension)->LowerDeviceObject = lowerDeviceObject; filterDeviceObject->Flags |= lowerDeviceObject->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO | DO_POWER_PAGABLE); filterDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING; } } curDeviceObject = curDeviceObject->NextDevice; } }