编译driver
一个基本的mini filter项目创建好了以后,就可以编译,部署和运行了,在部署之前,我们要先确定在什么样的系统上运行,我有一台windows 2008 r2拟机,所以我的运行的目标系统就是windows 2008 r2。
这个工程默认已经配置了好几个build选项,注意的是,选择的配置选项一定要与目标机器匹配,否则,不能在目标机器上正常运行,由于我的目标机器是windows 2008 r2,所以我选择“Win7 Debug-X64”配置选项。
直接build,由于我们还没有写任何自己的代码,所以build没有任何问题,我的项目的名称叫SSMF,所以在Win7Debug目录下面生成了SSMF.sys和SSMF.inf文件,SSMF.inf文件我们要必须进行修改才能使用,修改后的结果如下:
————————————————————————————————————————————————————————————————————————————————————
;;;
;;; SSMF
;;;
[Version]
Signature = "$Windows NT$"
; TODO - Change the Class and ClassGuid to match the Load Order Group value, see http://msdn.microsoft.com/en-us/windows/hardware/gg462963
Class = "ActivityMonitor" ;This is determined by the work this filter driver does
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;This value is determined by the Load Order Group value
Provider = %ManufacturerName%
DriverVer=08/10/2014,15.12.25.950
CatalogFile = SSMF.cat
[DestinationDirs]
DefaultDestDir = 12
SSMF.DriverFiles = 12 ;%windir%\system32\drivers
;;
;; Default install sections
;;
[DefaultInstall]
OptionDesc = %ServiceDescription%
CopyFiles = SSMF.DriverFiles
[DefaultInstall.Services]
AddService = %ServiceName%,,SSMF.Service
;;
;; Default uninstall sections
;;
[DefaultUninstall]
DelFiles = SSMF.DriverFiles
[DefaultUninstall.Services]
DelService = %ServiceName%,0x200 ;Ensure service is stopped before deleting
;
; Services Section
;
[SSMF.Service]
DisplayName = %ServiceName%
Description = %ServiceDescription%
ServiceBinary = %12%\%DriverName%.sys ;%windir%\system32\drivers\
Dependencies = "FltMgr"
ServiceType = 2 ;SERVICE_FILE_SYSTEM_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
; TODO - Change the Load Order Group value, see http://connect.microsoft.com/site221/content/content.aspx?ContentID=2512
LoadOrderGroup = "FSFilter Activity Monitor"
;LoadOrderGroup = "_TODO_Change_LoadOrderGroup_appropriately_"
AddReg = SSMF.AddRegistry
;
; Registry Modifications
;
[SSMF.AddRegistry]
HKR,,"DebugFlags",0x00010001 ,0x0
HKR,,"SupportedFeatures",0x00010001,0x3
HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
;
; Copy Files
;
[SSMF.DriverFiles]
%DriverName%.sys
[SourceDisksFiles]
SSMF.sys = 1,,
[SourceDisksNames]
1 = %DiskId1%,,,
;;
;; String Section
;;
[Strings]
; TODO - Add your manufacturer
ManufacturerName = "Template"
ServiceDescription = "SSMF Mini-Filter Driver"
ServiceName = "SSMF"
DriverName = "SSMF"
DiskId1 = "SSMF Device Installation Disk"
;Instances specific information.
DefaultInstance = "SSMF Instance"
Instance1.Name = "SSMF Instance"
; TODO - Change the altitude value, see http://connect.microsoft.com/site221/content/content.aspx?ContentID=2512
Instance1.Altitude = "370030"
;Instance.Altitude = "_TODO_Change_Altitude_appropriately_"
Instance1.Flags = 0x0 ; Allow all attachments
————————————————————————————————————————————————————————————————————————————————
具体的每一项的含义可以查看相关的文档和msdn等。
部署driver
将SSMF.sys和SSMF.inf拷贝到目标系统,在SSMF.inf文件上点击右键菜单,选择“Install”,就将SSMF driver部署到了系统中。
如果要卸载driver,可以用下面的这个命令:
RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultUninstall 132 c:\ssmf\ssmf.inf
启动driver
检验SSMF驱动是否安装成功,在命令行里面执行下面的命令:
sc start ssmf
看一下启动的状态会发现时running,就表示已经启动成功了,如下所示:
C:\Users\Administrator>sc start ssmf
SERVICE_NAME: ssmf
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
也可以通过命令 fltmc instances去查看里面是否有SSMF。
停止driver
可以执行sc stop ssmf
其他注意事项
1.如果选择的配置选项与对应的目标机器不匹配,driver将不能正确启动,可能会出现如下的这个错误:
C:\Users\Administrator>sc start ssmf
[SC] StartService FAILED 1275:
This driver has been blocked from loading
也有可能是编译的32位driver放到了64位系统上运行的结果。
2.由于是我们自己编写的driver,还没有进行签名,所以在windows 2008 等系统上不能直接启动,所以,要在系统启动的时候按F8,选择“ Dlsable Driver Signature Enforcement ”。
扫一扫
1432
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
