|
https://blog.csdn.net/csdn_gddf102384398/article/details/106835990 驱动程序DriverEntry.c
#include <ntddk.h>
#define DEVICE_NAME L"\\Device\\MyDDKDevice1"
#define SYMBOLIC_LINK_NAME L"\\??\\MyDDKDevice1"
#define DEVICE_EX_SIZE 200
//读设备
#define READ_CTL_CODE CTL_CODE(FILE_DEVICE_UNKNOWN,0x830,METHOD_BUFFERED,FILE_READ_ACCESS)
//写设备
#define WRITE_CTL_CODE CTL_CODE(FILE_DEVICE_UNKNOWN,0x831,METHOD_BUFFERED,FILE_WRITE_ACCESS)
VOID DriverUnload(__in struct _DRIVER_OBJECT *DriverObject)
{
UNICODE_STRING symbolLinkName;
DbgPrint("DriverUnload\n");
if (DriverObject->DeviceObject)
IoDeleteDevice(DriverObject->DeviceObject);
RtlInitUnicodeString(&symbolLinkName, SYMBOLIC_LINK_NAME);
IoDeleteSymbolicLink(&symbolLinkName);
}
NTSTATUS OnCreateDevice(__in struct _DEVICE_OBJECT *DeviceObject, __inout struct _IRP *Irp)
{
NTSTATUS status = STATUS_SUCCESS;
DbgPrint("OnCreateDevice\n");
Irp->IoStatus.Status = status;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
NTSTATUS OnReadDevice(__in struct _DEVICE_OBJECT *DeviceObject, __inout struct _IRP *Irp)
{
NTSTATUS status = STATUS_SUCCESS;
PIO_STACK_LOCATION stack;
ULONG wantRead;
char* pData = "This data is from kernel.";
int len = strlen(pData) + 1;
DbgPrint("OnReadDevice\n");
stack = IoGetCurrentIrpStackLocation(Irp);
wantRead = stack->Parameters.Read.Length;//用户想要读取的字节数
DbgPrint("App wants to read %d bytes\n", wantRead);
// 完成IRP
//设置IRP完成状态
Irp->IoStatus.Status = status;
//设置IRP操作了多少字节
Irp->IoStatus.Information = len;
DbgPrint("readBuf address:%p\n", Irp->AssociatedIrp.SystemBuffer);
memcpy(Irp->AssociatedIrp.SystemBuffer, pData, len);
//处理IRP
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
NTSTATUS OnWriteDevice(__in struct _DEVICE_OBJECT *DeviceObject, __inout struct _IRP *Irp)
{
NTSTATUS status = STATUS_SUCCESS;
PIO_STACK_LOCATION stack;
ULONG len;//App写到内核的数据量
DbgPrint("OnWriteDevice\n");
stack = IoGetCurrentIrpStackLocation(Irp);
len = stack->Parameters.Write.Length;//App写到内核的数据量
DbgPrint("writeBuf address:%p\n", Irp->AssociatedIrp.SystemBuffer);
DbgPrint("Kernel recved %d bytes from App.The content is:%s\n", len, Irp->AssociatedIrp.SystemBuffer);
// 完成IRP
//设置IRP完成状态
Irp->IoStatus.Status = status;
//设置IRP操作了多少字节
Irp->IoStatus.Information = 13;
RtlZeroMemory(DeviceObject->DeviceExtension, DEVICE_EX_SIZE);
memcpy(DeviceObject->DeviceExtension, Irp->AssociatedIrp.SystemBuffer, len);
//处理IRP
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
NTSTATUS OnCloseDevice(__in struct _DEVICE_OBJECT *DeviceObject, __inout struct _IRP *Irp)
{
NTSTATUS status = STATUS_SUCCESS;
DbgPrint("OnCloseDevice\n");
Irp->IoStatus.Status = status;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
NTSTATUS OnCleanupDevice(__in struct _DEVICE_OBJECT *DeviceObject, __inout struct _IRP *Irp)
{
NTSTATUS status = STATUS_SUCCESS;
DbgPrint("OnCleanupDevice\n");
Irp->IoStatus.Status = status;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
NTSTATUS OnDeviceIoControl(__in struct _DEVICE_OBJECT *DeviceObject, __inout struct _IRP *Irp)
{
NTSTATUS status = STATUS_SUCCESS;
ULONG_PTR Informaiton = 0;
PVOID InputData = NULL;
ULONG InputDataLength = 0;
PVOID OutputData = NULL;
ULONG OutputDataLength = 0;
ULONG IoControlCode = 0;
char* pData = NULL;
int len = 0;
PIO_STACK_LOCATION IoStackLocation = IoGetCurrentIrpStackLocation(Irp); //Irp堆栈
IoControlCode = IoStackLocation->Parameters.DeviceIoControl.IoControlCode;
DbgPrint("OnDeviceIoControl\n");
switch (IoControlCode)
{
case WRITE_CTL_CODE:
InputData = Irp->AssociatedIrp.SystemBuffer;
InputDataLength = IoStackLocation->Parameters.DeviceIoControl.InputBufferLength;
DbgPrint("App write to kernel by DeviceIoControl %d bytes,the content is:%s\n", InputDataLength, InputData);
Irp->IoStatus.Information = InputDataLength;
break;
case READ_CTL_CODE:
OutputData = Irp->AssociatedIrp.SystemBuffer;
OutputDataLength = IoStackLocation->Parameters.DeviceIoControl.OutputBufferLength;
DbgPrint("App wants to read %d bytes from kernel by DeviceIoControl\n", OutputDataLength);
pData = "Ring0 --> Ring3";
len = strlen(pData) + 1;
memcpy(OutputData, pData, len);
Irp->IoStatus.Information = len;
break;
}
Irp->IoStatus.Status = status;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
NTSTATUS DriverEntry(__in struct _DRIVER_OBJECT *DriverObject, __in PUNICODE_STRING RegistryPath)
{
NTSTATUS status = STATUS_SUCCESS;
DEVICE_OBJECT* pdo;
UNICODE_STRING devicename, symbolLinkName;
RtlInitUnicodeString(&devicename, DEVICE_NAME);
RtlInitUnicodeString(&symbolLinkName, SYMBOLIC_LINK_NAME);
DbgPrint("DriverEntry\n");
status = IoCreateDevice(DriverObject, DEVICE_EX_SIZE, &devicename, FILE_DEVICE_UNKNOWN, 0, TRUE, &pdo);
if (!NT_SUCCESS(status))
{
DbgPrint("Create Device Object Failed:%x\n", status);
return status;
}
pdo->Flags |= DO_BUFFERED_IO;
status = IoCreateSymbolicLink(&symbolLinkName, &devicename);
if (!NT_SUCCESS(status))
{
DbgPrint("Create SymbolicLink Name Failed:%x\n", status);
IoDeleteDevice(pdo);
return status;
}
DriverObject->MajorFunction[IRP_MJ_CREATE] = OnCreateDevice;
DriverObject->MajorFunction[IRP_MJ_READ] = OnReadDevice;
DriverObject->MajorFunction[IRP_MJ_WRITE] = OnWriteDevice;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = OnCloseDevice;
DriverObject->MajorFunction[IRP_MJ_CLEANUP] = OnCleanupDevice;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = OnDeviceIoControl;
DriverObject->DriverUnload = DriverUnload;
return status;
}
应用程序main.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <windows.h>
#define DEVICE_NAME "\\\\.\\MyDDKDevice1"
//读设备
#define READ_CTL_CODE CTL_CODE(FILE_DEVICE_UNKNOWN,0x830,METHOD_BUFFERED,FILE_READ_ACCESS)
//写设备
#define WRITE_CTL_CODE CTL_CODE(FILE_DEVICE_UNKNOWN,0x831,METHOD_BUFFERED,FILE_WRITE_ACCESS)
DWORD ReadMyDevice(HANDLE hDevice, char* buf, int len)
{
DWORD dwRead = 0;
DeviceIoControl(hDevice, READ_CTL_CODE, NULL, 0, buf, len, &dwRead, NULL);
return dwRead;
}
DWORD WriteMyDevice(HANDLE hDevice,char* buf,int len)
{
DWORD dwWrite = 0;
DeviceIoControl(hDevice, WRITE_CTL_CODE, buf, len, NULL, 0, &dwWrite, NULL);
return dwWrite;
}
void main()
{
system("pause");
HANDLE hDevice = CreateFileA(DEVICE_NAME, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_DEVICE, NULL);
if (hDevice == INVALID_HANDLE_VALUE)
{
printf("打开设备失败\n");
system("pause");
return;
}
char readBuf[50] = {0};
char* pWriteBuf = "This Data is from App.";
int len = strlen(pWriteBuf) + 1;
DWORD dwRead = 0, dwWrite = 0;
system("pause");
if (ReadFile(hDevice, readBuf, sizeof(readBuf), &dwRead, NULL))
{
printf("readBuf地址为:%p\n",readBuf);
printf("从设备读取了%d字节数据,内容为:%s\n", dwRead, readBuf);
}
system("pause");
if (WriteFile(hDevice, pWriteBuf, len, &dwWrite, NULL))
{
printf("pWriteBuf地址为:%p\n", pWriteBuf);
printf("实际写入设备%d字节\n", dwWrite);
}
printf("写设备\n");
system("pause");
dwWrite = 0;
pWriteBuf = "Ring3 --> Ring0";
len = strlen(pWriteBuf) + 1;
dwWrite=WriteMyDevice(hDevice, pWriteBuf, len);
printf("通过DeviceIoControl写入设备%d字节\n", dwWrite);
printf("读设备\n");
system("pause");
memset(readBuf, 0, sizeof(readBuf));
dwRead = 0;
dwRead = ReadMyDevice(hDevice, readBuf, sizeof(readBuf));
printf("通过DeviceIoControl读取设备%d字节,读取的内容为:%s\n", dwRead, readBuf);
system("pause");
CloseHandle(hDevice);
system("pause");
}
makefile文件:
!INCLUDE $(NTMAKEENV)\makefile.def
sources文件
TARGETNAME=WinDDK1_Win7_X64
TARGETTYPE=DRIVER
SOURCES=DriverEntry.c
运行截图:
|
