【C++驱动操作类】未完待续

最新推荐文章于 2024-11-20 13:55:21 发布

RLib

最新推荐文章于 2024-11-20 13:55:21 发布

阅读量10w+

点赞数

分类专栏： C/C++ 文章标签： c++ attributes string null descriptor path

本文链接：https://blog.youkuaiyun.com/rrrfff/article/details/6154048

版权

C/C++ 专栏收录该内容

80 篇文章

订阅专栏

本文档详细介绍了如何使用C++来操作驱动程序，包括驱动的注册、加载、卸载和调用。通过加载`ntdll.dll`库，获取并使用`NtClose`、`RtlInitUnicodeString`等关键函数，实现对驱动的打开、关闭以及设备I/O控制。此外，还展示了如何在注册表中写入驱动信息。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

Lib_Driver.h

#include "Lib.h" // namespace System { class export Driver { private: //结构声明 typedef struct _LSA_UNICODE_STRING { USHORT Length; USHORT MaximumLength; PVOID Buffer; } UNICODE_STRING, *PUNICODE_STRING; typedef struct _OBJECT_ATTRIBUTES { ULONG Length; HANDLE RootDirectory; PUNICODE_STRING ObjectName; ULONG Attributes; PVOID SecurityDescriptor; PVOID SecurityQualityOfService; } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; typedef struct _IO_STATUS_BLOCK { union { long Status; PVOID Pointer; } ; ULONG_PTR Information; } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; private: //变量数据 HANDLE hDriver; HMODULE hNtDll; UNICODE_STRING uDriver, uName; OBJECT_ATTRIBUTES Obj_; IO_STATUS_BLOCK Isb_; TCHAR DriverName[MAX_REASON_NAME_LEN], DriverPath[MAX_PATH]; typedef long (_stdcall* _NtClose)(HANDLE Handle); typedef void (_stdcall* _RtlInitUnicodeString)(PUNICODE_STRING DestinationString, PCWSTR SourceString); typedef void (_stdcall* _RtlFreeUnicodeString)(PUNICODE_STRING UnicodeString); _NtClose NtClose; _RtlInitUnicodeString RtlInitUnicodeString; _RtlFreeUnicodeString RtlFreeUnicodeString; private: //内部函数 void InitializeObjectAttributes(POBJECT_ATTRIBUTES, PUNICODE_STRING, ULONG Attributes, HANDLE, PSECURITY_DESCRIPTOR); void NtRegisterDriver(); public: //公开成员 Driver(PTCHAR, PTCHAR); ~Driver(); long NtCallDriver(ULONG,PVOID,ULONG,PVOID,ULONG); }; }

Lib_Driver.cpp

#include "Lib_Driver.h" // using namespace System; // //Driver类函数的实现 // void Driver::InitializeObjectAttributes(POBJECT_ATTRIBUTES InitializedAttributes,PUNICODE_STRING ObjectName,ULONG Attributes,HANDLE RootDirectory,PSECURITY_DESCRIPTOR SecurityDescriptor) { InitializedAttributes->Length = sizeof(OBJECT_ATTRIBUTES); InitializedAttributes->RootDirectory = RootDirectory; InitializedAttributes->Attributes = Attributes; InitializedAttributes->ObjectName = ObjectName; InitializedAttributes->SecurityDescriptor = SecurityDescriptor; InitializedAttributes->SecurityQualityOfService = NULL; } Driver::Driver(PTCHAR DriverName, PTCHAR DriverPath) { hNtDll = LoadLibraryEx(T("ntdll.dll"), NULL, NULL); if (hNtDll) { NtClose = (_NtClose)GetProcAddress(hNtDll, "NtClose"); RtlInitUnicodeString = (_RtlInitUnicodeString)GetProcAddress(hNtDll, "RtlInitUnicodeString"); RtlFreeUnicodeString = (_RtlFreeUnicodeString)GetProcAddress(hNtDll, "RtlFreeUnicodeString"); } //拷贝字符 #define DRIVER_PATH T("//??//") memcpy(this->DriverName, DriverName, Length(DriverName)); memcpy(this->DriverPath, DRIVER_PATH, sizeof(DRIVER_PATH) - 2); memcpy(LPBYTE(this->DriverPath) + (sizeof(DRIVER_PATH) -2), DriverPath, Length(DriverPath)); //注册驱动 NtRegisterDriver(); //加载驱动 typedef long (_stdcall* _NtLoadDriver)(PUNICODE_STRING DriverServiceName); typedef long (_stdcall* _NtCreateFile)(PHANDLE FileHandle,ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes,PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER AllocationSize,ULONG FileAttributes, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, PVOID EaBuffer, ULONG EaLength); _NtLoadDriver NtLoadDriver = (_NtLoadDriver)GetProcAddress(hNtDll, "NtLoadDriver"); _NtCreateFile NtCreateFile = (_NtCreateFile)GetProcAddress(hNtDll, "NtCreateFile"); //加载驱动程序 NtLoadDriver(&uDriver); //获取驱动句柄HANDLE TCHAR OpenName[MAX_REASON_NAME_LEN + 6] = DRIVER_PATH; //驱动打开路径 wcscat(PTCHAR(LPBYTE(OpenName) + sizeof(DRIVER_PATH) -2), this->DriverName); //追加驱动名 RtlInitUnicodeString(&uName, OpenName); InitializeObjectAttributes(&Obj_,&uName,0x00000200L|0x00000040L/*OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE*/,NULL,NULL); NtCreateFile(&hDriver,GENERIC_READ|GENERIC_WRITE,&Obj_,&Isb_,NULL,FILE_ATTRIBUTE_NORMAL,FILE_SHARE_READ|FILE_SHARE_WRITE,OPEN_EXISTING,NULL,NULL,NULL); } Driver::~Driver() { NtClose(hDriver); typedef long (_stdcall* _NtUnloadDriver)(PUNICODE_STRING DriverServiceName); _NtUnloadDriver NtUnloadDriver = (_NtUnloadDriver)GetProcAddress(hNtDll, "NtUnloadDriver"); NtUnloadDriver(&uDriver); RtlFreeUnicodeString(&uDriver); FreeLibrary(hNtDll); } void Driver::NtRegisterDriver() { typedef long (_stdcall* _NtCreateKey)(PHANDLE KeyHandle,ACCESS_MASK DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes, ULONG TitleIndex,PUNICODE_STRING Class,ULONG CreateOptions,PULONG Disposition); typedef long (_stdcall* _NtSetValueKey)(HANDLE KeyHandle,PUNICODE_STRING ValueName,ULONG TitleIndex,ULONG Type,PVOID Data,ULONG DataSize); _NtCreateKey NtCreateKey = (_NtCreateKey)GetProcAddress(hNtDll, "NtCreateKey"); _NtSetValueKey NtSetValueKey = (_NtSetValueKey)GetProcAddress(hNtDll, "NtSetValueKey"); //写入注册表 #define REG_PATH T("//Registry//Machine//System//CurrentControlSet//Services//") TCHAR RegPath[MAX_PATH] = REG_PATH; //注册表位置 wcscat(PTCHAR(LPBYTE(RegPath) + sizeof(REG_PATH) -2), this->DriverName); //追加驱动名 RtlInitUnicodeString(&this->uDriver, RegPath); InitializeObjectAttributes(&Obj_, &this->uDriver, 0x00000200L|0x00000040L/*OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE*/, NULL, NULL); if(!NtCreateKey(&hDriver, KEY_ALL_ACCESS, &Obj_, NULL, NULL, REG_OPTION_VOLATILE, NULL)) { { RtlInitUnicodeString(&uName,T("DisplayName")); NtSetValueKey(hDriver, &uName, 0, REG_SZ, (LPBYTE)this->DriverName, Length(this->DriverName)); RtlFreeUnicodeString(&uName); RtlInitUnicodeString(&uName,T("ImagePath")); NtSetValueKey(hDriver, &uName, 0, REG_SZ, (LPBYTE)this->DriverPath, Length(this->DriverPath)); RtlFreeUnicodeString(&uName); Obj_.Attributes = 1; RtlInitUnicodeString(&uName,T("Type")); NtSetValueKey(hDriver, &uName, 0, REG_DWORD, (BYTE*)&Obj_.Attributes, sizeof(Obj_.Attributes)); RtlFreeUnicodeString(&uName); Obj_.Attributes = 3; RtlInitUnicodeString(&uName,T("Start")); NtSetValueKey(hDriver, &uName, 0, REG_DWORD, (BYTE*)&Obj_.Attributes, sizeof(Obj_.Attributes)); } RtlFreeUnicodeString(&uName); NtClose(hDriver); } } long Driver::NtCallDriver(ULONG ControlCode,PVOID InputBuffer,ULONG InputBufferLength,PVOID OutputBuffer,ULONG OutputBufferLength) { typedef long (_stdcall* _NtDeviceIoControlFile)(HANDLE FileHandle,HANDLE Event, LPVOID ApcRoutine,PVOID ApcContext,PIO_STATUS_BLOCK IoStatusBlock, ULONG IoControlCode,PVOID InputBuffer,ULONG InputBufferLength,PVOID OutputBuffer,ULONG OutputBufferLength); _NtDeviceIoControlFile NtDeviceIoControlFile = (_NtDeviceIoControlFile)GetProcAddress(hNtDll, "NtDeviceIoControlFile"); return NtDeviceIoControlFile(hDriver, NULL, NULL, NULL, &Isb_, ControlCode, InputBuffer, InputBufferLength, OutputBuffer, OutputBufferLength); }