Windows用户层使用指令操作内核程序执行指令!(5)驱动程序初始化

在Windows驱动开发中,为了确保我们的驱动程序(运行在ring0级别)能够与应用程序(运行在ring3级别)进行有效的通信,我们需要仔细设置和处理IRP(I/O Request Packet)函数以及相关的驱动机制,推荐大家在命令模块自己写一个指令,使其只有对应的程序才可以于驱动程序沟通,提供程序安全

driverInit.h

#pragma once
#include <ntifs.h>
#include "Logging.h"

NTSTATUS CreateDriverObject(IN PDRIVER_OBJECT DriverObject);
NTSTATUS DispatchCreate(PDEVICE_OBJECT pDeviceObject, PIRP pIrp);
NTSTATUS DispatchClose(PDEVICE_OBJECT pDeviceObject, PIRP pIrp);
NTSTATUS DriverDefaultHandle(PDEVICE_OBJECT pDeviceObject, PIRP pIrp);
NTSTATUS DispatchRead(PDEVICE_OBJECT pDeviceObject, PIRP pIrp);
NTSTATUS DispatchWrite(PDEVICE_OBJECT DeviceObject, PIRP Irp);

NTSTATUS parse();
NTSTATUS init();

其中DispatchRead为程序读取驱动数据,DispatchWrite为程序向驱动写入数据

driverInit.cpp

#include "driverInit.h"




NTSTATUS CreateDriverObject(IN PDRIVER_OBJECT DriverObject) {
	NTSTATUS Status;
	PDEVICE_OBJECT pDevObj;
	UNICODE_STRING DriverName, SymLinkName;

	RtlInitUnicodeString(&DriverName, L"\\Device\\LyKernelService");
	Status = IoCreateDevice(DriverObject, 0, &DriverName, FILE_DEVICE_UNKNOWN, 0, TRUE, &pDevObj);
	if (Status != STATUS_SUCCESS) {
		WriteLog("[LyKernelService] Failed to create device object!\n");
		return Status;
	}
	pDevObj->Flags |= DO_BUFFERED_IO;

	RtlInitUnicodeString(&SymLinkName, L"\\??\\LyKernelService");
	Status = IoCreateSymbolicLink(&SymLinkName, &DriverName);
	if (Status != STATUS_SUCCESS) {
		WriteLog("[LyKernelService] Failed to create symbolic link!\n");
		return Status;
	}
	WriteLog("[LyKernelService] Driver communication device created successfully!\n");
	return STATUS_SUCCESS;
}

NTSTATUS DispatchCreate(PDEVICE_OBJECT pDeviceObject, PIRP pIrp) {
	pIrp->IoStatus.Status = STATUS_SUCCESS;
	WriteLog("[LyKernelService] Received create request!\n");
	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
	return STATUS_SUCCESS;
}

NTSTATUS DispatchClose(PDEVICE_OBJECT pDeviceObject, PIRP pIrp) {
	pIrp->IoStatus.Status = STATUS_SUCCESS;
	WriteLog("[LyKernelService] Received close request!\n");
	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
	return STATUS_SUCCESS;
}

NTSTATUS DriverDefaultHandle(PDEVICE_OBJECT pDeviceObject, PIRP pIrp) {
	pIrp->IoStatus.Status = STATUS_SUCCESS;
	pIrp->IoStatus.Information = 0;
	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
	return STATUS_SUCCESS;
}

NTSTATUS DispatchRead(PDEVICE_OBJECT pDeviceObject, PIRP pIrp) {
	NTSTATUS Status = STATUS_SUCCESS;
	PIO_STACK_LOCATION Stack = IoGetCurrentIrpStackLocation(pIrp);
	ULONG ulReadLength = Stack->Parameters.Read.Length;

	char* pBuffer = g_dataBuffer;

	if (ulReadLength > strlen(pBuffer)) {
		ulReadLength = strlen(pBuffer);
	}

	memcpy(pIrp->AssociatedIrp.SystemBuffer, pBuffer, ulReadLength);
	pIrp->IoStatus.Status = Status;
	pIrp->IoStatus.Information = ulReadLength;
	WriteLog("[LyKernelService] Read %d bytes of data!\n", ulReadLength);
	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
	return Status;
}

NTSTATUS DispatchWrite(PDEVICE_OBJECT DeviceObject, PIRP Irp) {
	NTSTATUS Status = STATUS_SUCCESS;
	PIO_STACK_LOCATION Stack = IoGetCurrentIrpStackLocation(Irp);
	ULONG ulWriteLength = Stack->Parameters.Write.Length;
	PVOID pBuffer = Irp->AssociatedIrp.SystemBuffer;

	g_dataLength = ulWriteLength;
	WriteLog("[LyKernelService] Wrote %d bytes of data, content: %s!\n", ulWriteLength, (char*)pBuffer);
	RtlCopyMemory(g_dataBuffer, pBuffer, ulWriteLength < BUFFER_SIZE ? ulWriteLength : BUFFER_SIZE - 1);
	g_dataBuffer[ulWriteLength < BUFFER_SIZE ? ulWriteLength : BUFFER_SIZE - 1] = '\0';
	Status = parse();
	if (!NT_SUCCESS(Status)) {
		WriteLog("[LyKernelService] Failed to parse data, status: 0x%X\n", Status);
	}
	IoCompleteRequest(Irp, IO_NO_INCREMENT);
	return Status;
}

代码很固定可以直接复制,自己写没有意义

Windows用户层使用指令操作内核程序执行指令!(6) 驱动程序入口

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值