在Windows驱动开发中,为了确保我们的驱动程序(运行在ring0级别)能够与应用程序(运行在ring3级别)进行有效的通信,我们需要仔细设置和处理IRP(I/O Request Packet)函数以及相关的驱动机制,推荐大家在命令模块自己写一个指令,使其只有对应的程序才可以于驱动程序沟通,提供程序安全
driverInit.h
#pragma once
#include <ntifs.h>
#include "Logging.h"
NTSTATUS CreateDriverObject(IN PDRIVER_OBJECT DriverObject);
NTSTATUS DispatchCreate(PDEVICE_OBJECT pDeviceObject, PIRP pIrp);
NTSTATUS DispatchClose(PDEVICE_OBJECT pDeviceObject, PIRP pIrp);
NTSTATUS DriverDefaultHandle(PDEVICE_OBJECT pDeviceObject, PIRP pIrp);
NTSTATUS DispatchRead(PDEVICE_OBJECT pDeviceObject, PIRP pIrp);
NTSTATUS DispatchWrite(PDEVICE_OBJECT DeviceObject, PIRP Irp);
NTSTATUS parse();
NTSTATUS init();
其中DispatchRead为程序读取驱动数据,DispatchWrite为程序向驱动写入数据
driverInit.cpp
#include "driverInit.h"
NTSTATUS CreateDriverObject(IN PDRIVER_OBJECT DriverObject) {
NTSTATUS Status;
PDEVICE_OBJECT pDevObj;
UNICODE_STRING DriverName, SymLinkName;
RtlInitUnicodeString(&DriverName, L"\\Device\\LyKernelService");
Status = IoCreateDevice(DriverObject, 0, &DriverName, FILE_DEVICE_UNKNOWN, 0, TRUE, &pDevObj);
if (Status != STATUS_SUCCESS) {
WriteLog("[LyKernelService] Failed to create device object!\n");
return Status;
}
pDevObj->Flags |= DO_BUFFERED_IO;
RtlInitUnicodeString(&SymLinkName, L"\\??\\LyKernelService");
Status = IoCreateSymbolicLink(&SymLinkName, &DriverName);
if (Status != STATUS_SUCCESS) {
WriteLog("[LyKernelService] Failed to create symbolic link!\n");
return Status;
}
WriteLog("[LyKernelService] Driver communication device created successfully!\n");
return STATUS_SUCCESS;
}
NTSTATUS DispatchCreate(PDEVICE_OBJECT pDeviceObject, PIRP pIrp) {
pIrp->IoStatus.Status = STATUS_SUCCESS;
WriteLog("[LyKernelService] Received create request!\n");
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS DispatchClose(PDEVICE_OBJECT pDeviceObject, PIRP pIrp) {
pIrp->IoStatus.Status = STATUS_SUCCESS;
WriteLog("[LyKernelService] Received close request!\n");
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS DriverDefaultHandle(PDEVICE_OBJECT pDeviceObject, PIRP pIrp) {
pIrp->IoStatus.Status = STATUS_SUCCESS;
pIrp->IoStatus.Information = 0;
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS DispatchRead(PDEVICE_OBJECT pDeviceObject, PIRP pIrp) {
NTSTATUS Status = STATUS_SUCCESS;
PIO_STACK_LOCATION Stack = IoGetCurrentIrpStackLocation(pIrp);
ULONG ulReadLength = Stack->Parameters.Read.Length;
char* pBuffer = g_dataBuffer;
if (ulReadLength > strlen(pBuffer)) {
ulReadLength = strlen(pBuffer);
}
memcpy(pIrp->AssociatedIrp.SystemBuffer, pBuffer, ulReadLength);
pIrp->IoStatus.Status = Status;
pIrp->IoStatus.Information = ulReadLength;
WriteLog("[LyKernelService] Read %d bytes of data!\n", ulReadLength);
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
return Status;
}
NTSTATUS DispatchWrite(PDEVICE_OBJECT DeviceObject, PIRP Irp) {
NTSTATUS Status = STATUS_SUCCESS;
PIO_STACK_LOCATION Stack = IoGetCurrentIrpStackLocation(Irp);
ULONG ulWriteLength = Stack->Parameters.Write.Length;
PVOID pBuffer = Irp->AssociatedIrp.SystemBuffer;
g_dataLength = ulWriteLength;
WriteLog("[LyKernelService] Wrote %d bytes of data, content: %s!\n", ulWriteLength, (char*)pBuffer);
RtlCopyMemory(g_dataBuffer, pBuffer, ulWriteLength < BUFFER_SIZE ? ulWriteLength : BUFFER_SIZE - 1);
g_dataBuffer[ulWriteLength < BUFFER_SIZE ? ulWriteLength : BUFFER_SIZE - 1] = '\0';
Status = parse();
if (!NT_SUCCESS(Status)) {
WriteLog("[LyKernelService] Failed to parse data, status: 0x%X\n", Status);
}
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return Status;
}
代码很固定可以直接复制,自己写没有意义