Windows 驱动开发
关注
分享
扫一扫
「已注销」
这个作者很懒,什么都没留下…
展开
-
分层驱动之循环读数据
// driverA.c#include <ntddk.h>// 卸载函数VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject){ UNICODE_STRING DevSymboliclinkName = { 0 }; RtlInitUnicodeString(&DevSymboliclinkName, L"\\??\\LayerDriver"); IoDeleteSymbolicLink(&DevSymbolicl原创 2022-05-03 16:31:21 · 316 阅读 · 0 评论 -
处理IRP的几种方式
// driver.c#include <ntddk.h>typedef struct _DEVICE_EXTENSION{ PDEVICE_OBJECT AttachDevice; // ...} DEVICE_EXTENSION, *PDEVICE_EXTENSION;// 卸载函数VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject){ KdPrint(("驱动卸载\n")); UNREFERENCED_PARAM.原创 2022-04-30 22:46:49 · 381 阅读 · 0 评论 -
枚举指定驱动对象和设备对象
// driver.c#include <ntifs.h>#include <ntddk.h>extern POBJECT_TYPE* IoDriverObjectType;NTSTATUSObReferenceObjectByName( __in PUNICODE_STRING ObjectName, __in ULONG Attributes, __in_opt PACCESS_STATE AccessState, __in_opt ACCESS_MASK原创 2022-04-29 09:16:13 · 383 阅读 · 0 评论 -
IoAllocateIrp用于驱动调用驱动
// driver.c#include <ntddk.h>// 卸载函数VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject){ KdPrint(("驱动卸载\n")); UNREFERENCED_PARAMETER(pDriverObject);}// 测试函数VOID CallDriverTest(){ NTSTATUS status = STATUS_SUCCESS; PFILE_OBJECT pFileObj =原创 2022-04-28 11:44:06 · 366 阅读 · 0 评论 -
使用设备对象指针来进行驱动调用驱动
// dest#include <ntddk.h>// 卸载函数VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject){ KdPrint(("驱动卸载\n")); UNREFERENCED_PARAMETER(pDriverObject); UNICODE_STRING DevSymbolicLinkName = { 0 }; RtlInitUnicodeString(&DevSymbolicLinkName, L"\\?原创 2022-04-28 10:29:46 · 172 阅读 · 0 评论 -
使用ZwCreateFile进行驱动调用驱动
// 目标驱动#include <ntddk.h>// 卸载函数VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject){ UNICODE_STRING DevSymbolicLink = { 0 }; KdPrint(("驱动卸载\n")); UNREFERENCED_PARAMETER(pDriverObject); RtlInitUnicodeString(&DevSymbolicLink, L"\\??\\Driv原创 2022-04-28 09:35:10 · 754 阅读 · 0 评论 -
内核时间处理相关函数
#include <ntddk.h>// 卸载函数VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject);// 时间函数测试VOID TimeTest();// 入口函数NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath){ NTSTATUS status = STATUS_SUCCESS; KdPri原创 2022-04-27 10:58:39 · 181 阅读 · 0 评论 -
IO定时器和DPC定时器
// driver.c#include <ntddk.h>KDPC dpc;KTIMER timer;LARGE_INTEGER timeout;// 卸载函数VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject);// 普通分发函数NTSTATUS DispatchRoutine(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp);// 时钟处理函数VOID IoTimerTes原创 2022-04-27 08:53:30 · 350 阅读 · 0 评论 -
IRP取消及StartIO操作
#include <ntddk.h>// 卸载函数VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject);// 派遣函数-常规NTSTATUS DispatchRoutine(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp);// 派遣函数-读操作NTSTATUS DispatchRead(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp);/原创 2022-04-26 13:16:13 · 256 阅读 · 0 评论 -
IRP异步完成处理
// driver.c#include <ntddk.h>LIST_ENTRY ListHeader;// 派遣函数-常规NTSTATUS DispatchRoutine(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp);// 派遣函数-读操作NTSTATUS DispatchRead(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp);// 派遣函数-清理NTSTATUS Dispat原创 2022-04-26 11:24:18 · 157 阅读 · 0 评论 -
IO操作-同步异步
// 同步#include <Windows.h>#include <stdio.h>int main(){ HANDLE hFile = CreateFile(L"Sync.txt", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile == INVALID_HANDL原创 2022-04-26 10:24:37 · 186 阅读 · 0 评论 -
黑客编程之线程劫持
#include <Windows.h>#include <stdio.h>#pragma pack(1)typedef struct _STCode{ BYTE PushCode; // push指令码 DWORD DllAddress; // 注入的dll字符串地址 USHORT CallCode; // call指令码 DWORD FuncAddress; // LoadLibrary函数地址 BYTE LoopCode[7]; // 循环指令}ST原创 2022-04-25 11:40:01 · 789 阅读 · 0 评论 -
Windows注入之SetWindowsHookEx
// console#include <Windows.h>#include <stdio.h>typedef LRESULT (*TestHookProc)(int code, WPARAM wParam, LPARAM lParam);int main(){ HWND hwnd = FindWindow(NULL, L"SetWindowHook"); DWORD dwThreadId = 0; DWORD dwProcessId = 0; HMODULE原创 2022-04-24 13:53:36 · 1100 阅读 · 0 评论 -
Windows驱动开发-串口过滤
// driver.c#include <ntddk.h>typedef struct _DeviceExtension{ PDEVICE_OBJECT AttachDevice; IO_REMOVE_LOCK RemoveLock;} DeviceExtension, *PDeviceExtension;// 卸载函数VOID DriverUnload(IN PDRIVER_OBJECT DriverObject);// 根据名称获取设备对象PDEVICE_OBJEC原创 2022-04-15 22:23:48 · 500 阅读 · 0 评论 -
Windows驱动开发-IO访问
// 驱动代码#include <ntddk.h>#define CTLBUFFERED CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)#define CTLDIRECTIN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_IN_DIRECT, FILE_ANY_ACCESS)#define CTLDIRECTOUT CTL_CODE(FILE_DEVI原创 2022-04-08 13:34:42 · 369 阅读 · 0 评论 -
Windows驱动开发-使用内存模拟文件读写
// 驱动代码#include <ntddk.h>#define MAX_FILE_LEN 4096// 设备扩展结构体typedef struct _FileExtend{ PCHAR Buffer; ULONG Length;} FileExtend, *PFileExtend;// 卸载函数VOID DriverUnload(IN PDRIVER_OBJECT DriverObject);// 派遣函数-基本操作NTSTATUS DispatchGeneri原创 2022-04-08 10:35:44 · 652 阅读 · 0 评论 -
Windows驱动开发-驱动与应用通信简单入门
// 驱动代码#include <ntddk.h>VOID DriverUnload(IN PDRIVER_OBJECT DriverObject){ UNICODE_STRING SymbolicLinkName = RTL_CONSTANT_STRING(L"\\??\\HelloDDK"); KdPrint(("驱动卸载\n")); UNREFERENCED_PARAMETER(DriverObject); IoDeleteSymbolicLink(&Symbol原创 2022-04-07 10:33:07 · 469 阅读 · 0 评论 -
Windows驱动开发-注册表操作
#include <ntddk.h>#include <windef.h>VOID DriverUnload(IN PDRIVER_OBJECT DriverObject){ KdPrint(("驱动卸载\n")); UNREFERENCED_PARAMETER(DriverObject);}VOID RegCreateTest(){ NTSTATUS status = STATUS_SUCCESS; HANDLE hKey = NULL; HANDLE h原创 2022-04-06 13:42:47 · 792 阅读 · 0 评论 -
Windows驱动开发-文件基本操作
#include <ntddk.h>VOID DriverUnload(IN PDRIVER_OBJECT DriverObject){ KdPrint(("驱动卸载\n")); UNREFERENCED_PARAMETER(DriverObject);}// 创建文件VOID CreateFileTest();// 写入文件VOID WriteFileTest();// 读取文件VOID ReadFileTest();// 读取文件属性VOID ReadF原创 2022-04-05 11:55:56 · 960 阅读 · 0 评论 -
Windows驱动开发-旁视列表操作
#include <ntddk.h>typedef struct _MYDATA{ int number;} MYDATA, *PMYDATA;VOID DriverUnload(IN PDRIVER_OBJECT DriverObject){ UNREFERENCED_PARAMETER(DriverObject); KdPrint(("驱动卸载\n"));}VOID LookAsideListTest(){ int i = 0; PMYDATA pdata[原创 2022-04-03 11:05:14 · 226 阅读 · 0 评论 -
Windows驱动开发-键盘驱动过滤
#include <ntddk.h>extern POBJECT_TYPE IoDriverObjectType;#define KDB_DRIVER_NAME L"\\Driver\\Kdbclass"#define DELAY_ONE_MICROSECOND (-10)#define DELAY_ONE_MILLISECOND (DELAY_ONE_MICROSECOND * 1000)#define DELAY_ONE_SECOND (DELAY_ONE_MILLISECON原创 2022-03-27 14:12:02 · 1390 阅读 · 0 评论 -
windows驱动过滤-串口过滤
#include <ntddk.h>#include <ntstrsafe.h>// 设定计算机上只有32个串口#define CCP_MAX_COM_ID 32#define DELAY_ONE_MICROSECOND (-10)#define DELAY_ONE_MILLISECOND (DELAY_ONE_MICROSECOND * 1000)#define DELAY_ONE_SECOND (DELAY_ONE_MILLISECOND * 1000)// 保原创 2022-03-26 11:30:59 · 510 阅读 · 0 评论 -
Windows驱动开发-服务操作
#include <iostream>#include <Windows.h>#define SER_NAME L"FirstDriver"#define SER_DISPLAY_NAME L"第一个驱动"int main(){ SC_HANDLE hSCM = NULL; SC_HANDLE hSer = NULL; do { hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE原创 2022-03-23 21:38:25 · 302 阅读 · 0 评论 -
Windows驱动开发-DriverEntry入门
// first.c#include <ntddk.h>VOID DriverUnload(PDRIVER_OBJECT DriverObject){ if (DriverObject != NULL) { DbgPrint("[%ws]Driver upload, Driver Object Address: %p", __FUNCTIONW__, DriverObject); }}NTSTATUS DriverEntry(PDRIVER_OBJECT DriverO原创 2022-03-23 19:55:58 · 882 阅读 · 0 评论