最近根據夢織未來論壇的驅動教程學習了一下Windows下的驅動編程,做個筆記備忘。這是第03課《驅動的編程規范》。
驅動部分包括基本的驅動卸載函數、驅動打開關閉讀取寫入操作最簡單的分發例程。代碼如下:
1 //CreateDevice.c 2 //2016.07.14 3 4 #include "ntddk.h" 5 6 //驅動卸載函數Self 7 VOID MyDriverUnload(PDRIVER_OBJECT pDriverObject) 8 { 9 UNICODE_STRING usSymName; 10 RtlInitUnicodeString(&usSymName, L"\\??\\FirstDevice"); 11 12 //先刪除符號鏈接,后刪除設備對象 13 if (pDriverObject->DeviceObject != NULL) 14 { 15 IoDeleteSymbolicLink(&usSymName); //刪除符號鏈接 16 IoDeleteDevice(pDriverObject->DeviceObject); //刪除設備對象 17 KdPrint(("Delete Device Sucess.")); 18 } 19 } 20 21 //創建設備函數Self 22 NTSTATUS CreateDevice(PDRIVER_OBJECT pDriverObject) 23 { 24 NTSTATUS Status; 25 UNICODE_STRING usDevName; 26 UNICODE_STRING usSymName; 27 PDEVICE_OBJECT pDevObj; //設備對象,用於指向創建的設備 28 29 //DDK API 為UNICODE_STRING賦值的函數 30 RtlInitUnicodeString(&usDevName, L"\\Device\\FirstDevice"); 31 32 //創建設備函數API 創建設備"\\Device\\FirstDevice" 33 //設備創建后,會返回給pDevObj,同時給pDriverObject->DeviceObject賦值 34 //The IoCreateDevice routine creates a device object for use by a driver. 35 /* 36 NTSTATUS IoCreateDevice( 37 _In_ PDRIVER_OBJECT DriverObject, 38 _In_ ULONG DeviceExtensionSize, 39 _In_opt_ PUNICODE_STRING DeviceName, 40 _In_ DEVICE_TYPE DeviceType, 41 _In_ ULONG DeviceCharacteristics, 42 _In_ BOOLEAN Exclusive, 43 _Out_ PDEVICE_OBJECT *DeviceObject 44 ); 45 */ 46 Status = IoCreateDevice(pDriverObject, 47 0, 48 &usDevName, 49 FILE_DEVICE_UNKNOWN, 50 FILE_DEVICE_SECURE_OPEN, 51 TRUE, 52 &pDevObj); 53 if (!NT_SUCCESS(Status)) //檢查返回值 54 { 55 return Status; 56 } 57 58 //DO_BUFFERED_IO or DO_DIRECT_IO 59 //Specifies the type of buffering that is used by the I/O manager for I/O requests that are sent to the device stack. 60 //Higher-level drivers OR this member with the same value as the next-lower driver in the stack, except possibly for highest-level drivers. 61 pDevObj->Flags |= DO_BUFFERED_IO; 62 63 RtlInitUnicodeString(&usSymName, L"\\??\\FirstDevice"); 64 65 //The IoCreateSymbolicLink routine sets up a symbolic link between a device object name and a user-visible name for the device. 66 /* 67 NTSTATUS IoCreateSymbolicLink( 68 _In_ PUNICODE_STRING SymbolicLinkName, 69 _In_ PUNICODE_STRING DeviceName 70 ); 71 */ 72 Status = IoCreateSymbolicLink(&usSymName, &usDevName); //DDK API 創建符號鏈接 73 if (!NT_SUCCESS(Status)) 74 { 75 IoDeleteDevice(pDevObj); //刪除設備對象 76 return Status; 77 } 78 79 return STATUS_SUCCESS; 80 } 81 82 //打開設備的函數 83 NTSTATUS CreateCompleteRoutine(PDRIVER_OBJECT pDriverObject, PIRP pIrp) 84 { 85 NTSTATUS Status; 86 87 Status = STATUS_SUCCESS; 88 89 KdPrint(("Create")); 90 91 //A driver sets an IRP's I/O status block to indicate the final status of an I/O request, before calling IoCompleteRequest for the IRP. 92 93 //This is the completion status, either STATUS_SUCCESS if the requested operation was completed successfully or an informational, warning, or error STATUS_ XXX value. 94 //For more information, see Using NTSTATUS values. 95 pIrp->IoStatus.Status = Status; 96 //This is the completion status, either STATUS_SUCCESS if the requested operation was completed successfully or an informational, warning, or error STATUS_ XXX value. 97 //For more information, see Using NTSTATUS values. 98 pIrp->IoStatus.Information = 0; 99 100 //The IoCompleteRequest routine indicates that the caller has completed all processing for a given I/O request and is returning the given IRP to the I/O manager. 101 //IO_NO_INCREMENT 不再往下層傳遞 102 IoCompleteRequest(pIrp, IO_NO_INCREMENT); 103 return Status; 104 } 105 106 //關閉設備的函數 107 NTSTATUS CloseCompleteRoutine(PDRIVER_OBJECT pDriverObject, PIRP pIrp) 108 { 109 NTSTATUS Status; 110 111 Status = STATUS_SUCCESS; 112 113 KdPrint(("Close")); 114 115 pIrp->IoStatus.Status = Status; 116 pIrp->IoStatus.Information = 0; 117 118 IoCompleteRequest(pIrp, IO_NO_INCREMENT); 119 return Status; 120 } 121 122 //讀取設備的函數 123 NTSTATUS ReadCompleteRoutine(PDRIVER_OBJECT pDriverObject, PIRP pIrp) 124 { 125 NTSTATUS Status; 126 127 Status = STATUS_SUCCESS; 128 129 KdPrint(("Read")); 130 131 pIrp->IoStatus.Status = Status; 132 pIrp->IoStatus.Information = 0; 133 134 IoCompleteRequest(pIrp, IO_NO_INCREMENT); 135 return Status; 136 } 137 138 //寫入設備的函數 139 NTSTATUS WriteCompleteRoutine(PDRIVER_OBJECT pDriverObject, PIRP pIrp) 140 { 141 NTSTATUS Status; 142 143 Status = STATUS_SUCCESS; 144 145 KdPrint(("Write")); 146 147 pIrp->IoStatus.Status = Status; 148 pIrp->IoStatus.Information = 0; 149 150 IoCompleteRequest(pIrp, IO_NO_INCREMENT); 151 return Status; 152 } 153 154 //驅動程序入口函數 155 NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath) 156 { 157 //輸出信息 158 //DbgPrint("1111"); 159 160 161 NTSTATUS Status; 162 Status = CreateDevice(pDriverObject); //創建設備對象和符號鏈接 163 if (!NT_SUCCESS(Status)) 164 { 165 KdPrint(("Create Device Failed.")); 166 } else { 167 KdPrint(("Create Device Sucess.")); 168 KdPrint(("%wZ", pRegistryPath)); 169 } 170 171 //打開關閉讀取寫入的分發例程賦值 172 pDriverObject->MajorFunction[IRP_MJ_CREATE] = (PDRIVER_DISPATCH)CreateCompleteRoutine; //打開設備 173 pDriverObject->MajorFunction[IRP_MJ_CLOSE] = (PDRIVER_DISPATCH)CloseCompleteRoutine; //關閉設備 174 pDriverObject->MajorFunction[IRP_MJ_READ] = (PDRIVER_DISPATCH)ReadCompleteRoutine; //讀取設備 175 pDriverObject->MajorFunction[IRP_MJ_WRITE] = (PDRIVER_DISPATCH)WriteCompleteRoutine; //寫入設備 176 177 //驅動卸載函數賦值 178 pDriverObject->DriverUnload = MyDriverUnload; 179 180 return STATUS_SUCCESS; 181 }
應用層采用了MFC創建了一個窗口,窗口有三個按鈕:Create、Read、Write。界面如下:
其中Create按鈕的處理函數如下:
1 void CCheckMyDriverDlg::OnCreateButton() 2 { 3 // TODO: 在此添加控件通知處理程序代碼 4 HANDLE hFile = CreateFileW(L"\\\\.\\FirstDevice", 5 FILE_ALL_ACCESS, 6 0, 7 NULL, 8 OPEN_EXISTING, 9 FILE_ATTRIBUTE_NORMAL, 10 NULL); 11 if (hFile == INVALID_HANDLE_VALUE) 12 { 13 AfxMessageBox (L"Open Device Failed."); 14 return; 15 } 16 17 CloseHandle (hFile); 18 }
Read按鈕的處理函數如下:
1 void CCheckMyDriverDlg::OnReadButton() 2 { 3 // TODO: 在此添加控件通知處理程序代碼 4 HANDLE hFile = CreateFileW(L"\\\\.\\FirstDevice", 5 FILE_ALL_ACCESS, 6 0, 7 NULL, 8 OPEN_EXISTING, 9 FILE_ATTRIBUTE_NORMAL, 10 NULL); 11 if (hFile == INVALID_HANDLE_VALUE) 12 { 13 AfxMessageBox (L"Open Device Failed."); 14 return; 15 } 16 17 wchar_t Buffer[MAX_PATH] = {0}; 18 DWORD len = 0; 19 if (!ReadFile (hFile, Buffer, MAX_PATH-1, &len, NULL)) 20 { 21 AfxMessageBox (L"Read Device Failed."); 22 return; 23 } 24 25 CloseHandle (hFile); 26 27 }
Write按鈕的處理函數如下:
1 void CCheckMyDriverDlg::OnWriteButton() 2 { 3 // TODO: 在此添加控件通知處理程序代碼 4 HANDLE hFile = CreateFileW(L"\\\\.\\FirstDevice", 5 FILE_ALL_ACCESS, 6 0, 7 NULL, 8 OPEN_EXISTING, 9 FILE_ATTRIBUTE_NORMAL, 10 NULL); 11 if (hFile == INVALID_HANDLE_VALUE) 12 { 13 AfxMessageBox (L"Open Device Failed."); 14 return; 15 } 16 17 wchar_t Buffer[MAX_PATH] = L"What The Fuck, Man ?"; 18 DWORD len; 19 if (!WriteFile (hFile, Buffer, MAX_PATH, &len, NULL)) 20 { 21 AfxMessageBox (L"Write Device Failed."); 22 return; 23 } 24 25 CloseHandle (hFile); 26 27 }
以下為操作部分:
將生成的FirstDevice.sys文件復制到XP虛擬機下,使用驅動加載工具InstDrv安裝並啟動驅動后,在Dbgview工具內有如下輸出信息:
並能夠找到相應注冊表,使用WinObj工具查看設備對象\\Device\\FirstDevice:
然后查看符號鏈接\\??\\FirstDevice:
使用InstDrv停止此驅動時輸出:
期間並未出現藍屏問題
安裝驅動程序后,使用上面寫的MFC程序CheckMyDriver.exe,點擊Create按鈕后,輸出
點擊Read按鈕后,輸出:
點擊Write按鈕后,輸出:
以上操作均為出現藍屏。本課結束。
由於本人剛開始學習驅動程序,實力有限,可能對於某些地方的理解並不正確,希望大家能提出意見建議,共同學習,共同進步。
最后謝謝大家的支持。
2016-07-14 14:58:13