0环代码
#include<ntifs.h>
//设备对象名称
#define DEVICE_NAME L"\\device\\Helloworld"
//符号链接名称
#define LINK_NAME L"\\dosdevices\\whitebird"
VOID DriverUnload(PDRIVER_OBJECT pDriver) {
//符号链接名称
UNICODE_STRING uLinkName = { 0 };
//初始化符号链接名称
RtlInitUnicodeString(&uLinkName, LINK_NAME);
//删除符号链接
IoDeleteSymbolicLink(&uLinkName);
//删除设备对象
IoDeleteDevice(pDriver->DeviceObject);
DbgPrint("Unload success!\n");
}
//IRP派遣函数-默认处理
NTSTATUS DispatchCommon (PDEVICE_OBJECT pDeviceObject,PIRP pIrp){
DbgPrint("Patched Success");
//设置IRP处理成功,告诉3环
pIrp->IoStatus.Status = STATUS_SUCCESS;
//设置返回的字节数
pIrp->IoStatus.Information = 0;
//结束IRP处理流程
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
//IRP派遣函数-写入Write
NTSTATUS DispatchWrite(PDEVICE_OBJECT pDeviceObject, PIRP pIrp) {
//缓冲区指针
PVOID pWriteBuffer = NULL;
//缓冲区长度
ULONG uWriteLength = 0;
//栈指针
PIO_STACK_LOCATION pStack = NULL;
//获取Buffer
pWriteBuffer = pIrp->AssociatedIrp.SystemBuffer;
//获取IRP栈结构
pStack = IoGetCurrentIrpStackLocation(pIrp);
//获取长度
uWriteLength = pStack->Parameters.Write.Length;
//打印数据
DbgPrint("%ws", pWriteBuffer);
//设置IRP处理成功,告诉3环
pIrp->IoStatus.Status = STATUS_SUCCESS;
//设置返回的字节数
pIrp->IoStatus.Information = uWriteLength;
//结束IRP处理流程
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
//IRP派遣函数-读取Read
NTSTATUS DispatchRead(PDEVICE_OBJECT pDeviceObject, PIRP pIrp) {
//缓冲区指针
PVOID pReadBuffer = NULL;
//读取的长度
ULONG uReadLength = 0;
//IRP栈的结构指针
PIO_STACK_LOCATION pStack = NULL;
//获取缓冲区位置
pReadBuffer = pIrp->AssociatedIrp.SystemBuffer;
//获取当前层的一个IRP栈结构
pStack = IoGetCurrentIrpStackLocation(pIrp);
//获取读写长度
uReadLength = pStack->Parameters.Read.Length;
//字符串
char* str = "hello world";
//计算字符串长度
ULONG uLength = strlen(str)+1;
//判断一下实际读取的长度
ULONG uMinLength = 0;
uMinLength = uReadLength > uLength ? uLength : uReadLength;
//拷数据
RtlCopyMemory(pReadBuffer, str, uMinLength);
//设置IRP处理成功,告诉3环
pIrp->IoStatus.Status = STATUS_SUCCESS;
//设置返回的字节数
pIrp->IoStatus.Information = uMinLength;
//结束IRP处理流程
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegPath) {//驱动对象指针,注册表路径 DriverEntry不能改
//注册卸载函数,作用是指定用哪个函数来完成卸载
pDriverObject->DriverUnload = DriverUnload;
//返回状态
NTSTATUS ntStatus = 0;
//设备对象
UNICODE_STRING uDevicename = { 0 };
//符号链接名称
UNICODE_STRING uLinkName = { 0 };
//初始化设备对象
RtlInitUnicodeString(&uDevicename, DEVICE_NAME);
//初始化符号链接名称
RtlInitUnicodeString(&uLinkName, LINK_NAME);
//设备对象
PDEVICE_OBJECT pDeviceObject = NULL;
//创建设备对象
ntStatus=IoCreateDevice(pDriverObject, 0, &uDevicename, FILE_DEVICE_UNKNOWN, 0, TRUE, &pDeviceObject);
//判断设备对象是否创建成功
if (!NT_SUCCESS(ntStatus))
{
DbgPrint("IoCreateDevice failed:%x", ntStatus);
return ntStatus;
}
//通讯方式
// 1.DO_BUFFERED_IO基于缓存
// 2.DO_DIRECT_IO 直接读写
// 3.DO_FORCE_NEITHER_IO 两者介不的通信方式 R0直接读R3
pDeviceObject->Flags |= DO_BUFFERED_IO;
//创建符号链接
ntStatus = IoCreateSymbolicLink(&uLinkName, &uDevicename);
//判断符号链接是否创建成功
if (!NT_SUCCESS(ntStatus))
{ //删除设备对象
IoDeleteDevice(&pDeviceObject);
DbgPrint("IoCreateSymbolicLink failed:%x", ntStatus);
return ntStatus;
}
//将所有IRP派遣处理函数,设置为默认处理函数
for (size_t i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
{
pDriverObject->MajorFunction[i] = DispatchCommon;
}
//为IRP_MJ_READ赋派遣函数
pDriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead;
pDriverObject->MajorFunction[IRP_MJ_WRITE] = DispatchWrite;
DbgPrint("Driver Load Success!");
return STATUS_SUCCESS;//状态成功0,一定要有返回值
}
3环代码
-------
#include<stdio.h>
#include<Windows.h>
#define LINK_NAME L"\\\\.\\whitebird"
int main() {
//打开符号链接
HANDLE hDeviceHandle=CreateFile(LINK_NAME, GENERIC_ALL, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
//判断符号链接是否打开成功
if (hDeviceHandle==INVALID_HANDLE_VALUE)
{
printf("Error:%d\n",GetLastError);
system("pause");
return 0;
}
//IRP_MJ_READ
char buffer[256];
ULONG uReadLength = 0;
bool bRet=ReadFile(hDeviceHandle, buffer, 256, &uReadLength, NULL);
if (bRet)
{
printf("Read %d byte!\n", uReadLength);
printf("%s", buffer);
}
ULONG uRetWriteLength = 0;
ULONG uLength = wcslen(L"hello world!") * sizeof(WCHAR)+1;
WriteFile(hDeviceHandle, L"hello world!", uLength,&uRetWriteLength,NULL);
system("pause");
return 0;
}
读写均成功
雷达卡
发表于 
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶