EXE部分

[cpp]?view plaincopy

#include?<stdio.h>??

#include?<Windows.h>??

??

int?main?(void)??

{??

????char?linkname[]="\\\\.\\HelloDDK";??

????HANDLE?hDevice?=?CreateFileA(linkname,GENERIC_READ?|?GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);??

????if?(hDevice?==?INVALID_HANDLE_VALUE)??

????{??

????????printf("Win32?error?code:?%d\n",GetLastError());??

????????return?1;??

????}??

??

????UCHAR?buffer[10]={0};??

????ULONG?ulRead=0;??

????if?(ReadFile(hDevice,buffer,10,&ulRead,NULL))??

????{??

????????printf("Read?%d?bytes:",ulRead);??

????????for?(int?i=0;i<(int)ulRead;i++)??

????????{??

????????????printf("%02X?",buffer[i]);??

????????}??

????????printf("\n");??

????}??

????getchar();??

????getchar();??

??

????ulRead=0;??

????if?(WriteFile(hDevice,buffer,10,&ulRead,NULL))??

????{??

????????printf("write?%d?bytes\n",ulRead);??

????????for?(int?i=0;i<(int)ulRead;i++)??

????????{??

????????????printf("%02X?",buffer[i]);??

????????}??

????????printf("\n");??

????}??

??

????CloseHandle(hDevice);??

??

????getchar();??

????getchar();??

????return?0;??

}??

?

SYS部分

[cpp]?view plaincopy

#pragma?once??

??

#include?<ntddk.h>??

#define?CountArray(Array)??(????sizeof(Array)???/???sizeof(Array[0])????)??

??

typedef?struct?_DEVICE_EXTENSION??

{??

????PDEVICE_OBJECT?pDevice;?????????????????????????????????????//設備對象??

????UNICODE_STRING?ustrDeviceName;??????????????????//設備名稱??

????UNICODE_STRING?ustrSymLinkName;?????????????????//符號名稱??

}DEVICE_EXTENSION,*PDEVICE_EXTENSION;??

??

??

??

#ifdef?__cplusplus??

extern?"C"?NTSTATUS?DriverEntry(IN?PDRIVER_OBJECT?DriverObject,?IN?PUNICODE_STRING??RegistryPath);??

#endif??

??

void?HelloUnload(IN?PDRIVER_OBJECT?DriverObject);???????????????????????????????????????????????????????//卸載函數??

NTSTATUS?CreateDevice(PDRIVER_OBJECT?PDevObj);??????????????????????????????????????????????????//創建設備??

NTSTATUS?HelloDDKDispatchRoutine(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrp);???//派遣函數??

NTSTATUS?HelloDDKRead(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP);??????????????????????//讀請求派遣函數??

NTSTATUS?HelloDDKWrite(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP);?????????????????????//寫請求派遣函數??

?

?

[cpp]?view plaincopy

#include?"hello.h"??

??

NTSTATUS?DriverEntry(IN?PDRIVER_OBJECT?DriverObject,?IN?PUNICODE_STRING??RegistryPath)??

{??

????????DbgPrint("Hello?from!\n");??

????????DriverObject->DriverUnload?=?HelloUnload;??

????????for?(int?i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)??

????????{??

????????????DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;??

????????}??

????????DriverObject->MajorFunction[IRP_MJ_READ]=HelloDDKRead;???????????//設置讀派遣函數??

????????DriverObject->MajorFunction[IRP_MJ_WRITE]=HelloDDKWrite;?????//設置寫派遣函數??

??

??

#if?DBG??

????????_asm?int?3??

#endif??

????????//創建設備??

????????CreateDevice(DriverObject);??

??

????????return?STATUS_SUCCESS;??

}??

??

//讀派遣函數??

NTSTATUS?HelloDDKRead(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP)??

{??

#if?DBG??

????_asm?int?3??

#endif??

??

????NTSTATUS?status=STATUS_SUCCESS;??

??

????PIO_STACK_LOCATION?stack=IoGetCurrentIrpStackLocation(pIrP);??

????ULONG?ulReadLength=stack->Parameters.Read.Length;??

??

????ULONG?mdl_length=MmGetMdlByteCount(pIrP->MdlAddress);????????????????????//獲取緩沖區的長度??

????PVOID??mdl_address=MmGetMdlVirtualAddress(pIrP->MdlAddress);?????//獲取緩沖區的虛擬地址??

????ULONG?mdl_offset=MmGetMdlByteOffset(pIrP->MdlAddress);???????????????????//返回緩沖區的偏移??

??

????if?(mdl_length!=ulReadLength)??

????{??

????????//MDL的長度應該和讀長度相等，否則該操作應該設為不成功??

????????pIrP->IoStatus.Information=0;??

????????status=STATUS_UNSUCCESSFUL;??

????}??

????else??

????{??

????????//用那個MmGetSystemAddressForMdlSafe得到在內核模式下的影射??

????????PVOID?kernel_address=MmGetSystemAddressForMdlSafe(pIrP->MdlAddress,NormalPagePriority);??

????????DbgPrint("address0X%08X\n",kernel_address);??

????????memset(kernel_address,0XAA,ulReadLength);??

????????pIrP->IoStatus.Information=ulReadLength;??

????}??

??

????//完成IRP??

????pIrP->IoStatus.Status=status;????????????????????????????????????????????????????????????????????//設置完成狀態??

????IoCompleteRequest(pIrP,IO_NO_INCREMENT);????????????????????????????????????????//完成IRP??

??

????return?status;??

}??

??

//寫派遣函數??

NTSTATUS?HelloDDKWrite(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP)??

{??

#if?DBG??

????_asm?int?3??

#endif??

??

????NTSTATUS?status=STATUS_SUCCESS;??

??

????PIO_STACK_LOCATION?stack=IoGetCurrentIrpStackLocation(pIrP);??

????ULONG?ulWriteLength=stack->Parameters.Write.Length;??

??

????ULONG?mdl_length=MmGetMdlByteCount(pIrP->MdlAddress);????????????????????//獲取緩沖區的長度??

????PVOID??mdl_address=MmGetMdlVirtualAddress(pIrP->MdlAddress);?????//獲取緩沖區的虛擬地址??

????ULONG?mdl_offset=MmGetMdlByteOffset(pIrP->MdlAddress);???????????????????//返回緩沖區的偏移??

??

????if?(mdl_length!=ulWriteLength)??

????{??

????????//MDL的長度應該和讀長度相等，否則該操作應該設為不成功??

????????pIrP->IoStatus.Information=0;??

????????status=STATUS_UNSUCCESSFUL;??

????}??

????else??

????{??

????????//用那個MmGetSystemAddressForMdlSafe得到在內核模式下的影射??

????????PVOID?kernel_address=MmGetSystemAddressForMdlSafe(pIrP->MdlAddress,NormalPagePriority);??

????????DbgPrint("address0X%08X\n",kernel_address);??

????????UCHAR?buffer[10]={0};??

????????memcpy(buffer,kernel_address,ulWriteLength);??

????????for?(int?i=0;i<(int)ulWriteLength;i++)??

????????{??

????????????DbgPrint("%02x\n",buffer[i]);??

????????}??

????????memset(kernel_address,0XAA,ulWriteLength);??

????????pIrP->IoStatus.Information=ulWriteLength;??

????}??

??

??

????//完成IRP??

????pIrP->IoStatus.Status=status;????????????????????????????????????????????????????????????????????//設置完成狀態??

????IoCompleteRequest(pIrP,IO_NO_INCREMENT);????????????????????????????????????????//完成IRP??

??

????return?status;??

}??

??

//卸載函數??

void?HelloUnload(IN?PDRIVER_OBJECT?DriverObject)??

{??

????????DbgPrint("Goodbye?from!\n");??

????????PDEVICE_OBJECT?pNextObj=NULL;??

????????pNextObj=DriverObject->DeviceObject;??

??

????????while?(pNextObj)??

????????{??

????????????PDEVICE_EXTENSION?pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;??

????????????//刪除符號連接??

????????????IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);??

????????????//刪除設備??

????????????IoDeleteDevice(pDevExt->pDevice);??

??

????????????pNextObj=pNextObj->NextDevice;??

????????}??

}??

??

//創建設備??

NTSTATUS?CreateDevice(PDRIVER_OBJECT?pDriver_Object)??

{??

????//定義變量??

????NTSTATUS?status=STATUS_SUCCESS;??

????PDEVICE_OBJECT?pDevObje=NULL;??

????PDEVICE_EXTENSION?pDevExt=NULL;??

??

????//初始化字符串??

????UNICODE_STRING?devname;??

????UNICODE_STRING?symLinkName;??

????RtlInitUnicodeString(&devname,L"\\device\\hello");??

????RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");??

??

????//創建設備??

????if?(IoCreateDevice(pDriver_Object,sizeof(PDEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObje)!=STATUS_SUCCESS?)??

????{??

????????DbgPrint("創建設備失敗\n");??

????????return?status;??

????}??

??

????//設置讀寫方式??

????pDevObje->Flags?|=?DO_DIRECT_IO;?????????????//直接讀取設備??

????pDevExt=(PDEVICE_EXTENSION)pDevObje->DeviceExtension;??

????pDevExt->pDevice=pDevObje;??

????pDevExt->ustrDeviceName=devname;??

????pDevExt->ustrSymLinkName=symLinkName;??

??

????//創建符號連接??

????if?(IoCreateSymbolicLink(&symLinkName,&devname)!=STATUS_SUCCESS?)??

????{??

????????DbgPrint("創建符號連接失敗\n");??

????????IoDeleteDevice(pDevObje);??

????????return?status;??

????}??

????return?STATUS_SUCCESS;??

}??

??

//派遣函數??

NTSTATUS?HelloDDKDispatchRoutine(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP)??

{??

#if?DBG??

????_asm?int?3??

#endif??

??

????PIO_STACK_LOCATION?stack?=?IoGetCurrentIrpStackLocation(pIrP);??

????//建立一個字符串數組與IRP類型對應起來??

????static?char*?irpname[]?=???

????{??

????????"IRP_MJ_CREATE",??

????????"IRP_MJ_CREATE_NAMED_PIPE",??

????????"IRP_MJ_CLOSE",??

????????"IRP_MJ_READ",??

????????"IRP_MJ_WRITE",??

????????"IRP_MJ_QUERY_INFORMATION",??

????????"IRP_MJ_SET_INFORMATION",??

????????"IRP_MJ_QUERY_EA",??

????????"IRP_MJ_SET_EA",??

????????"IRP_MJ_FLUSH_BUFFERS",??

????????"IRP_MJ_QUERY_VOLUME_INFORMATION",??

????????"IRP_MJ_SET_VOLUME_INFORMATION",??

????????"IRP_MJ_DIRECTORY_CONTROL",??

????????"IRP_MJ_FILE_SYSTEM_CONTROL",??

????????"IRP_MJ_DEVICE_CONTROL",??

????????"IRP_MJ_INTERNAL_DEVICE_CONTROL",??

????????"IRP_MJ_SHUTDOWN",??

????????"IRP_MJ_LOCK_CONTROL",??

????????"IRP_MJ_CLEANUP",??

????????"IRP_MJ_CREATE_MAILSLOT",??

????????"IRP_MJ_QUERY_SECURITY",??

????????"IRP_MJ_SET_SECURITY",??

????????"IRP_MJ_POWER",??

????????"IRP_MJ_SYSTEM_CONTROL",??

????????"IRP_MJ_DEVICE_CHANGE",??

????????"IRP_MJ_QUERY_QUOTA",??

????????"IRP_MJ_SET_QUOTA",??

????????"IRP_MJ_PNP",??

????};??

??

????UCHAR?type?=?stack->MajorFunction;??

??

????if?(type?>=?CountArray(irpname))??

????????KdPrint(("無效的IRP類型?%X\n",?type));??

????else??

????????KdPrint(("%s\n",?irpname[type]));??

??

??

??

??

????pIrP->IoStatus.Status=STATUS_SUCCESS;????????????????????//設置完成狀態??

????pIrP->IoStatus.Information=0;????????????????????????????????????????//設置操作字節為0??

????IoCompleteRequest(pIrP,IO_NO_INCREMENT);????????????//結束IRP派遣函數，第二個參數表示不增加優先級??

????return?STATUS_SUCCESS;??

}??

總結

以上是生活随笔為你收集整理的EXE和SYS通信(ReadFile WriteFile DO_DIRECT_IO) 直接方式的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。