概述
驱动
#include <ntifs.h>
#include <Windowsx.h>
#define DEVICE_NAME L"\Device\wangliang"
#define SYM_NAME L"\??\wangliang"
#define _COMM_ID 0x12345678//设定一个ID进行对比
typedef struct _CommPackage
{
ULONG64 id;
ULONG64 code;
ULONG64 inData;
ULONG64 inLen;
ULONG64 outData;
ULONG64 outLen;
}CommPackage, * PCommPackage;//自己创建一个包,用于通信
typedef NTSTATUS(NTAPI* CommCallback)(PCommPackage package);//定义了一个结构体指针
CommCallback gCommCallback = NULL;//创建一个新的结构体
typedef struct _Test
{
int x;
}Test, * PTest;
typedef enum _CMD//枚举
{
TEST = 0,
}CMD;
VOID DriverDestoryComm(PDRIVER_OBJECT pDriver)
{
UNICODE_STRING symName = { 0 };
RtlInitUnicodeString(&symName, SYM_NAME);
IoDeleteSymbolicLink(&symName);
if (pDriver->DeviceObject) IoDeleteDevice(pDriver->DeviceObject);
}//销毁符号链接和设备链接
NTSTATUS DefDispatch(DEVICE_OBJECT* DeviceObject, IRP* Irp)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest(Irp, 0);
return STATUS_SUCCESS;
}
NTSTATUS WriteDispatch(DEVICE_OBJECT* DeviceObject, IRP* Irp)
{
DbgBreakPoint();
PIO_STACK_LOCATION ioStack = IoGetCurrentIrpStackLocation(Irp);//返回一个指向IO_STACK_LOCATION结构的指针
NTSTATUS status = STATUS_UNSUCCESSFUL;
int Length = ioStack->Parameters.Write.Length;//要写入的数据长度
if (Length == sizeof(CommPackage) && gCommCallback)//判断这个包是否存在
{
PCommPackage package = Irp->AssociatedIrp.SystemBuffer;
if (package->id == _COMM_ID)//对比ID是不是一样的
if (MmIsAddressValid(package)) status = gCommCallback(package);
}
Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = status;//完成写入
IoCompleteRequest(Irp, 0);
return status;
}
NTSTATUS NTAPI Dispatch(PCommPackage package)
{
NTSTATUS status = STATUS_UNSUCCESSFUL;
switch (package->code)//再来根据编号选择执行不同的指令
{
case TEST:
{
PTest t = (PTest)package->inData;
//t->x = 200;
DbgPrintEx(77, 0, "[db]:%drn", t->x);//观察是否成功写入
status = STATUS_SUCCESS;
}
break;
}
return status;
}
VOID DriverUnload(PDRIVER_OBJECT pDriver)
{
DriverDestoryComm(pDriver);
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriver, PUNICODE_STRING pReg) {
UNICODE_STRING unName = { 0 };
UNICODE_STRING symName = { 0 };
RtlInitUnicodeString(&unName, DEVICE_NAME);
RtlInitUnicodeString(&symName,SYM_NAME);
PDEVICE_OBJECT pDevice = NULL;
NTSTATUS status = IoCreateDevice(pDriver, 0, &unName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDevice);
if (!NT_SUCCESS(status)) {
KdPrintEx((77, 0, "[db]:%xrn", status));
return status;
}
status = IoCreateSymbolicLink(&symName, &unName);
if (!NT_SUCCESS(status)) {
IoDeleteDevice(pDevice);
KdPrintEx((77, 0, "[db]:%xrn",status));
}
pDevice->Flags &= ~DO_DEVICE_INITIALIZING;
pDevice->Flags |= DO_BUFFERED_IO;
pDriver->MajorFunction[IRP_MJ_CREATE] = DefDispatch;
pDriver->MajorFunction[IRP_MJ_CLOSE] = DefDispatch;
pDriver->MajorFunction[IRP_MJ_WRITE] = WriteDispatch;//与之前的过程相仿
if (NT_SUCCESS(status))
{
gCommCallback = Dispatch;
}
pDriver->DriverUnload = DriverUnload;
return STATUS_SUCCESS;
}
R3
#include "stdio.h"
#include <Windows.h>
HANDLE ghDevice;
#define SYM_NAME L"\??\wangliang"
typedef struct _CommPackage
{
ULONG64 id;
ULONG64 code;
ULONG64 inData;
ULONG64 inLen;
ULONG64 outData;
ULONG64 outLen;
}CommPackage, * PCommPackage;
#define _COMM_ID 0x12345678
typedef struct _Test
{
int x;
}Test, * PTest;
typedef enum _CMD
{
TEST = 0,
}CMD;
int main()
{
Test x1 = {0};
x1.x = 100;
ghDevice = CreateFileW(SYM_NAME, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (ghDevice == NULL || ghDevice == INVALID_HANDLE_VALUE)
{
ghDevice = NULL;
return 0;
}
CommPackage packag;
packag.code = TEST;
packag.inData = (ULONG64)&x1;
packag.inLen = (ULONG64)4;
packag.outData = (ULONG64)NULL;
packag.outLen = (ULONG64)NULL;
DWORD pro = NULL;
packag.id = _COMM_ID;//构造结构体
WriteFile(ghDevice, &packag, sizeof(CommPackage), &pro, NULL);//往驱动空间里面写
printf("%xrn",x1.x);
system("pause");
return 0;
}
结果
成功完成写入操作
最后
以上就是孤独荔枝为你收集整理的驱动与R3的通信 -自定义包驱动R3结果的全部内容,希望文章能够帮你解决驱动与R3的通信 -自定义包驱动R3结果所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复