EXE部分

head.h

[cpp]?view plaincopy

#include<winioctl.h>?//CTL_CODE??

#define?add_code?CTL_CODE(FILE_DEVICE_UNKNOWN,??0x800,??METHOD_BUFFERED,FILE_ANY_ACCESS)??

#define?sub_code?CTL_CODE(FILE_DEVICE_UNKNOWN,??0x801,??METHOD_BUFFERED,FILE_ANY_ACCESS)??

main.cpp

[cpp]?view plaincopy

#include?<stdio.h>??

#include?<tchar.h>??

#include?<windows.h>??

#include?"head.h"??

??

??

int??add?(HANDLE?hDevice?,int?a,int?b)??

{??

????int?port[2]={a,b};??

????int?bufret=0;??

????ULONG?dwWrite=0;??

????DeviceIoControl(hDevice,add_code,&port,sizeof(port),&bufret,sizeof(bufret),&dwWrite,NULL);??

????return?bufret;??

??

}??

int?main?(void)??

{??

????getchar();??

????getchar();??

????HANDLE?hDevice=CreateFile(TEXT("\\\\.\\My_DriverLinkName"),??

????????GENERIC_READ|GENERIC_WRITE,??

????????0,??

????????NULL,??

????????OPEN_EXISTING,??

????????FILE_ATTRIBUTE_NORMAL,??

????????NULL);??

????if?(hDevice==INVALID_HANDLE_VALUE)??

????{??

????????printf("打開設備失敗\n");??

????????getchar();??

????????getchar();??

????????return?0;??

????}??

????int?k=add(hDevice,11,22);??

????printf("%d\n",k);??

??

??

??

????getchar();??

????getchar();??

??

????return?0;??

} ?

?

SYS部分

head.h

#define add_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED,FILE_ANY_ACCESS) #define sub_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED,FILE_ANY_ACCESS)

#include <ntdef.h> #include <ntddk.h> #include "ctl_code.h" #ifdef __cplusplus extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath); #endif NTSTATUS ddk_DispatchRoutine_CONTROL(IN PDEVICE_OBJECT pDevobj,IN PIRP pIrp ); void TestDDK125096Unload(IN PDRIVER_OBJECT DriverObject); NTSTATUS CreateMyDevice (IN PDRIVER_OBJECT pDriverObject); NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) { DbgPrint("Hello from TestDDK125096!\n"); DriverObject->DriverUnload = TestDDK125096Unload; DriverObject->MajorFunction[IRP_MJ_CREATE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相關IRP處理函數 DriverObject->MajorFunction[IRP_MJ_CLOSE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CLOSE相關IRP處理函數 DriverObject->MajorFunction[IRP_MJ_READ]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_READ相關IRP處理函數 DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_DEVICE_CONTROL相關IRP處理函數 CreateMyDevice(DriverObject);//創建相應的設備 return STATUS_SUCCESS; } void TestDDK125096Unload(IN PDRIVER_OBJECT DriverObject) { DbgPrint("Goodbye from TestDDK125096!\n"); PDEVICE_OBJECT pDev;//用來取得要刪除設備對象 UNICODE_STRING symLinkName; // pDev=DriverObject->DeviceObject; IoDeleteDevice(pDev); //刪除設備 //取符號鏈接名字 RtlInitUnicodeString(&symLinkName,L"\\??\\My_DriverLinkName"); //刪除符號鏈接 IoDeleteSymbolicLink(&symLinkName); KdPrint(("驅動成功被卸載...OK-----------")); //sprintf,printf //取得要刪除設備對象 //刪掉所有設備 DbgPrint("卸載成功"); } NTSTATUS ddk_DispatchRoutine_CONTROL(IN PDEVICE_OBJECT pDevobj,IN PIRP pIrp ) { // ULONG info; //得到當前棧指針 PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp); ULONG mf=stack->MajorFunction;//區分IRP switch (mf) { case IRP_MJ_DEVICE_CONTROL: { KdPrint(("Enter myDriver_DeviceIOControl\n")); NTSTATUS status = STATUS_SUCCESS; //得到輸入緩沖區大小 ULONG cbin = stack->Parameters.DeviceIoControl.InputBufferLength; //得到輸出緩沖區大小 ULONG cbout = stack->Parameters.DeviceIoControl.OutputBufferLength; //得到IOCTL碼 ULONG code = stack->Parameters.DeviceIoControl.IoControlCode; switch (code) { case add_code: { int a,b; KdPrint(("add_code 1111111111111111111\n")); //緩沖區方式IOCTL //獲取緩沖區數據 a,b int * InputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer; _asm { mov eax,InputBuffer mov ebx,[eax] mov a,ebx mov ebx,[eax+4] mov b,ebx } KdPrint(("a=%d,b=%d \n", a,b)); a=a+b; //C、驅動層返回數據至用戶層 //操作輸出緩沖區 int* OutputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer; _asm { mov eax,a mov ebx,OutputBuffer mov [ebx],eax //bufferet=a+b } KdPrint(("a+b=%d \n",a)); //設置實際操作輸出緩沖區長度 info = 4; break; } case sub_code: { break; } }//end code switch break; } case IRP_MJ_CREATE: { break; } case IRP_MJ_CLOSE: { break; } case IRP_MJ_READ: { break; } } //對相應的IPR進行處理 pIrp->IoStatus.Information=info;//設置操作的字節數為0，這里無實際意義 pIrp->IoStatus.Status=STATUS_SUCCESS;//返回成功 IoCompleteRequest(pIrp,IO_NO_INCREMENT);//指示完成此IRP KdPrint(("離開派遣函數\n"));//調試信息 return STATUS_SUCCESS; //返回成功 } NTSTATUS CreateMyDevice (IN PDRIVER_OBJECT pDriverObject) { NTSTATUS status; PDEVICE_OBJECT pDevObj;/*用來返回創建設備*/ //創建設備名稱 UNICODE_STRING devName; UNICODE_STRING symLinkName; // RtlInitUnicodeString(&devName,L"\\Device\\125DDK_Device");/*對devName初始化字串為 "\\Device\\125DDK_Device"*/ //創建設備 status = IoCreateDevice( pDriverObject,\0,\&devName,\FILE_DEVICE_UNKNOWN,\0, TRUE,\&pDevObj);if (!NT_SUCCESS(status)) { if (status==STATUS_INSUFFICIENT_RESOURCES) { KdPrint(("資源不足 STATUS_INSUFFICIENT_RESOURCES")); } if (status==STATUS_OBJECT_NAME_EXISTS ) { KdPrint(("指定對象名存在")); } if (status==STATUS_OBJECT_NAME_COLLISION) { KdPrint(("//對象名有沖突")); } KdPrint(("設備創建失敗...++++++++")); return status; } KdPrint(("設備創建成功...++++++++")); pDevObj->Flags |= DO_BUFFERED_IO; //創建符號鏈接 RtlInitUnicodeString(&symLinkName,L"\\??\\My_DriverLinkName"); status = IoCreateSymbolicLink( &symLinkName,&devName ); if (!NT_SUCCESS(status)) /*status等于0*/ { IoDeleteDevice( pDevObj ); return status; } return STATUS_SUCCESS; }

總結

以上是生活随笔為你收集整理的EXE与SYS通信(缓冲模式)的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。