生活随笔
收集整理的這篇文章主要介紹了
EXE和SYS通信(ReadFile WriteFile) 其他方式
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
EXE部分
[cpp]?view plaincopy
#include?<stdio.h>?? #include?<Windows.h>?? ?? int?main?(void)?? {?? ????char?linkname[]="\\\\.\\HelloDDK";?? ????HANDLE?hDevice?=?CreateFileA(linkname,GENERIC_READ?|?GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);?? ????if?(hDevice?==?INVALID_HANDLE_VALUE)?? ????{?? ????????printf("Win32?error?code:?%d\n",GetLastError());?? ????????return?1;?? ????}?? ?? ????UCHAR?buffer[10]={0};?? ????ULONG?ulRead=0;?? ????if?(ReadFile(hDevice,buffer,10,&ulRead,NULL))?? ????{?? ????????printf("Read?%d?bytes:",ulRead);?? ????????for?(int?i=0;i<(int)ulRead;i++)?? ????????{?? ????????????printf("%02X?",buffer[i]);?? ????????}?? ????????printf("\n");?? ????}?? ????getchar();?? ????getchar();?? ?? ????ulRead=0;?? ????if?(WriteFile(hDevice,buffer,10,&ulRead,NULL))?? ????{?? ????????printf("write?%d?bytes\n",ulRead);?? ????????for?(int?i=0;i<(int)ulRead;i++)?? ????????{?? ????????????printf("%02X?",buffer[i]);?? ????????}?? ????????printf("\n");?? ????}?? ?? ????CloseHandle(hDevice);?? ?? ????getchar();?? ????getchar();?? ????return?0;?? }??
?
?
SYS部分
[cpp]?view plaincopy
#pragma?once?? ?? #include?<ntddk.h>?? #define?CountArray(Array)??(????sizeof(Array)???/???sizeof(Array[0])????)?? ?? #define?MAX_FILE_LENGTH?1024?? ?? typedef?struct?_DEVICE_EXTENSION?? {?? ????PDEVICE_OBJECT?pDevice;??????????????????????????????????????? ????UNICODE_STRING?ustrDeviceName;???????????????????? ????UNICODE_STRING?ustrSymLinkName;??????????????????? ?? ????PUCHAR??????buffer;??????????????????????????????????????????????????? ????ULONG???????file_length;?????????????????????????????????????????????? }DEVICE_EXTENSION,*PDEVICE_EXTENSION;?? ?? ?? ?? #ifdef?__cplusplus?? extern?"C"?NTSTATUS?DriverEntry(IN?PDRIVER_OBJECT?DriverObject,?IN?PUNICODE_STRING??RegistryPath);?? #endif?? ?? void?HelloUnload(IN?PDRIVER_OBJECT?DriverObject);????????????????????????????????????????????????????????? NTSTATUS?CreateDevice(PDRIVER_OBJECT?PDevObj);???????????????????????????????????????????????????? NTSTATUS?HelloDDKDispatchRoutine(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrp);????? NTSTATUS?HelloDDKRead(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP);???????????????????????? NTSTATUS?HelloDDKWrite(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP);???????????????????????
?
[cpp]?view plaincopy
#include?"hello.h"?? ?? NTSTATUS?DriverEntry(IN?PDRIVER_OBJECT?DriverObject,?IN?PUNICODE_STRING??RegistryPath)?? {?? ????????DbgPrint("Hello?from!\n");?? ????????DriverObject->DriverUnload?=?HelloUnload;?? ????????for?(int?i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)?? ????????{?? ????????????DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;?? ????????}?? ????????DriverObject->MajorFunction[IRP_MJ_READ]=HelloDDKRead;????????????? ????????DriverObject->MajorFunction[IRP_MJ_WRITE]=HelloDDKWrite;??????? ?? ?? ?? ?? ?? ?????????? ????????CreateDevice(DriverObject);?? ?? ????????return?STATUS_SUCCESS;?? }?? ?? ?? NTSTATUS?HelloDDKRead(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP)?? {?? ?? ?? ?? ????PDEVICE_EXTENSION?pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;?? ????NTSTATUS?status=STATUS_SUCCESS;?? ?? ????PIO_STACK_LOCATION?stack=IoGetCurrentIrpStackLocation(pIrP);?????????????????????????????? ????ULONG?ulReadLength=stack->Parameters.Read.Length;?????????????????????????????????????????????? ????ULONG?ulReadOffset=(ULONG)stack->Parameters.Read.ByteOffset.QuadPart;?????? ????PVOID?user_address=pIrP->UserBuffer;??????????????????????????????????????????????????????????????????????????? ?? ????if?(user_address==NULL)?? ????{?? ????????ASSERT(FALSE);?? ?????????? ????????pIrP->IoStatus.Status=STATUS_UNSUCCESSFUL;????????????????????????????????????? ????????pIrP->IoStatus.Information=0;?????????????????????????????????????????????????????????????????????? ????????IoCompleteRequest(pIrP,IO_NO_INCREMENT);?????????????????????????????????????????? ????????return?status;?? ????}?? ????DbgPrint("0X%0X\n",user_address);?? ?? ????__try?? ????{?? ?????????????? ????????ProbeForWrite(user_address,ulReadLength,4);?? ????????memset(user_address,0XAA,ulReadLength);?? ????????DbgPrint("測試下");?? ????}?? ????__except(EXCEPTION_EXECUTE_HANDLER)?? ????{?? ????????DbgPrint("打我PG我不乖\n");?? ????????status=STATUS_UNSUCCESSFUL;?? ????}?? ?? ?????? ????pIrP->IoStatus.Status=status;?????????????????????????????????????????????????????????????????????? ????pIrP->IoStatus.Information=ulReadLength;??????????????????????????????????????????? ????IoCompleteRequest(pIrP,IO_NO_INCREMENT);?????????????????????????????????????????? ?? ????return?status;?? }?? ?? ?? NTSTATUS?HelloDDKWrite(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP)?? {?? ?? ?? ?? ????PDEVICE_EXTENSION?pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;?? ????NTSTATUS?status=STATUS_SUCCESS;?? ?? ????PIO_STACK_LOCATION?stack=IoGetCurrentIrpStackLocation(pIrP);?? ????ULONG?ulWriteLength=stack->Parameters.Read.Length;????????????????????????????????????????????? ????ULONG?ulReadOffset=(ULONG)stack->Parameters.Read.ByteOffset.QuadPart;?????? ????PVOID?user_address=pIrP->UserBuffer;??????????????????????????????????????????????????????????????????????????? ?? ????if?(user_address==NULL)?? ????{?? ????????ASSERT(FALSE);?? ?????????? ????????pIrP->IoStatus.Status=STATUS_UNSUCCESSFUL;????????????????????????????????????? ????????pIrP->IoStatus.Information=0;?????????????????????????????????????????????????????????????????????? ????????IoCompleteRequest(pIrP,IO_NO_INCREMENT);?????????????????????????????????????????? ????????return?status;?? ????}?? ????DbgPrint("0X%0X\n",user_address);?? ?? ????__try?? ????{?? ?????????? ????????ProbeForWrite(user_address,ulWriteLength,4);?? ?? ????????UCHAR?buffer[10]={0};?? ????????memcpy(buffer,user_address,ulWriteLength);?? ????????for?(int?i=0;i<(int)ulWriteLength;i++)?? ????????{?? ????????????DbgPrint("%02x\n",buffer[i]);?? ????????}?? ?? ????????memset(user_address,0XAA,ulWriteLength);?? ?? ????????DbgPrint("測試下");?? ????}?? ????__except(EXCEPTION_EXECUTE_HANDLER)?? ????{?? ????????DbgPrint("打我PG我不乖\n");?? ????????status=STATUS_UNSUCCESSFUL;?? ????}?? ?? ?????? ????pIrP->IoStatus.Status=status;?????????????????????????????????????????????????????????????????????? ????pIrP->IoStatus.Information=ulWriteLength;?????????????????????????????????????????????? ????IoCompleteRequest(pIrP,IO_NO_INCREMENT);?????????????????????????????????????????? ?? ????return?status;?? }?? ?? ?? void?HelloUnload(IN?PDRIVER_OBJECT?DriverObject)?? {?? ????????DbgPrint("Goodbye?from!\n");?? ????????PDEVICE_OBJECT?pNextObj=NULL;?? ????????pNextObj=DriverObject->DeviceObject;?? ?? ????????while?(pNextObj)?? ????????{?? ????????????PDEVICE_EXTENSION?pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;?? ?????????????? ????????????if?(pDevExt->buffer)?? ????????????{?? ????????????????ExFreePool(pDevExt->buffer);?? ????????????????pDevExt->buffer=NULL;?? ????????????}?? ?????????????? ????????????IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);?? ?????????????? ????????????IoDeleteDevice(pDevExt->pDevice);?? ????????????pNextObj=pNextObj->NextDevice;?? ????????}?? }?? ?? ?? NTSTATUS?CreateDevice(PDRIVER_OBJECT?pDriver_Object)?? {?? ?????? ????NTSTATUS?status=STATUS_SUCCESS;?? ????PDEVICE_OBJECT?pDevObje=NULL;?? ????PDEVICE_EXTENSION?pDevExt=NULL;?? ?? ?????? ????UNICODE_STRING?devname;?? ????UNICODE_STRING?symLinkName;?? ????RtlInitUnicodeString(&devname,L"\\device\\hello");?? ????RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");?? ?? ?????? ????if?(IoCreateDevice(pDriver_Object,sizeof(PDEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObje)!=STATUS_SUCCESS?)?? ????{?? ????????DbgPrint("創建設備失敗\n");?? ????????return?status;?? ????}?? ?? ????pDevExt=(PDEVICE_EXTENSION)pDevObje->DeviceExtension;?? ????pDevExt->pDevice=pDevObje;?? ????pDevExt->ustrDeviceName=devname;?? ????pDevExt->ustrSymLinkName=symLinkName;?? ?? ?????? ????pDevExt->buffer=(PUCHAR)ExAllocatePool(PagedPool,MAX_FILE_LENGTH);?? ????pDevExt->file_length=0;?? ?? ????if?(pDevExt->buffer==NULL)?? ????{?? ????????DbgPrint("內存分配失敗\n");?? ????}?? ?? ?? ?????? ????if?(IoCreateSymbolicLink(&symLinkName,&devname)!=STATUS_SUCCESS?)?? ????{?? ????????DbgPrint("創建符號連接失敗\n");?? ????????IoDeleteDevice(pDevObje);?? ????????return?status;?? ????}?? ????return?STATUS_SUCCESS;?? }?? ?? ?? NTSTATUS?HelloDDKDispatchRoutine(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP)?? {?? ?? ?? ?? ?? ????PIO_STACK_LOCATION?stack?=?IoGetCurrentIrpStackLocation(pIrP);?? ?????? ????static?char*?irpname[]?=??? ????{?? ????????"IRP_MJ_CREATE",?? ????????"IRP_MJ_CREATE_NAMED_PIPE",?? ????????"IRP_MJ_CLOSE",?? ????????"IRP_MJ_READ",?? ????????"IRP_MJ_WRITE",?? ????????"IRP_MJ_QUERY_INFORMATION",?? ????????"IRP_MJ_SET_INFORMATION",?? ????????"IRP_MJ_QUERY_EA",?? ????????"IRP_MJ_SET_EA",?? ????????"IRP_MJ_FLUSH_BUFFERS",?? ????????"IRP_MJ_QUERY_VOLUME_INFORMATION",?? ????????"IRP_MJ_SET_VOLUME_INFORMATION",?? ????????"IRP_MJ_DIRECTORY_CONTROL",?? ????????"IRP_MJ_FILE_SYSTEM_CONTROL",?? ????????"IRP_MJ_DEVICE_CONTROL",?? ????????"IRP_MJ_INTERNAL_DEVICE_CONTROL",?? ????????"IRP_MJ_SHUTDOWN",?? ????????"IRP_MJ_LOCK_CONTROL",?? ????????"IRP_MJ_CLEANUP",?? ????????"IRP_MJ_CREATE_MAILSLOT",?? ????????"IRP_MJ_QUERY_SECURITY",?? ????????"IRP_MJ_SET_SECURITY",?? ????????"IRP_MJ_POWER",?? ????????"IRP_MJ_SYSTEM_CONTROL",?? ????????"IRP_MJ_DEVICE_CHANGE",?? ????????"IRP_MJ_QUERY_QUOTA",?? ????????"IRP_MJ_SET_QUOTA",?? ????????"IRP_MJ_PNP",?? ????};?? ?? ????UCHAR?type?=?stack->MajorFunction;?? ?? ????if?(type?>=?CountArray(irpname))?? ????????KdPrint(("無效的IRP類型?%X\n",?type));?? ????else?? ????????KdPrint(("%s\n",?irpname[type]));?? ?? ?? ?? ?? ????pIrP->IoStatus.Status=STATUS_SUCCESS;?????????????????????? ????pIrP->IoStatus.Information=0;?????????????????????????????????????????? ????IoCompleteRequest(pIrP,IO_NO_INCREMENT);?????????????? ????return?STATUS_SUCCESS;?? }?
總結
以上是生活随笔為你收集整理的EXE和SYS通信(ReadFile WriteFile) 其他方式的全部內容,希望文章能夠幫你解決所遇到的問題。
如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。
