說明

沒什么特別的，只是用來測試在WIN10上寫驅(qū)動，包含最基本的通信代碼。
又水了一篇博客，哈哈哈。
注意驅(qū)動路徑發(fā)生改變時，不要忘了修改注冊表的值。
https://blog.csdn.net/Kwansy/article/details/113182501

驅(qū)動

#include <ntddk.h>#define DEVICE_NAME L"\\device\\ntdrv" #define LINK_NAME L"\\dosdevices\\ntdrv"#define IOCTRL_BASE 0x800#define MYIOCTRL_CODE(i) \CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTRL_BASE+i, METHOD_BUFFERED,FILE_ANY_ACCESS)#define CTL_PRINT MYIOCTRL_CODE(0)// 通用的分發(fā)函數(shù) NTSTATUS DispatchCommon(PDEVICE_OBJECT pObject, PIRP pIrp) {pIrp->IoStatus.Status = STATUS_SUCCESS; // 返回給應(yīng)用層pIrp->IoStatus.Information = 0; // 讀寫字節(jié)數(shù)IoCompleteRequest(pIrp, IO_NO_INCREMENT);return STATUS_SUCCESS; // 返回給內(nèi)核層IO管理器 }// 我們唯一關(guān)心的IRP分發(fā)函數(shù) NTSTATUS DispatchIoctrl(PDEVICE_OBJECT pObject, PIRP pIrp) {ULONG i;ULONG nIoctrlCode = 0;PVOID pInputBuff = NULL;PVOID pOutputBuff = NULL;ULONG nInputBufferLength = 0;ULONG nOutputBufferLength = 0;ULONG nOutput = 0;PIO_STACK_LOCATION pStack = NULL;pInputBuff = pOutputBuff = pIrp->AssociatedIrp.SystemBuffer;pStack = IoGetCurrentIrpStackLocation(pIrp);nInputBufferLength = pStack->Parameters.DeviceIoControl.InputBufferLength;nOutputBufferLength = pStack->Parameters.DeviceIoControl.OutputBufferLength;nIoctrlCode = pStack->Parameters.DeviceIoControl.IoControlCode;switch (nIoctrlCode){case CTL_PRINT:DbgPrint("%s\n", pInputBuff);for (i = 0; i < strlen(pInputBuff) && i < nInputBufferLength; i++){((PCHAR)pInputBuff)[i] = (UCHAR)toupper(((PCHAR)pInputBuff)[i]);}nOutput = nOutputBufferLength;break;default:DbgPrint("Unknown iocontrol\n");}pIrp->IoStatus.Status = STATUS_SUCCESS;pIrp->IoStatus.Information = nOutput;IoCompleteRequest(pIrp, IO_NO_INCREMENT);return STATUS_SUCCESS;}// 驅(qū)動卸載函數(shù)，做一些必要的清理 VOID DriverUnload(PDRIVER_OBJECT pDriverObject) {UNICODE_STRING uLinkName = { 0 };RtlInitUnicodeString(&uLinkName, LINK_NAME);IoDeleteSymbolicLink(&uLinkName);IoDeleteDevice(pDriverObject->DeviceObject);DbgPrint("Driver unloaded\n");}// 驅(qū)動入口 NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,PUNICODE_STRING pRegPath) {UNICODE_STRING uDeviceName = { 0 };UNICODE_STRING uLinkName = { 0 };NTSTATUS ntStatus = 0;PDEVICE_OBJECT pDeviceObject = NULL;ULONG i = 0;DbgPrint("Driver load begin\n");RtlInitUnicodeString(&uDeviceName, DEVICE_NAME);RtlInitUnicodeString(&uLinkName, LINK_NAME);ntStatus = IoCreateDevice(pDriverObject,0, &uDeviceName, FILE_DEVICE_UNKNOWN, 0, FALSE, &pDeviceObject);if (!NT_SUCCESS(ntStatus)){DbgPrint("IoCreateDevice failed:%x", ntStatus);return ntStatus;}pDeviceObject->Flags |= DO_BUFFERED_IO;ntStatus = IoCreateSymbolicLink(&uLinkName, &uDeviceName);if (!NT_SUCCESS(ntStatus)){IoDeleteDevice(pDeviceObject);DbgPrint("IoCreateSymbolicLink failed:%x\n", ntStatus);return ntStatus;}for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++){pDriverObject->MajorFunction[i] = DispatchCommon;}pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctrl;pDriverObject->DriverUnload = DriverUnload;DbgPrint("Driver load ok!\n");return STATUS_SUCCESS; }

加載器

#include <windows.h> #include <winsvc.h> #include <conio.h> #include <stdio.h> #include <winioctl.h>#define DRIVER_NAME L"ntdrv" #define DRIVER_PATH L"MyDriver1.sys" #define LINK_NAME "\\\\.\\ntdrv"#define IOCTRL_BASE 0x800#define MYIOCTRL_CODE(i) \CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTRL_BASE+i, METHOD_BUFFERED,FILE_ANY_ACCESS)#define CTL_PRINT MYIOCTRL_CODE(0)// 加載驅(qū)動 BOOL LoadDriver(PCWSTR lpszDriverName, PCWSTR lpszDriverPath) {// 獲取驅(qū)動完整路徑WCHAR szDriverFullPath[MAX_PATH] = { 0 };GetFullPathNameW(lpszDriverPath, MAX_PATH, szDriverFullPath, NULL);//printf("%s\n", szDriverFullPath);// 打開服務(wù)控制管理器SC_HANDLE hServiceMgr = NULL; // SCM管理器句柄 hServiceMgr = OpenSCManagerW(NULL, NULL, SC_MANAGER_ALL_ACCESS);if (NULL == hServiceMgr){printf("OpenSCManagerW 失敗, %d\n", GetLastError());return FALSE;}//printf("打開服務(wù)控制管理器成功.\n");// 創(chuàng)建驅(qū)動服務(wù)SC_HANDLE hServiceDDK = NULL; // NT驅(qū)動程序服務(wù)句柄hServiceDDK = CreateServiceW(hServiceMgr,lpszDriverName,lpszDriverName,SERVICE_ALL_ACCESS,SERVICE_KERNEL_DRIVER,SERVICE_DEMAND_START,SERVICE_ERROR_IGNORE,szDriverFullPath,NULL,NULL,NULL,NULL,NULL);if (NULL == hServiceDDK){DWORD dwErr = GetLastError();if (dwErr != ERROR_IO_PENDING && dwErr != ERROR_SERVICE_EXISTS){printf("創(chuàng)建驅(qū)動服務(wù)失敗, %d\n", dwErr);return FALSE;}}//printf("創(chuàng)建驅(qū)動服務(wù)成功.\n");// 驅(qū)動服務(wù)已經(jīng)創(chuàng)建，打開服務(wù)hServiceDDK = OpenServiceW(hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS);if (!StartService(hServiceDDK, NULL, NULL)){DWORD dwErr = GetLastError();if (dwErr != ERROR_SERVICE_ALREADY_RUNNING){printf("運行驅(qū)動服務(wù)失敗, %d\n", dwErr);return FALSE;}}//printf("運行驅(qū)動服務(wù)成功.\n");if (hServiceDDK){CloseServiceHandle(hServiceDDK);}if (hServiceMgr){CloseServiceHandle(hServiceMgr);}return TRUE; }// 卸載驅(qū)動 void UnloadDriver(PCWSTR lpszDriverName) {SC_HANDLE hServiceMgr = OpenSCManagerW(0, 0, SC_MANAGER_ALL_ACCESS);SC_HANDLE hServiceDDK = OpenServiceW(hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS);SERVICE_STATUS SvrStatus;ControlService(hServiceDDK, SERVICE_CONTROL_STOP, &SvrStatus);DeleteService(hServiceDDK);if (hServiceDDK){CloseServiceHandle(hServiceDDK);}if (hServiceMgr){CloseServiceHandle(hServiceMgr);} }//測試驅(qū)動程序 void TestDriver() {HANDLE hDevice = CreateFileA(LINK_NAME,GENERIC_WRITE | GENERIC_READ,0,NULL,OPEN_EXISTING,0,NULL);if (hDevice == INVALID_HANDLE_VALUE){printf("Create Device Failed %d ! \n", GetLastError());return;}DWORD dwRead = 0;DWORD dwWrite = 0;char bufInput[1024] = { 0 };char bufOutput[1024] = { 0 };DWORD dwRet = 0;printf("Enter a string: ");scanf("%s", bufInput);DeviceIoControl(hDevice,CTL_PRINT,bufInput,1024,bufOutput,1024,&dwRet,NULL);printf("Driver return string: %s\n", bufOutput);printf("DeviceIoControl done!\n");CloseHandle(hDevice); }int main(int argc, char *argv[]) {//加載驅(qū)動BOOL bRet = LoadDriver(DRIVER_NAME, DRIVER_PATH);if (!bRet){printf("LoadNTDriver error\n");return 0;}//加載成功printf("press any key to create device!\n");_getch();TestDriver();//這時候你可以通過注冊表，或其他查看符號連接的軟件驗證。 printf("press any key to stop service!\n");_getch();//卸載驅(qū)動UnloadDriver(DRIVER_NAME);return 0; }

總結(jié)

以上是生活随笔為你收集整理的Win10 KMD驱动模板，应用层向内核传一个字符串，内核把它转成大写的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。