EXE和SYS通信(ReadFile WriteFile DO_DIRECT_IO) 直接方式

EXE部分

1. #include   
2. #include   
3.   
4. int main (void)  
5. {  
6.     char linkname[]="\\\\.\\HelloDDK";  
7.     HANDLE hDevice = CreateFileA(linkname,GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);  
8.     if (hDevice == INVALID_HANDLE_VALUE)  
9.     {  
10.         printf("Win32 error code: %d\n",GetLastError());  
11.         return 1;  
12.     }  
13.   
14.     UCHAR buffer[10]={0};  
15.     ULONG ulRead=0;  
16.     if (ReadFile(hDevice,buffer,10,&ulRead,NULL))  
17.     {  
18.         printf("Read %d bytes:",ulRead);  
19.         for (int i=0;i<(int)ulRead;i++)  
20.         {  
21.             printf("%02X ",buffer[i]);  
22.         }  
23.         printf("\n");  
24.     }  
25.     getchar();  
26.     getchar();  
27.   
28.     ulRead=0;  
29.     if (WriteFile(hDevice,buffer,10,&ulRead,NULL))  
30.     {  
31.         printf("write %d bytes\n",ulRead);  
32.         for (int i=0;i<(int)ulRead;i++)  
33.         {  
34.             printf("%02X ",buffer[i]);  
35.         }  
36.         printf("\n");  
37.     }  
38.   
39.     CloseHandle(hDevice);  
40.   
41.     getchar();  
42.     getchar();  
43.     return 0;  
44. }  

SYS部分

1. #pragma once  
2.   
3. #include   
4. #define CountArray(Array)  (    sizeof(Array)   /   sizeof(Array[0])    )  
5.   
6. typedef struct _DEVICE_EXTENSION  
7. {  
8.     PDEVICE_OBJECT pDevice;                                     //设备对象  
9.     UNICODE_STRING ustrDeviceName;                  //设备名称  
10.     UNICODE_STRING ustrSymLinkName;                 //符号名称  
11. }DEVICE_EXTENSION,*PDEVICE_EXTENSION;  
12.   
13.   
14.   
15. #ifdef __cplusplus  
16. extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath);  
17. #endif  
18.   
19. void HelloUnload(IN PDRIVER_OBJECT DriverObject);                                                       //卸载函数  
20. NTSTATUS CreateDevice(PDRIVER_OBJECT PDevObj);                                                  //创建设备  
21. NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);   //派遣函数  
22. NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP);                      //读请求派遣函数  
23. NTSTATUS HelloDDKWrite(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP);                     //写请求派遣函数  

1. #include "hello.h"  
2.   
3. NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath)  
4. {  
5.         DbgPrint("Hello from!\n");  
6.         DriverObject->DriverUnload = HelloUnload;  
7.         for (int i=0;i
8.         {  
9.             DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;  
10.         }  
11.         DriverObject->MajorFunction[IRP_MJ_READ]=HelloDDKRead;           //设置读派遣函数  
12.         DriverObject->MajorFunction[IRP_MJ_WRITE]=HelloDDKWrite;     //设置写派遣函数  
13.   
14.   
15. #if DBG  
16.         _asm int 3  
17. #endif  
18.         //创建设备  
19.         CreateDevice(DriverObject);  
20.   
21.         return STATUS_SUCCESS;  
22. }  
23.   
24. //读派遣函数  
25. NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP)  
26. {  
27. #if DBG  
28.     _asm int 3  
29. #endif  
30.   
31.     NTSTATUS status=STATUS_SUCCESS;  
32.   
33.     PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrP);  
34.     ULONG ulReadLength=stack->Parameters.Read.Length;  
35.   
36.     ULONG mdl_length=MmGetMdlByteCount(pIrP->MdlAddress);                    //获取缓冲区的长度  
37.     PVOID  mdl_address=MmGetMdlVirtualAddress(pIrP->MdlAddress);     //获取缓冲区的虚拟地址  
38.     ULONG mdl_offset=MmGetMdlByteOffset(pIrP->MdlAddress);                   //返回缓冲区的偏移  
39.   
40.     if (mdl_length!=ulReadLength)  
41.     {  
42.         //MDL的长度应该和读长度相等，否则该操作应该设为不成功  
43.         pIrP->IoStatus.Information=0;  
44.         status=STATUS_UNSUCCESSFUL;  
45.     }  
46.     else  
47.     {  
48.         //用那个MmGetSystemAddressForMdlSafe得到在内核模式下的影射  
49.         PVOID kernel_address=MmGetSystemAddressForMdlSafe(pIrP->MdlAddress,NormalPagePriority);  
50.         DbgPrint("address0X%08X\n",kernel_address);  
51.         memset(kernel_address,0XAA,ulReadLength);  
52.         pIrP->IoStatus.Information=ulReadLength;  
53.     }  
54.   
55.     //完成IRP  
56.     pIrP->IoStatus.Status=status;                                                                    //设置完成状态  
57.     IoCompleteRequest(pIrP,IO_NO_INCREMENT);                                        //完成IRP  
58.   
59.     return status;  
60. }  
61.   
62. //写派遣函数  
63. NTSTATUS HelloDDKWrite(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP)  
64. {  
65. #if DBG  
66.     _asm int 3  
67. #endif  
68.   
69.     NTSTATUS status=STATUS_SUCCESS;  
70.   
71.     PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrP);  
72.     ULONG ulWriteLength=stack->Parameters.Write.Length;  
73.   
74.     ULONG mdl_length=MmGetMdlByteCount(pIrP->MdlAddress);                    //获取缓冲区的长度  
75.     PVOID  mdl_address=MmGetMdlVirtualAddress(pIrP->MdlAddress);     //获取缓冲区的虚拟地址  
76.     ULONG mdl_offset=MmGetMdlByteOffset(pIrP->MdlAddress);                   //返回缓冲区的偏移  
77.   
78.     if (mdl_length!=ulWriteLength)  
79.     {  
80.         //MDL的长度应该和读长度相等，否则该操作应该设为不成功  
81.         pIrP->IoStatus.Information=0;  
82.         status=STATUS_UNSUCCESSFUL;  
83.     }  
84.     else  
85.     {  
86.         //用那个MmGetSystemAddressForMdlSafe得到在内核模式下的影射  
87.         PVOID kernel_address=MmGetSystemAddressForMdlSafe(pIrP->MdlAddress,NormalPagePriority);  
88.         DbgPrint("address0X%08X\n",kernel_address);  
89.         UCHAR buffer[10]={0};  
90.         memcpy(buffer,kernel_address,ulWriteLength);  
91.         for (int i=0;i<(int)ulWriteLength;i++)  
92.         {  
93.             DbgPrint("%02x\n",buffer[i]);  
94.         }  
95.         memset(kernel_address,0XAA,ulWriteLength);  
96.         pIrP->IoStatus.Information=ulWriteLength;  
97.     }  
98.   
99.   
100.     //完成IRP  
101.     pIrP->IoStatus.Status=status;                                                                    //设置完成状态  
102.     IoCompleteRequest(pIrP,IO_NO_INCREMENT);                                        //完成IRP  
103.   
104.     return status;  
105. }  
106.   
107. //卸载函数  
108. void HelloUnload(IN PDRIVER_OBJECT DriverObject)  
109. {  
110.         DbgPrint("Goodbye from!\n");  
111.         PDEVICE_OBJECT pNextObj=NULL;  
112.         pNextObj=DriverObject->DeviceObject;  
113.   
114.         while (pNextObj)  
115.         {  
116.             PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;  
117.             //删除符号连接  
118.             IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);  
119.             //删除设备  
120.             IoDeleteDevice(pDevExt->pDevice);  
121.   
122.             pNextObj=pNextObj->NextDevice;  
123.         }  
124. }  
125.   
126. //创建设备  
127. NTSTATUS CreateDevice(PDRIVER_OBJECT pDriver_Object)  
128. {  
129.     //定义变量  
130.     NTSTATUS status=STATUS_SUCCESS;  
131.     PDEVICE_OBJECT pDevObje=NULL;  
132.     PDEVICE_EXTENSION pDevExt=NULL;  
133.   
134.     //初始化字符串  
135.     UNICODE_STRING devname;  
136.     UNICODE_STRING symLinkName;  
137.     RtlInitUnicodeString(&devname,L"\\device\\hello");  
138.     RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");  
139.   
140.     //创建设备  
141.     if (IoCreateDevice(pDriver_Object,sizeof(PDEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObje)!=STATUS_SUCCESS )  
142.     {  
143.         DbgPrint("创建设备失败\n");  
144.         return status;  
145.     }  
146.   
147.     //设置读写方式  
148.     pDevObje->Flags |= DO_DIRECT_IO;             //直接读取设备  
149.     pDevExt=(PDEVICE_EXTENSION)pDevObje->DeviceExtension;  
150.     pDevExt->pDevice=pDevObje;  
151.     pDevExt->ustrDeviceName=devname;  
152.     pDevExt->ustrSymLinkName=symLinkName;  
153.   
154.     //创建符号连接  
155.     if (IoCreateSymbolicLink(&symLinkName,&devname)!=STATUS_SUCCESS )  
156.     {  
157.         DbgPrint("创建符号连接失败\n");  
158.         IoDeleteDevice(pDevObje);  
159.         return status;  
160.     }  
161.     return STATUS_SUCCESS;  
162. }  
163.   
164. //派遣函数  
165. NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP)  
166. {  
167. #if DBG  
168.     _asm int 3  
169. #endif  
170.   
171.     PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrP);  
172.     //建立一个字符串数组与IRP类型对应起来  
173.     static char* irpname[] =   
174.     {  
175.         "IRP_MJ_CREATE",  
176.         "IRP_MJ_CREATE_NAMED_PIPE",  
177.         "IRP_MJ_CLOSE",  
178.         "IRP_MJ_READ",  
179.         "IRP_MJ_WRITE",  
180.         "IRP_MJ_QUERY_INFORMATION",  
181.         "IRP_MJ_SET_INFORMATION",  
182.         "IRP_MJ_QUERY_EA",  
183.         "IRP_MJ_SET_EA",  
184.         "IRP_MJ_FLUSH_BUFFERS",  
185.         "IRP_MJ_QUERY_VOLUME_INFORMATION",  
186.         "IRP_MJ_SET_VOLUME_INFORMATION",  
187.         "IRP_MJ_DIRECTORY_CONTROL",  
188.         "IRP_MJ_FILE_SYSTEM_CONTROL",  
189.         "IRP_MJ_DEVICE_CONTROL",  
190.         "IRP_MJ_INTERNAL_DEVICE_CONTROL",  
191.         "IRP_MJ_SHUTDOWN",  
192.         "IRP_MJ_LOCK_CONTROL",  
193.         "IRP_MJ_CLEANUP",  
194.         "IRP_MJ_CREATE_MAILSLOT",  
195.         "IRP_MJ_QUERY_SECURITY",  
196.         "IRP_MJ_SET_SECURITY",  
197.         "IRP_MJ_POWER",  
198.         "IRP_MJ_SYSTEM_CONTROL",  
199.         "IRP_MJ_DEVICE_CHANGE",  
200.         "IRP_MJ_QUERY_QUOTA",  
201.         "IRP_MJ_SET_QUOTA",  
202.         "IRP_MJ_PNP",  
203.     };  
204.   
205.     UCHAR type = stack->MajorFunction;  
206.   
207.     if (type >= CountArray(irpname))  
208.         KdPrint(("无效的IRP类型 %X\n", type));  
209.     else  
210.         KdPrint(("%s\n", irpname[type]));  
211.   
212.   
213.   
214.   
215.     pIrP->IoStatus.Status=STATUS_SUCCESS;                    //设置完成状态  
216.     pIrP->IoStatus.Information=0;                                        //设置操作字节为0  
217.     IoCompleteRequest(pIrP,IO_NO_INCREMENT);            //结束IRP派遣函数，第二个参数表示不增加优先级  
218.     return STATUS_SUCCESS;  
219. }  

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！