初学驱动开发-文件+注册表

 在前几篇的驱动开发文章基础上增加文件读写和注册表操作

主要由函数TestFile   和 TestReg 来实现
#ifdef __cplusplus
extern "C"
{
#endif
#include <NTDDK.h>
#ifdef __cplusplus
}
#endif 
#define PAGEDCODE code_seg("PAGE")
#define LOCKEDCODE code_seg()
#define INITCODE code_seg("INIT")
#define PAGEDDATA data_seg("PAGE")
#define LOCKEDDATA data_seg()
#define INITDATA data_seg("INIT")
#define arraysize(p) (sizeof(p)/sizeof((p)[0]))
typedef struct _DEVICE_EXTENSION {
PDEVICE_OBJECT pDevice;
UNICODE_STRING ustrDeviceName;//设备名称
UNICODE_STRING ustrSymLinkName;//符号链接名
} DEVICE_EXTENSION, *PDEVICE_EXTENSION;
/************************************************************************
* 函数名称:LoadDevice
* 功能描述:加载设备对象，如果存在则使用现有设备对象，如果不存在则创建新的设备对象 
*************************************************************************/
#pragma INITCODE
NTSTATUS LoadDevice (
IN PDRIVER_OBJECTpDriverObject,
IN PCWSTR          SourceString)
{
NTSTATUS status;
PDEVICE_OBJECT pDevObj;
PDEVICE_EXTENSION pDevExt; 
UNICODE_STRING devName;
//设备名称
RtlInitUnicodeString(&devName,SourceString);
//创建设备
status = IoCreateDevice( pDriverObject,
sizeof(DEVICE_EXTENSION),
&(UNICODE_STRING)devName,
FILE_DEVICE_UNKNOWN,
0, TRUE,
&pDevObj );
if (!NT_SUCCESS(status))
    {
RtlFreeUnicodeString( &devName );
return status;
}
RtlZeroMemory(pDevObj->DeviceExtension, sizeof(DEVICE_EXTENSION));
pDevExt = (PDEVICE_EXTENSION)pDevObj->DeviceExtension;
pDevObj->Flags |= DO_BUFFERED_IO; 
pDevExt->pDevice = pDevObj;
pDevExt->ustrDeviceName = devName;
//创建符号链接
UNICODE_STRING symLinkName;
RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");
pDevExt->ustrSymLinkName = symLinkName;
status = IoCreateSymbolicLink( &symLinkName,&devName );
if (!NT_SUCCESS(status)) 
{
IoDeleteDevice( pDevObj );
RtlFreeUnicodeString( &devName );
RtlFreeUnicodeString( &symLinkName );
return status;
} 
return STATUS_SUCCESS;
}
/************************************************************************
* 函数名称:UnloadDevice 
* 功能描述:卸载驱动设备 
*************************************************************************/
#pragma PAGEDCODE
VOID UnloadDevice (IN PDRIVER_OBJECT pDriverObject) 
{
PDEVICE_OBJECTpNextObj;
KdPrint(("Enter DriverUnload\n"));
pNextObj = pDriverObject->DeviceObject;
while (pNextObj != NULL) 
{
PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)
pNextObj->DeviceExtension;
//删除符号链接
UNICODE_STRING pLinkName = pDevExt->ustrSymLinkName;
IoDeleteSymbolicLink(&pLinkName);
pNextObj = pNextObj->NextDevice;
IoDeleteDevice( pDevExt->pDevice );
}
} 
//----------------------------------------文件-----------------------------------#pragma INITCODE  VOID TetsFileWrite(PVOID buff, ULONG bufflen)  {           UNICODE_STRING string;           RtlInitUnicodeString(&string, L"\\??\\C:\\copyTest.txt");              OBJECT_ATTRIBUTES objattr;           InitializeObjectAttributes(&objattr, &string, OBJ_CASE_INSENSITIVE, NULL, NULL);              HANDLE hFile;           IO_STATUS_BLOCK iostatus;              //打开文件           NTSTATUS status = ZwCreateFile(&hFile, GENERIC_WRITE, &objattr, &iostatus, NULL,        FILE_ATTRIBUTE_NORMAL, FILE_SHARE_WRITE, FILE_OPEN_IF, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);   if (!NT_SUCCESS(status)) { KdPrint(("创建c:\\1.log文件失败\r\n")); return; }         //写文件           status = ZwWriteFile(hFile, NULL, NULL, NULL, &iostatus, buff, bufflen, NULL, NULL);              ZwClose(hFile);    }  #pragma INITCODE  VOID TetsFile()  {           UNICODE_STRING string;           RtlInitUnicodeString(&string, L"\\??\\C:\\test.txt");              OBJECT_ATTRIBUTES objattr;           InitializeObjectAttributes(&objattr, &string, OBJ_CASE_INSENSITIVE, NULL, NULL);              HANDLE hFile;           IO_STATUS_BLOCK iostatus;              //打开文件           NTSTATUS status = ZwCreateFile(&hFile, GENERIC_READ, &objattr, &iostatus, NULL,        FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);      if(!NT_SUCCESS(status)) { KdPrint(("打开c:\\test.txt文件失败\r\n"));  return; }         //获得文件的大小           FILE_STANDARD_INFORMATION fsi;           status = ZwQueryInformationFile(hFile, &iostatus, &fsi, sizeof(FILE_STANDARD_INFORMATION), FileStandardInformation);              //分配Buffer空间           PUCHAR pBuffer = (PUCHAR)ExAllocatePool(PagedPool, (LONG)fsi.EndOfFile.QuadPart);                     //读文件           status = ZwReadFile(hFile, NULL, NULL, NULL, &iostatus, pBuffer, (LONG)fsi.EndOfFile.QuadPart, NULL, NULL);           KdPrint(("Read %d bytes\n", iostatus.Information));           KdPrint(("Read str:%s\n", pBuffer));   TetsFileWrite(pBuffer, iostatus.Information);         //关闭文件句柄           ZwClose(hFile);           //释放内存           ExFreePool(pBuffer);  } //----------------------------------注册表------------------#pragma INITCODEVOID TestReg(){WCHAR* pKey = L"\\Registry\\Machine\\SOFTWARE\\Hellowold";// 查找项  if (!NT_SUCCESS(RtlCheckRegistryKey(RTL_REGISTRY_ABSOLUTE, pKey))){KdPrint(("注册表项不存在\r\n"));// 创建项  if (NT_SUCCESS(RtlCreateRegistryKey(RTL_REGISTRY_ABSOLUTE, pKey))){KdPrint(("注册表项创建成功\r\n"));// 查找键值  WCHAR* pBuf = (WCHAR*)ExAllocatePool(PagedPool, 30);RtlZeroMemory(pBuf, 30);RtlCopyMemory(pBuf, L"Hello,World", wcslen(L"Hello,World")*sizeof(WCHAR));RTL_QUERY_REGISTRY_TABLE RegTable;RegTable.Flags = RTL_QUERY_REGISTRY_DIRECT;RegTable.Name = L"Hello";RegTable.EntryContext = pBuf;RegTable.DefaultType = REG_SZ;RegTable.DefaultLength = 30;RegTable.DefaultData = REG_NONE;if (!NT_SUCCESS(RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE, pKey, &RegTable, NULL, NULL))){KdPrint(("查询注册表键失败\r\n"));// 写入键值  regszif (!NT_SUCCESS(RtlWriteRegistryValue(RTL_REGISTRY_ABSOLUTE, pKey, L"Hello", REG_SZ, pBuf, 30 + 2))){KdPrint(("写入注册表键值失败\r\n"));}else{// 写入键值  regdwordULONG data = 0xFF;NTSTATUS status = RtlWriteRegistryValue(RTL_REGISTRY_ABSOLUTE,pKey,L"ValueName",REG_DWORD,&data,sizeof(ULONG));KdPrint(("写入注册表键值=%ws\r\n", pBuf));ExFreePool(pBuf);pBuf = NULL; }}elseKdPrint(("查询到的注册表键=%ws\r\n", pBuf));}elseKdPrint(("注册表项创建失败\r\n"));}else{KdPrint(("注册表项存在\r\n"));// 删除键值  if (NT_SUCCESS(RtlDeleteRegistryValue(RTL_REGISTRY_ABSOLUTE, pKey, L"HelloB"))){KdPrint(("删除键值HelloB成功\r\n"));}else{KdPrint(("删除键值HelloB失败\r\n"));}}} 
/************************************************************************
* 函数名称:DriverEntry
* 功能描述:驱动程序入口函数 
*************************************************************************/
#pragma INITCODE
extern "C" NTSTATUS DriverEntry (
IN PDRIVER_OBJECT pDriverObject,
IN PUNICODE_STRING pRegistryPath) 
{
NTSTATUS status;
KdPrint(("Enter DriverEntry\n"));
KdPrint(("Hello World Driver\n"));
KdPrint(("pRegistryPath：%ws\n", pRegistryPath->Buffer)); //信息
//创建驱动设备对象
status = LoadDevice(pDriverObject, L"\\Device\\HelloWordDDKDevice");
//卸载驱动设备对象
pDriverObject->DriverUnload = UnloadDevice;  
TetsFile(); //文件TestReg();   //注册表
KdPrint(("DriverEntry end\n"));
return status;
}