自己构造IRP包来实现驱动与驱动之间的通信(成功笔记下来以后参考用)
来源:互联网 发布:sass软件是什么意思 编辑:程序博客网 时间:2024/05/24 03:07
#include <ntddk.h>
#define DEVICE_NAMEL"\\device\\NTModelDrv"
#define LINK_NAMEL"\\dosDevices\\NTModelDrv"
#define IOCTL_BASE 0x8000
#define MY_CTL_CODE(i) \
CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASE+i, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_HELLO MY_CTL_CODE(0)
VOID DriverUnload(PDRIVER_OBJECT pDriverObject)
{
DbgPrint("DriverUnload: DriverUnload is Run!\n");
}
NTSTATUS
LM87RequestComplete (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PKEVENT Event;
Event = (PKEVENT) Context;
__asm int 3
KeSetEvent (Event, IO_NO_INCREMENT, FALSE);
return STATUS_MORE_PROCESSING_REQUIRED;
}
VOID WorkThread(PVOID pContext)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
PIRP SMBIrp;
PIO_STACK_LOCATION irpStack;
IO_STACK_LOCATION status_block;
UNICODE_STRING usDeviceToFilter = { 0 };
KEVENT SyncEvent;
//注意这里定义的指针哦
PFILE_OBJECT FileObject = NULL;
PDEVICE_OBJECT DeviceObject = NULL;
ULONG i = 0;
LARGE_INTEGER waitTime = { 0 };
waitTime.QuadPart = -3 * 10000000i64;
DbgPrint("In WorkThread!\n");
KeInitializeEvent(&SyncEvent, NotificationEvent, FALSE);
while(1)
{
DbgPrint("WorkThread: %x\n", i);
//得到设备对象
__asm int 3
//尽管FileObject与DeviceObject定义的是指针,这里还是要取地址表示是双指针
ntStatus = IoGetDeviceObjectPointer(&usDeviceToFilter,
GENERIC_ALL,&FileObject,&DeviceObject);
if( !NT_SUCCESS(ntStatus) )
{
DbgPrint("IoGetDeviceObjectPointer is Failed!\n");
continue;
}
//根据设备对象创建针对该设备对象的IRP包
SMBIrp = IoAllocateIrp (DeviceObject->StackSize, FALSE);
if(!SMBIrp)
{
KdPrint(("IoAllocateIrp: Allocate irp failed!\n "));
continue;
}
SMBIrp->UserEvent = &SyncEvent;
//SMBIrp->UserIosb = &status_block;
//SMBIrp->Tail.Overlay.Thread = PsGetCurrentThread();
//这句有什么作用呢?
irpStack = IoGetNextIrpStackLocation(SMBIrp);
//设置IRP包的控制码
irpStack->MajorFunction = IRP_MJ_DEVICE_CONTROL;
irpStack->Parameters.DeviceIoControl.IoControlCode = IOCTL_HELLO;
//irpStack->FileObject = FileObject;
//设置完成函数,完成函数中要对我们发送的IRP包进行完成,不能再发回到IO管理器上
IoSetCompletionRoutine (SMBIrp, LM87RequestComplete, &SyncEvent, TRUE, TRUE, TRUE);
//直接向设备发送IRP包,这里设备对象为指针对象
IoCallDriver(DeviceObject, SMBIrp);
KeWaitForSingleObject(&SyncEvent, Executive, KernelMode, FALSE, NULL);
i++;
KeDelayExecutionThread(KernelMode, FALSE, &waitTime);//延迟3秒
//最后释放IRP包
IoFreeIrp(SMBIrp);
}
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegPath)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
HANDLE hThread;
ntStatus = PsCreateSystemThread(
&hThread,
0,
NULL,
(HANDLE)0,
NULL,
WorkThread,
NULL
);
if(!NT_SUCCESS(ntStatus))
{
DbgPrint("PsCreateSystemThread is Failed!\n");
}
ZwClose(hThread);
return STATUS_SUCCESS;
}
#define DEVICE_NAMEL"\\device\\NTModelDrv"
#define LINK_NAMEL"\\dosDevices\\NTModelDrv"
#define IOCTL_BASE 0x8000
#define MY_CTL_CODE(i) \
CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASE+i, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_HELLO MY_CTL_CODE(0)
VOID DriverUnload(PDRIVER_OBJECT pDriverObject)
{
DbgPrint("DriverUnload: DriverUnload is Run!\n");
}
NTSTATUS
LM87RequestComplete (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PKEVENT Event;
Event = (PKEVENT) Context;
__asm int 3
KeSetEvent (Event, IO_NO_INCREMENT, FALSE);
return STATUS_MORE_PROCESSING_REQUIRED;
}
VOID WorkThread(PVOID pContext)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
PIRP SMBIrp;
PIO_STACK_LOCATION irpStack;
IO_STACK_LOCATION status_block;
UNICODE_STRING usDeviceToFilter = { 0 };
KEVENT SyncEvent;
//注意这里定义的指针哦
PFILE_OBJECT FileObject = NULL;
PDEVICE_OBJECT DeviceObject = NULL;
ULONG i = 0;
LARGE_INTEGER waitTime = { 0 };
waitTime.QuadPart = -3 * 10000000i64;
DbgPrint("In WorkThread!\n");
//这里使用的设备对象名而不是符号链接名称
RtlInitUnicodeString(&usDeviceToFilter, DEVICE_NAME);KeInitializeEvent(&SyncEvent, NotificationEvent, FALSE);
while(1)
{
DbgPrint("WorkThread: %x\n", i);
//得到设备对象
__asm int 3
//尽管FileObject与DeviceObject定义的是指针,这里还是要取地址表示是双指针
ntStatus = IoGetDeviceObjectPointer(&usDeviceToFilter,
GENERIC_ALL,&FileObject,&DeviceObject);
if( !NT_SUCCESS(ntStatus) )
{
DbgPrint("IoGetDeviceObjectPointer is Failed!\n");
continue;
}
//根据设备对象创建针对该设备对象的IRP包
SMBIrp = IoAllocateIrp (DeviceObject->StackSize, FALSE);
if(!SMBIrp)
{
KdPrint(("IoAllocateIrp: Allocate irp failed!\n "));
continue;
}
SMBIrp->UserEvent = &SyncEvent;
//SMBIrp->UserIosb = &status_block;
//SMBIrp->Tail.Overlay.Thread = PsGetCurrentThread();
//这句有什么作用呢?
irpStack = IoGetNextIrpStackLocation(SMBIrp);
//设置IRP包的控制码
irpStack->MajorFunction = IRP_MJ_DEVICE_CONTROL;
irpStack->Parameters.DeviceIoControl.IoControlCode = IOCTL_HELLO;
//irpStack->FileObject = FileObject;
//设置完成函数,完成函数中要对我们发送的IRP包进行完成,不能再发回到IO管理器上
IoSetCompletionRoutine (SMBIrp, LM87RequestComplete, &SyncEvent, TRUE, TRUE, TRUE);
//直接向设备发送IRP包,这里设备对象为指针对象
IoCallDriver(DeviceObject, SMBIrp);
KeWaitForSingleObject(&SyncEvent, Executive, KernelMode, FALSE, NULL);
i++;
KeDelayExecutionThread(KernelMode, FALSE, &waitTime);//延迟3秒
//最后释放IRP包
IoFreeIrp(SMBIrp);
}
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegPath)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
HANDLE hThread;
ntStatus = PsCreateSystemThread(
&hThread,
0,
NULL,
(HANDLE)0,
NULL,
WorkThread,
NULL
);
if(!NT_SUCCESS(ntStatus))
{
DbgPrint("PsCreateSystemThread is Failed!\n");
}
ZwClose(hThread);
return STATUS_SUCCESS;
}
- 自己构造IRP包来实现驱动与驱动之间的通信(成功笔记下来以后参考用)
- Windows 驱动与驱动之间的通信
- 创建IRP实现驱动之间通讯
- 驱动学习笔记–irp
- Windows 驱动之间的通信
- 分层驱动模型中IRP的传递与完成
- 分层驱动模型中IRP的传递与完成
- (三)NT驱动基础——创建驱动设备 并 实现驱动与应用程序的通信
- 构造自己的IOCTL命令 让你的驱动飞起来
- 构造自己的IOCTL命令 让你的驱动飞起来
- linux内核两个驱动之间的通信
- linux内核两个驱动之间的通信
- linux内核两个驱动之间的通信
- 应用程序与驱动的通信
- 自己构造 Create IRP
- 关于NT驱动irp pending的注意事项
- 驱动开发程序的IRP处理过程
- 驱动层与应用层通信的实现
- JS3
- solaris 命令大全
- 在一台机器上运行多个HDFS实例
- 高通平台环境搭建,编译,系统引导流程分析
- U盘修复技巧
- 自己构造IRP包来实现驱动与驱动之间的通信(成功笔记下来以后参考用)
- Linux文件系统
- MyEclipse破解程序
- 不要随意重装你的Windows操作系统
- FATFS
- 机器学习书籍资料推荐
- Flex很可能会消失
- CCleaner Business Edition 3.28.1913多语言注册版另附专业版
- c++ 中 define 的命运
