EXE和驱动通信（缓冲区方式）

驱动代码：

#define     add_code   CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED,FILE_ANY_ACCESS )#define     sub_code   CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED,FILE_ANY_ACCESS )NTSTATUS ddk_DispatchRoutine_CONTROL (IN PDRIVER_OBJECT pDevobj,IN PIRP pIrp){ULONG msg;ULONG  returnSize;ULONG inSize;ULONG outSize;ULONG code;   PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrp);//得到当前栈指针   msg=stack->MajorFunction;switch(msg){  case IRP_MJ_DEVICE_CONTROL :{       KdPrint(("Enter IRP_MJ_DEVICE_CONTROL"));       inSize=stack->Parameters.DeviceIoControl.InputBufferLength;//得到输入缓冲区大小       outSize=stack->Parameters.DeviceIoControl.OutputBufferLength;//得到输出缓冲区大小   code=stack->Parameters.DeviceIoControl.IoControlCode;//得到CTL_CODE       switch(code)   {         case add_code :   {     UCHAR *InputBuffer;             UCHAR *outputBuffer; ULONG i; char buffer[]="I am Apxar,Welcome to my world";       //要传送回的数据 InputBuffer=(UCHAR *)pIrp->AssociatedIrp.SystemBuffer;//对输入缓存区操作，取出数据             KdPrint(("Enter add_code")); for ( i=0;i<inSize;i++) { KdPrint(("%c",InputBuffer[i])); }  outputBuffer=(UCHAR *)pIrp->AssociatedIrp.SystemBuffer;   //对输出缓存区操作，输出数据                strcpy((char*)outputBuffer,buffer);  KdPrint(("outputBuffer:%s",outputBuffer));                returnSize=strlen(buffer);                break;         }   case  sub_code :   break;           }       break;}case IRP_MJ_CREATE :break;case IRP_MJ_CLOSE :break;case IRP_MJ_READ :     break;}   pIrp->IoStatus.Information=returnSize;//返回实际的大小   pIrp->IoStatus.Status=STATUS_SUCCESS;//返回成功   IoCompleteRequest(pIrp,IO_NO_INCREMENT);//指示已完成此IRP   return STATUS_SUCCESS;}VOID DriverUnload(PDRIVER_OBJECT driver){PDEVICE_OBJECT pDev;//用来取得要删除设备对象UNICODE_STRING symLinkName; // pDev=driver->DeviceObject;IoDeleteDevice(pDev); //删除设备//取符号链接名字RtlInitUnicodeString(&symLinkName,L"\\??\\My_DriverLinkName");//删除符号链接IoDeleteSymbolicLink(&symLinkName);//删掉所有设备DbgPrint("卸载成功");}NTSTATUS CreateMyDevice (IN PDRIVER_OBJECT pDriverObject) {NTSTATUS status;PDEVICE_OBJECT pDevObj;/*用来返回创建设备*///创建设备名称UNICODE_STRING devName;UNICODE_STRING symLinkName; // RtlInitUnicodeString(&devName,L"\\Device\\yjxDDK_Device1");/*对devName初始化字串为 "\\Device\\yjxDDK_Device"*///为驱动创建一个设备对象status = IoCreateDevice( pDriverObject,0,&devName,FILE_DEVICE_UNKNOWN,0, TRUE,\&pDevObj);if (!NT_SUCCESS(status)){if (status==STATUS_INSUFFICIENT_RESOURCES){KdPrint(("资源不足 STATUS_INSUFFICIENT_RESOURCES"));}if (status==STATUS_OBJECT_NAME_EXISTS ){KdPrint(("指定对象名存在"));}if (status==STATUS_OBJECT_NAME_COLLISION){KdPrint(("//对象名有冲突"));}KdPrint(("设备创建失败...++++++++"));return status;}KdPrint(("设备创建成功...++++++++"));pDevObj->Flags |= DO_BUFFERED_IO;//创建符号链接RtlInitUnicodeString(&symLinkName,L"\\??\\My_DriverLinkName");//创建一个设备链接。驱动程序虽然有了设备名称，但是这种设备名筄只能在内核可见，而对于应用程序是不可见的，因此，驱动需要要暴露一个符号链接，该链接指向真正的设备名称status = IoCreateSymbolicLink( &symLinkName,&devName );if (!NT_SUCCESS(status)) {IoDeleteDevice( pDevObj );return status;}return STATUS_SUCCESS;}NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path) //TYPEDEF LONG NTSTATUS{driver->MajorFunction[IRP_MJ_CREATE]=(PDRIVER_DISPATCH)ddk_DispatchRoutine_CONTROL;driver->MajorFunction[IRP_MJ_CLOSE]=(PDRIVER_DISPATCH)ddk_DispatchRoutine_CONTROL;driver->MajorFunction[IRP_MJ_DEVICE_CONTROL]=(PDRIVER_DISPATCH)ddk_DispatchRoutine_CONTROL;CreateMyDevice(driver);driver->DriverUnload = DriverUnload;return STATUS_SUCCESS;}

EXE代码：

#include <stdio.h>#include<WINDOWS.H>#include<winioctl.h> //CTL_CODE 所需头文件#define add_code CTL_CODE(FILE_DEVICE_UNKNOWN ,0x800,METHOD_BUFFERED ,FILE_ANY_ACCESS)void Transfer(HANDLE hDevice){//DeviceIoControl 与驱动程序进行通信 UCHAR inputBuffer[]="i am a boy ";   UCHAR OutputBuffer[100]; //将输入缓冲区全部置成0XBB  memset(OutputBuffer,'\0',10);ULONG sizeReturned;  if(DeviceIoControl(hDevice,add_code, inputBuffer,//LPVOID lpInBuffer  传入数据的指针        strlen((char*)inputBuffer),//DWORD nInBufferSize, 传入数据的大小        &OutputBuffer,//LPVOID lpOutBuffer,         100,&sizeReturned,NULL)) {     CloseHandle(hDevice);  printf("DeviceIoControl Success");      printf("returnSize:%d\n",sizeReturned);  for (int i=0;i<(int)sizeReturned;i++)  {  printf("%c",OutputBuffer[i]);      }  }CloseHandle(hDevice);}void main(){                     LPCTSTR lpFileName="\\\\.\\My_DriverLinkName";HANDLE hDevice=NULL;  hDevice=CreateFile(lpFileName,(GENERIC_READ | GENERIC_WRITE),0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);  if(INVALID_HANDLE_VALUE==hDevice)  {    printf("CreateFile error:%d\n",GetLastError());    getchar();    return;  }Transfer(hDevice);getchar();}