NT式驱动

转载自：http://mzf2008.blog.163.com/blog/static/35599786201011733440667/

//Driver.h 

#pragma once

#ifdef __cplusplus 

extern "C"

{

#endif

#include <ntddk.h> //NT式驱动包含此头文件

#ifdef __cplusplus

}

#endif

#define PAGEDCODE code_seg("PAGE") 

#define LOCKEDCODE code_seg()

#define INITCODE code_sg("INIT")

#define PAGEDDATA data_seg("PAGE")

#define LOCKEDDATA data_seg()

#define INITDATA data_seg("INIT")

#define arraysize(a) (sizeof(a)/sizeof((a)[1])) //数组元素个数

typedef struct _DEVICE_EXTENSION  //定义设备扩展结构体

{

PDEVICE_OBJECT pDeviceObj;//设备

UNICODE_STRING ustrDeviceName;//设备名称

UNICODE_STRING ustrSymLinkName;//链接符号名称

} DEVICE_EXTENSION, *PDEVICE_EXTENSION;

//函数声明

 NTSTATUS CreateDevice(IN PDRIVER_OBJECT pDriberObj); //创建设备函数

 VOID HelloDDKUnload(IN PDRIVER_OBJECT pDriverObj);//驱动卸载例程

 NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDeviceObj, IN PIRP pIrp);//派遣例程

//Driver.cpp

#include "Driver.h"

/************************************************************************

* 函数名称:DriverEntry

* 功能描述:初始化驱动程序，定位和申请硬件资源，创建内核对象

* 参数列表:

      pDriverObj:从I/O管理器中传进来的驱动对象

      pRegisterPath:驱动程序在注册表的中的路径

* 返回 值:返回初始化驱动状态

*************************************************************************/

#pragma INITCODE

extern "C" NTSTATUS DriverEntry( IN PDRIVER_OBJECT pDriverObj, IN PUNICODE_STRING pRegisterPath )

{

KdPrint(("Entry DriverEntry!\n"));

//注册其他驱动调用的函数入口

pDriverObj->DriverUnload = HelloDDKUnload;

pDriverObj->MajorFunction[IRP_MJ_CREATE] = HelloDDKDispatchRoutine;

pDriverObj->MajorFunction[IRP_MJ_CLOSE] = HelloDDKDispatchRoutine;

pDriverObj->MajorFunction[IRP_MJ_WRITE] = HelloDDKDispatchRoutine;

pDriverObj->MajorFunction[IRP_MJ_READ] = HelloDDKDispatchRoutine;

NTSTATUS status;

status = CreateDevice(pDriverObj); //创建设备对象

KdPrint(("Leave DriverEntry!\n"));

return STATUS_SUCCESS;

}

/************************************************************************

* 函数名称:CreateDevice

* 功能描述:初始化设备对象

* 参数列表:

      pDriverObject:从I/O管理器中传进来的驱动对象

* 返回 值:返回初始化状态

*************************************************************************/

#pragma INITCODE

NTSTATUS CreateDevice(IN PDRIVER_OBJECT pDriberObj)

{

KdPrint(("Entry CreateDevice!\n"));

NTSTATUS status;

PDEVICE_OBJECT pDeviceObj;

PDEVICE_EXTENSION pDeviceExtension;

UNICODE_STRING ustrDeviceName;

RtlInitUnicodeString(&ustrDeviceName, L"\\Device\\MyDDKDevice"); //要创建的设备对象名称

//创建设备对象

status = IoCreateDevice(pDriberObj, sizeof(DEVICE_EXTENSION), &(UNICODE_STRING)ustrDeviceName,

FILE_DEVICE_UNKNOWN, 0, TRUE, &pDeviceObj);

if (!NT_SUCCESS(status))

{

return status;

}

pDeviceObj->Flags |= DO_BUFFERED_IO;

pDeviceExtension = (PDEVICE_EXTENSION)pDeviceObj->DeviceExtension; //填充设备扩展结构各个字段

pDeviceExtension->pDeviceObj = pDeviceObj;

pDeviceExtension->ustrDeviceName = ustrDeviceName;

UNICODE_STRING ustrSymLinkName;

RtlInitUnicodeString(&ustrSymLinkName, L"\\??\\HelloDDK");//符号链接名

pDeviceExtension->ustrSymLinkName = ustrSymLinkName;

//创建符号链接

status = IoCreateSymbolicLink(&ustrSymLinkName, &ustrDeviceName);

if (!NT_SUCCESS(status))

{

IoDeleteDevice(pDeviceObj);

return status;

}

KdPrint(("Leave CreateDevice!\n"));

return STATUS_SUCCESS;

}

/************************************************************************

* 函数名称:HelloDDKUnload

* 功能描述:负责驱动程序的卸载操作

* 参数列表:

      pDriverObj:驱动对象

* 返回 值:返回状态

*************************************************************************/

#pragma PAGEDCODE

VOID HelloDDKUnload(IN PDRIVER_OBJECT pDriverObj)

{

KdPrint(("Entry UnloadDriver!\n"));

PDEVICE_OBJECT pNextDeviceObj;

pNextDeviceObj = pDriverObj->DeviceObject;

//遍历删除驱动的设备对象

while (pNextDeviceObj != NULL)

{

PDEVICE_EXTENSION pDeviceExten = (PDEVICE_EXTENSION)pNextDeviceObj->DeviceExtension;

UNICODE_STRING ustrDelSymlinkName = pDeviceExten->ustrSymLinkName; 

IoDeleteSymbolicLink(&ustrDelSymlinkName);//删除符号链接

pNextDeviceObj = pNextDeviceObj->NextDevice;

IoDeleteDevice(pDeviceExten->pDeviceObj);//删除设备对象

}

KdPrint(("Leave UnloadDriver!\n"));

}

/************************************************************************

* 函数名称:HelloDDKDispatchRoutine

* 功能描述:对读IRP进行处理

* 参数列表:

      pDeviceObj:功能设备对象

      pIrp:从IO请求包

* 返回 值:返回状态

*************************************************************************/

#pragma PAGEDCODE

NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDeviceObj, IN PIRP pIrp)

{

KdPrint(("Enter HelloDDKDispatchRoutine!\n"));

NTSTATUS status = STATUS_SUCCESS;

pIrp->IoStatus.Status = status;

pIrp->IoStatus.Information = 0;

IoCompleteRequest(pIrp, IO_NO_INCREMENT); //设置IRP请求为完成状态

KdPrint(("Leave HelloDDKDispatchRoutine\n"));

return status;

}

//sources

TARGETNAME=MzfFirstDriver

TARGETTYPE=DRIVER

TARGETPATH=OBJ

INCLUDES=$(BASEDIR)\inc;\

         $(BASEDIR)\inc\ddk;\

SOURCES=Driver.cpp \