VS2013生成个最简单的NT式驱动程序

来源：互联网发布：设计图纸软件下载编辑：程序博客网时间：2024/06/08 17:00

1>装有visual studio 2013

2>在http://msdn.microsoft.com/zh-cn/windows/hardware/hh852365下载并安装WDK，现在最新的是WDK8.1

1.打开VS创建一个新项目MyDriver 文件--> 新建 -->项目 -->Windows Driver -->Empty WDM Driver

2.添加Driver.h和Driver.cpp文件，编译后就能生成MyDriver.sys 也许需要将项目的属性页-->常规-->将警告视为错误选项改为否

/************************************************************************* 文件名称:Driver.h                                                 * 作    者:张帆* 完成日期:2007-11-1*************************************************************************/#pragma once#ifdef __cplusplusextern "C"{#endif#include <NTDDK.h>#ifdef __cplusplus}#endif #define PAGEDCODE code_seg("PAGE")#define LOCKEDCODE code_seg()#define INITCODE code_seg("INIT")#define PAGEDDATA data_seg("PAGE")#define LOCKEDDATA data_seg()#define INITDATA data_seg("INIT")#define arraysize(p) (sizeof(p)/sizeof((p)[0]))typedef struct _DEVICE_EXTENSION {PDEVICE_OBJECT pDevice;UNICODE_STRING ustrDeviceName;//设备名称UNICODE_STRING ustrSymLinkName;//符号链接名} DEVICE_EXTENSION, *PDEVICE_EXTENSION;// 函数声明NTSTATUS CreateDevice (IN PDRIVER_OBJECT pDriverObject);VOID HelloDDKUnload (IN PDRIVER_OBJECT pDriverObject);NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj, IN PIRP pIrp);

/************************************************************************* 文件名称:Driver.cpp                                                 * 作    者:张帆* 完成日期:2007-11-1*************************************************************************/#include "Driver.h"/************************************************************************* 函数名称:DriverEntry* 功能描述:初始化驱动程序，定位和申请硬件资源，创建内核对象* 参数列表:      pDriverObject:从I/O管理器中传进来的驱动对象      pRegistryPath:驱动程序在注册表的中的路径* 返回 值:返回初始化驱动状态*************************************************************************/#pragma INITCODEextern "C" NTSTATUS DriverEntry (IN PDRIVER_OBJECT pDriverObject,IN PUNICODE_STRING pRegistryPath) {NTSTATUS status;KdPrint(("Enter DriverEntry\n"));//注册其他驱动调用函数入口pDriverObject->DriverUnload = HelloDDKUnload;pDriverObject->MajorFunction[IRP_MJ_CREATE] = HelloDDKDispatchRoutine;pDriverObject->MajorFunction[IRP_MJ_CLOSE] = HelloDDKDispatchRoutine;pDriverObject->MajorFunction[IRP_MJ_WRITE] = HelloDDKDispatchRoutine;pDriverObject->MajorFunction[IRP_MJ_READ] = HelloDDKDispatchRoutine;//创建驱动设备对象status = CreateDevice(pDriverObject);KdPrint(("DriverEntry end\n"));return status;}/************************************************************************* 函数名称:CreateDevice* 功能描述:初始化设备对象* 参数列表:      pDriverObject:从I/O管理器中传进来的驱动对象* 返回 值:返回初始化状态*************************************************************************/#pragma INITCODENTSTATUS CreateDevice (IN PDRIVER_OBJECTpDriverObject) {KdPrint(("开始创建设备!\n"));NTSTATUS status;PDEVICE_OBJECT pDevObj;PDEVICE_EXTENSION pDevExt;//创建设备名称UNICODE_STRING devName;RtlInitUnicodeString(&devName,L"\\Device\\MyDDKDevice");//创建设备status = IoCreateDevice( pDriverObject,sizeof(DEVICE_EXTENSION),&(UNICODE_STRING)devName,FILE_DEVICE_UNKNOWN,0, TRUE,&pDevObj );if (!NT_SUCCESS(status))return status;//创建符号链接UNICODE_STRING symLinkName;RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");status = IoCreateSymbolicLink( &symLinkName,&devName );if (!NT_SUCCESS(status)) {IoDeleteDevice( pDevObj );return status;}pDevObj->Flags |= DO_BUFFERED_IO;pDevExt = (PDEVICE_EXTENSION)pDevObj->DeviceExtension;pDevExt->pDevice = pDevObj;pDevExt->ustrDeviceName.Buffer = (PWSTR)ExAllocatePool(NonPagedPool, devName.MaximumLength);pDevExt->ustrDeviceName.MaximumLength = devName.MaximumLength;RtlCopyUnicodeString(&pDevExt->ustrDeviceName, &devName);pDevExt->ustrSymLinkName.Buffer = (PWSTR)ExAllocatePool(NonPagedPool, symLinkName.MaximumLength);pDevExt->ustrSymLinkName.MaximumLength = symLinkName.MaximumLength;RtlCopyUnicodeString(&pDevExt->ustrSymLinkName, &symLinkName);KdPrint(("创建设备成功!\n"));return STATUS_SUCCESS;}/************************************************************************* 函数名称:HelloDDKUnload* 功能描述:负责驱动程序的卸载操作* 参数列表:      pDriverObject:驱动对象* 返回 值:返回状态*************************************************************************/#pragma PAGEDCODEVOID HelloDDKUnload (IN PDRIVER_OBJECT pDriverObject) {KdPrint(("Enter DriverUnload\n"));PDEVICE_OBJECTpNextObj;pNextObj = pDriverObject->DeviceObject;while (pNextObj != NULL) {PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pNextObj->DeviceExtension;//删除符号链接IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);//删除设备IoDeleteDevice(pDevExt->pDevice);//释放ExAllocatePool动态分配的空间RtlFreeUnicodeString(&pDevExt->ustrSymLinkName);RtlFreeUnicodeString(&pDevExt->ustrDeviceName);pNextObj = pNextObj->NextDevice;}KdPrint(("DriverUnload end\n"));}/************************************************************************* 函数名称:HelloDDKDispatchRoutine* 功能描述:对读IRP进行处理* 参数列表:      pDevObj:功能设备对象      pIrp:从IO请求包* 返回 值:返回状态*************************************************************************/#pragma PAGEDCODENTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj, IN PIRP pIrp) {KdPrint(("Enter HelloDDKDispatchRoutine\n"));NTSTATUS status = STATUS_SUCCESS;// 完成IRPpIrp->IoStatus.Status = status;pIrp->IoStatus.Information = 0;// bytes xferedIoCompleteRequest( pIrp, IO_NO_INCREMENT );KdPrint(("Leave HelloDDKDispatchRoutine\n"));return status;}

注：原版的代码有些问题，卸载驱动的时候会蓝屏崩溃，这是我修改了的代码，测试可以正常卸载！

4> 将生成的MyDriver.sys测试一下,可在虚拟机测试

1. 打开Dbgview,选中Capture Kernel ,Enable Verbose Kernel Output.

2.用DriverMonitor载入MyDriver.sys,点击GO，DbgView可看到启动成功消息，点击STOP卸载驱动.

0 0