一个驱动加载器代码
来源:互联网 发布:网络分销产品要点分析 编辑:程序博客网 时间:2024/06/13 19:57
//原作者:不明(来源于网络)/*使用方法:修改DRV_NAME和DRV_FILENAME定义HANDLE openDriver(void):打开驱动建立的符号链接的句柄void uninstallDriver(void):卸载驱动(只有把openDriver打开的句柄关闭才可以成功卸载)*/#pragma comment(lib,"user32.lib")#pragma comment(lib,"Advapi32.lib")#define DRV_NAME"myDriver"//驱动名#define DRV_FILENAME"myDriver.sys"//驱动文件#define DRV_SYMBOL_LINK "\\\\.\\LenfSys" // \??\LenfSys#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)typedef LONG NTSTATUS;typedef struct _STRING{ USHORT Length; USHORT MaximumLength; PCHAR Buffer;} ANSI_STRING, *PANSI_STRING;typedef struct _UNICODE_STRING{ USHORT Length; USHORT MaximumLength; PWSTR Buffer;} UNICODE_STRING, *PUNICODE_STRING;VOID AfxMessageBox(char *sz){LoadLibraryA("user32.dll"); MessageBoxA(0,sz,DRV_NAME,0);}//*********************************************************************************************// Assign loaddriver priviledge to our process, so we can load our support driver.//*********************************************************************************************BOOL getLoadDriverPriv(){ HANDLE hToken; if(OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken)) { LUID huid; if(LookupPrivilegeValueA(NULL, "SeLoadDriverPrivilege", &huid)) { LUID_AND_ATTRIBUTES priv; priv.Attributes = SE_PRIVILEGE_ENABLED; priv.Luid = huid; TOKEN_PRIVILEGES tp; tp.PrivilegeCount = 1; tp.Privileges[0] = priv; if(AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, NULL)) { return TRUE; } } } return FALSE;}//*********************************************************************************************// Sets up the necessary registry settings to load the support driver//*********************************************************************************************BOOL setupRegistry(){ HKEY hkey; if(RegCreateKeyA(HKEY_LOCAL_MACHINE, "System\\CurrentControlSet\\Services\\"DRV_NAME, &hkey) != ERROR_SUCCESS) return FALSE; DWORD val; val = 1; if(RegSetValueExA(hkey, "Type", 0, REG_DWORD, (PBYTE)&val, sizeof(val)) != ERROR_SUCCESS) return FALSE; if(RegSetValueExA(hkey, "ErrorControl", 0, REG_DWORD, (PBYTE)&val, sizeof(val)) != ERROR_SUCCESS) return FALSE; val = 3; if(RegSetValueExA(hkey, "Start", 0, REG_DWORD, (PBYTE)&val, sizeof(val)) != ERROR_SUCCESS) return FALSE; char *imgName = "System32\\DRIVERS\\"DRV_FILENAME; if(RegSetValueExA(hkey, "ImagePath", 0, REG_EXPAND_SZ, (PBYTE)imgName, strlen(imgName)) != ERROR_SUCCESS) return FALSE; return TRUE;}//*********************************************************************************************// Actual code to load our driver into memory////*********************************************************************************************BOOL loadDriver(){ HMODULE hntdll; NTSTATUS (WINAPI *_RtlAnsiStringToUnicodeString)(PUNICODE_STRING DestinationString,IN PANSI_STRING SourceString,IN BOOLEAN b); VOID (WINAPI *_RtlInitAnsiString) (IN OUT PANSI_STRING DestinationString, IN PCHAR SourceString); NTSTATUS (WINAPI * _ZwLoadDriver) (IN PUNICODE_STRING DriverServiceName); NTSTATUS (WINAPI * _ZwUnloadDriver) (IN PUNICODE_STRING DriverServiceName); VOID (WINAPI * _RtlFreeUnicodeString) (IN PUNICODE_STRING UnicodeString); hntdll = GetModuleHandleA("ntdll.dll"); *(FARPROC *)&_ZwLoadDriver = GetProcAddress(hntdll, "NtLoadDriver"); *(FARPROC *)&_ZwUnloadDriver = GetProcAddress(hntdll, "NtUnloadDriver"); *(FARPROC *)&_RtlAnsiStringToUnicodeString = GetProcAddress(hntdll, "RtlAnsiStringToUnicodeString"); *(FARPROC *)&_RtlInitAnsiString = GetProcAddress(hntdll, "RtlInitAnsiString"); *(FARPROC *)&_RtlFreeUnicodeString = GetProcAddress(hntdll, "RtlFreeUnicodeString"); if(_ZwLoadDriver && _ZwUnloadDriver && _RtlAnsiStringToUnicodeString && _RtlInitAnsiString && _RtlFreeUnicodeString) { ANSI_STRING aStr; _RtlInitAnsiString(&aStr, "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\"DRV_NAME); UNICODE_STRING uStr; if(_RtlAnsiStringToUnicodeString(&uStr, &aStr, TRUE) != STATUS_SUCCESS) return FALSE; else { if(_ZwLoadDriver(&uStr) == STATUS_SUCCESS) { _RtlFreeUnicodeString(&uStr); return TRUE; } _RtlFreeUnicodeString(&uStr); } } return FALSE;}//*********************************************************************************************// Actual code to remove our driver from memory////*********************************************************************************************BOOL unloadDriver(){// call ntdll APIs HMODULE hntdll; NTSTATUS (WINAPI * _RtlAnsiStringToUnicodeString) (PUNICODE_STRING DestinationString, IN PANSI_STRING SourceString, IN BOOLEAN); VOID (WINAPI *_RtlInitAnsiString) (IN OUT PANSI_STRING DestinationString, IN PCHAR SourceString); NTSTATUS (WINAPI * _ZwLoadDriver) (IN PUNICODE_STRING DriverServiceName); NTSTATUS (WINAPI * _ZwUnloadDriver) (IN PUNICODE_STRING DriverServiceName); VOID (WINAPI * _RtlFreeUnicodeString) (IN PUNICODE_STRING UnicodeString); hntdll = GetModuleHandleA("ntdll.dll"); *(FARPROC *)&_ZwLoadDriver = GetProcAddress(hntdll, "NtLoadDriver"); *(FARPROC *)&_ZwUnloadDriver = GetProcAddress(hntdll, "NtUnloadDriver"); *(FARPROC *)&_RtlAnsiStringToUnicodeString = GetProcAddress(hntdll, "RtlAnsiStringToUnicodeString"); *(FARPROC *)&_RtlInitAnsiString = GetProcAddress(hntdll, "RtlInitAnsiString"); *(FARPROC *)&_RtlFreeUnicodeString = GetProcAddress(hntdll, "RtlFreeUnicodeString"); if(_ZwLoadDriver && _ZwUnloadDriver && _RtlAnsiStringToUnicodeString && _RtlInitAnsiString && _RtlFreeUnicodeString) { ANSI_STRING aStr; _RtlInitAnsiString(&aStr, "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\"DRV_NAME); UNICODE_STRING uStr; if(_RtlAnsiStringToUnicodeString(&uStr, &aStr, TRUE) != STATUS_SUCCESS) return FALSE; else { if(_ZwUnloadDriver(&uStr) == STATUS_SUCCESS) { _RtlFreeUnicodeString(&uStr); return TRUE; } _RtlFreeUnicodeString(&uStr); } } return FALSE;}//*********************************************************************************************// Removes our driver file and registry settings////*********************************************************************************************void cleanupReg(void){ char sysDir[MAX_PATH + 1]; GetSystemDirectoryA(sysDir, MAX_PATH); //C:\Windows\system32 strncat(sysDir, "\\drivers\\"DRV_FILENAME, MAX_PATH); //C:\Windows\system32\驱动文件名 DeleteFileA(sysDir);//删除该文件//删除键值 RegDeleteKeyA(HKEY_LOCAL_MACHINE, "System\\CurrentControlSet\\Services\\"DRV_NAME"\\Enum"); RegDeleteKeyA(HKEY_LOCAL_MACHINE, "System\\CurrentControlSet\\Services\\"DRV_NAME);}//*********************************************************************************************// Attempts to get a handle to our kernel driver. If fails, try to install the driver.////*********************************************************************************************HANDLE openDriver(void){ HANDLE hDevice;//CreateFile打开驱动建立的符号链接, 符号连接可以设为,例如:"\\\\.\\"DRV_NAME hDevice = CreateFileA(DRV_SYMBOL_LINK, GENERIC_WRITE | GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(hDevice == INVALID_HANDLE_VALUE) { char drvFullPath[MAX_PATH+1]; char *filePart; ZeroMemory(drvFullPath, MAX_PATH); GetFullPathNameA(DRV_FILENAME, MAX_PATH, drvFullPath, &filePart);//打开驱动文件句柄 HANDLE hFile = CreateFileA(drvFullPath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if(hFile == INVALID_HANDLE_VALUE) { AfxMessageBox("Cannot find required driver file"); return INVALID_HANDLE_VALUE; } else { CloseHandle(hFile); char sysDir[MAX_PATH + 1]; GetSystemDirectoryA(sysDir, MAX_PATH); strncat(sysDir, "\\drivers\\"DRV_FILENAME, MAX_PATH); CopyFileA(drvFullPath, sysDir, TRUE); if(!getLoadDriverPriv())//获取加载驱动权限 { AfxMessageBox("Error getting load driver privilege! "); } else { if(!setupRegistry()) //写入注册表 { AfxMessageBox("Error setting driver registry keys! Make sure you are running this as Administrator. "); } else { loadDriver(); //加载驱动//打开符号链接 hDevice = CreateFileA(DRV_SYMBOL_LINK, GENERIC_WRITE | GENERIC_READ,FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(hDevice == INVALID_HANDLE_VALUE) { AfxMessageBox("Error loading kernel support driver! Make sure you are running this as Administrator. "); } else { AfxMessageBox("loading kernel support driver success"); } } } cleanupReg();//清除该驱动在注册表里的相关键值 } } return hDevice;}//*********************************************************************************************// Remove our kernel driver from memory////*********************************************************************************************void uninstallDriver(void){ char drvFullPath[MAX_PATH+1]; char *filePart; ZeroMemory(drvFullPath, MAX_PATH); GetFullPathNameA(DRV_FILENAME, MAX_PATH, drvFullPath, &filePart);//打开驱动文件句柄 HANDLE hFile = CreateFileA(drvFullPath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if(hFile == INVALID_HANDLE_VALUE) { AfxMessageBox("Cannot find required driver file "); return; } else { CloseHandle(hFile); char sysDir[MAX_PATH + 1]; GetSystemDirectoryA(sysDir, MAX_PATH); strncat(sysDir, "\\drivers\\"DRV_FILENAME, MAX_PATH);//复制驱动文件到C:\Windows\System32\drivers下 CopyFileA(drvFullPath, sysDir, TRUE); if(!getLoadDriverPriv()) //获取加载权限 { AfxMessageBox("Error getting load driver privilege! "); } else { if(!setupRegistry())//建立注册表项 { AfxMessageBox("Error setting driver registry keys! Make sure you are running this as Administrator. "); } else { if(unloadDriver())//卸载驱动 AfxMessageBox("Support driver successfully unloaded. "); else AfxMessageBox("Unload support driver failed. It is probably not loaded. "); } } cleanupReg(); //清理注册表项 }}DWORD CTL_CODE_GEN(DWORD dwFunction){ return (FILE_DEVICE_UNKNOWN * 65536) | (FILE_ANY_ACCESS * 16384) | (dwFunction * 4) | METHOD_BUFFERED;}BOOL IoControl(HANDLE hDrvHandle, DWORD dwIoControlCode, PVOID lpInBuffer, DWORD nInBufferSize, PVOID lpOutBuffer, DWORD nOutBufferSize){ DWORD dwRetSize; return DeviceIoControl(hDrvHandle, dwIoControlCode, lpInBuffer, nInBufferSize,lpOutBuffer, nOutBufferSize, &dwRetSize, 0);}
0 0
- 一个驱动加载器代码
- NT驱动加载器
- 驱动加载器
- 应用层加载NT驱动代码
- 释放-加载-删除驱动的代码
- delphi加载驱动的代码演示
- 一个驱动无法加载的分析
- 怎么加载一个新的驱动
- 一个关于驱动加载的时序问题
- 应用层 加载驱动 和 卸载驱动代码
- 应用层 加载驱动 和 卸载驱动代码
- NT式驱动加载器
- 驱动加载器UI版
- 一个内存加载dll的代码
- 分享一个延时加载的封装代码
- 一段文件删除代码(动态加载驱动)
- linux里的nvme驱动代码分析(加载初始化)
- 驱动加载。
- orabbix监控oracle数据库
- 日经社説 20150510 中ロへの関与を進め秩序安定の道探れ
- xcode代码段保存
- two great articles about THIS in Javascript
- linux系统调用代码
- 一个驱动加载器代码
- 社説 20150510 代替フロン削減 地球温暖化防止の重要な柱だ
- C++ Traits技术
- Web.xml配置详解
- 汇编基础代码_1
- 社説 20150510 アジア開銀改革 途上国支援の機能強化を急げ
- 定制一个相对安全的linux命令------delete (代替rm)
- 测试发表
- 泛函编程(25)-泛函数据类型-Monad-Applicative