EXE与SYS通信(其他模式)

来源：互联网发布：注册表清理软件编辑：程序博客网时间：2024/04/30 16:58

EXE部分

head.h

#ifndef   CTL_CODE#pragma message("\n \n-----------EXE . Include winioctl.h ")#include<winioctl.h> //CTL_CODE ntddk.h wdm.h#else #pragma message("\n \n----------SYS  NO Include winioctl.h ")#endif#define add_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_NEITHER,FILE_ANY_ACCESS)#define sub_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_NEITHER,FILE_ANY_ACCESS)

main.cpp

#include <stdio.h>#include <tchar.h>#include <windows.h>#include "head.h"int  add (HANDLE hDevice ,int a,int b){int port[2]={a,b};int bufret=0;ULONG dwWrite=0;DeviceIoControl(hDevice,add_code,&port,sizeof(port),&bufret,sizeof(bufret),&dwWrite,NULL);return bufret;}int main (void){getchar();getchar();HANDLE hDevice=CreateFile(TEXT("\\\\.\\My_DriverLinkName"),GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);if (hDevice==INVALID_HANDLE_VALUE){printf("打开设备失败\n");getchar();getchar();return 0;}int k=add(hDevice,11,22);printf("%d\n",k);getchar();getchar();return 0;}

SYS部分

head.h

#ifndef   CTL_CODE#pragma message("\n \n-----------EXE . Include winioctl.h ")#include<winioctl.h> //CTL_CODE ntddk.h wdm.h#else #pragma message("\n \n----------SYS  NO Include winioctl.h ")#endif#define add_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_NEITHER,FILE_ANY_ACCESS)#define sub_code CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_NEITHER,FILE_ANY_ACCESS)

cpp部分

#include <ntdef.h>#include <ntddk.h>#include "head.h"#ifdef __cplusplusextern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath);#endifNTSTATUS ddk_DispatchRoutine_CONTROL(IN PDEVICE_OBJECT pDevobj,IN PIRP pIrp);void TestDDK125096Unload(IN PDRIVER_OBJECT DriverObject);NTSTATUS CreateMyDevice (IN PDRIVER_OBJECT pDriverObject); NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath){DbgPrint("Hello from TestDDK125096!\n");DriverObject->DriverUnload = TestDDK125096Unload;DriverObject->MajorFunction[IRP_MJ_CREATE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数DriverObject->MajorFunction[IRP_MJ_CLOSE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数DriverObject->MajorFunction[IRP_MJ_READ]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数DriverObject->MajorFunction[IRP_MJ_CLOSE]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=ddk_DispatchRoutine_CONTROL; //IRP_MJ_CREATE相关IRP处理函数CreateMyDevice(DriverObject);//创建相应的设备return STATUS_SUCCESS;}void TestDDK125096Unload(IN PDRIVER_OBJECT DriverObject){DbgPrint("Goodbye from TestDDK125096!\n");PDEVICE_OBJECT pDev;//用来取得要删除设备对象UNICODE_STRING symLinkName; // pDev=DriverObject->DeviceObject;IoDeleteDevice(pDev); //删除设备//取符号链接名字RtlInitUnicodeString(&symLinkName,L"\\??\\My_DriverLinkName");//删除符号链接IoDeleteSymbolicLink(&symLinkName);KdPrint(("驱动成功被卸载...OK-----------")); //sprintf,printf//取得要删除设备对象//删掉所有设备DbgPrint("卸载成功");}NTSTATUS ddk_DispatchRoutine_CONTROL(IN PDEVICE_OBJECT pDevobj,IN PIRP pIrp){   //ULONG info;//得到当前栈指针PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);ULONG mf=stack->MajorFunction;//区分IRPswitch (mf){case IRP_MJ_DEVICE_CONTROL:{ KdPrint(("Enter myDriver_DeviceIOControl\n"));    NTSTATUS status = STATUS_SUCCESS;//得到输入缓冲区大小ULONG cbin = stack->Parameters.DeviceIoControl.InputBufferLength;//得到输出缓冲区大小ULONG cbout = stack->Parameters.DeviceIoControl.OutputBufferLength;//得到IOCTL码ULONG code = stack->Parameters.DeviceIoControl.IoControlCode;switch (code){ case add_code:{  int a,b;KdPrint(("add_code 1111111111111111111\n"));int * InputBuffer=(int*)stack->Parameters.DeviceIoControl.Type3InputBuffer;__try{ProbeForRead(InputBuffer,cbin,__alignof(int));//sizeof(XX)_asm{mov eax,InputBuffermov ebx,[eax]mov a,ebxmov ebx,[eax+4]mov b,ebx}KdPrint(("a=%d,b=%d \n", a,b));a=a+b;int* OutputBuffer=(int*)pIrp->UserBuffer;ProbeForWrite(OutputBuffer,cbout,sizeof(int));KdPrint(("OutputBuffer=%x",OutputBuffer));_asm{mov eax,amov ebx,OutputBuffermov [ebx],eax //bufferet=a+b}KdPrint(("a+b=%d \n",a));}__except(EXCEPTION_EXECUTE_HANDLER){KdPrint(("指定地址不可读 或者 写 \n"));}//设置实际操作输出缓冲区长度info = 4;break;}case sub_code:{break;}}//end code switchbreak;}case IRP_MJ_CREATE:{break;}case IRP_MJ_CLOSE:{break;}case IRP_MJ_READ:{break;}}//对相应的IPR进行处理pIrp->IoStatus.Information=info;//设置操作的字节数为0，这里无实际意义pIrp->IoStatus.Status=STATUS_SUCCESS;//返回成功IoCompleteRequest(pIrp,IO_NO_INCREMENT);//指示完成此IRPKdPrint(("离开派遣函数\n"));//调试信息return STATUS_SUCCESS; //返回成功}NTSTATUS CreateMyDevice (IN PDRIVER_OBJECT pDriverObject) {NTSTATUS status;PDEVICE_OBJECT pDevObj;/*用来返回创建设备*///创建设备名称UNICODE_STRING devName;UNICODE_STRING symLinkName; // RtlInitUnicodeString(&devName,L"\\Device\\125DDK_Device");/*对devName初始化字串为 "\\Device\\125DDK_Device"*///创建设备status = IoCreateDevice( pDriverObject,\0,\&devName,\FILE_DEVICE_UNKNOWN,\0, TRUE,\&pDevObj);if (!NT_SUCCESS(status)){if (status==STATUS_INSUFFICIENT_RESOURCES){KdPrint(("资源不足 STATUS_INSUFFICIENT_RESOURCES"));}if (status==STATUS_OBJECT_NAME_EXISTS ){KdPrint(("指定对象名存在"));}if (status==STATUS_OBJECT_NAME_COLLISION){KdPrint(("//对象名有冲突"));}KdPrint(("设备创建失败...++++++++"));return status;}KdPrint(("设备创建成功...++++++++"));pDevObj->Flags |= DO_BUFFERED_IO;//创建符号链接RtlInitUnicodeString(&symLinkName,L"\\??\\My_DriverLinkName");status = IoCreateSymbolicLink( &symLinkName,&devName );if (!NT_SUCCESS(status)) /*status等于0*/{IoDeleteDevice( pDevObj );return status;}return STATUS_SUCCESS;}

0 0