EXE和SYS通信(ReadFile WriteFile) 其他方式
来源:互联网 发布:由诲女知之乎翻译 编辑:程序博客网 时间:2024/05/17 23:09
EXE部分
#include <stdio.h>#include <Windows.h>int main (void){char linkname[]="\\\\.\\HelloDDK";HANDLE hDevice = CreateFileA(linkname,GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);if (hDevice == INVALID_HANDLE_VALUE){printf("Win32 error code: %d\n",GetLastError());return 1;}UCHAR buffer[10]={0};ULONG ulRead=0;if (ReadFile(hDevice,buffer,10,&ulRead,NULL)){printf("Read %d bytes:",ulRead);for (int i=0;i<(int)ulRead;i++){printf("%02X ",buffer[i]);}printf("\n");}getchar();getchar();ulRead=0;if (WriteFile(hDevice,buffer,10,&ulRead,NULL)){printf("write %d bytes\n",ulRead);for (int i=0;i<(int)ulRead;i++){printf("%02X ",buffer[i]);}printf("\n");}CloseHandle(hDevice);getchar();getchar();return 0;}
SYS部分
#pragma once#include <ntddk.h>#define CountArray(Array) (sizeof(Array)/sizeof(Array[0]))#define MAX_FILE_LENGTH 1024typedef struct _DEVICE_EXTENSION{PDEVICE_OBJECT pDevice;//设备对象UNICODE_STRING ustrDeviceName;//设备名称UNICODE_STRING ustrSymLinkName;//符号名称PUCHARbuffer;//缓冲区指针ULONGfile_length;//缓冲区长度}DEVICE_EXTENSION,*PDEVICE_EXTENSION;#ifdef __cplusplusextern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath);#endifvoid HelloUnload(IN PDRIVER_OBJECT DriverObject);//卸载函数NTSTATUS CreateDevice(PDRIVER_OBJECT PDevObj);//创建设备NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);//派遣函数NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP);//读请求派遣函数NTSTATUS HelloDDKWrite(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP);//写请求派遣函数
#include "hello.h"NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath){DbgPrint("Hello from!\n");DriverObject->DriverUnload = HelloUnload;for (int i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++){DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;}DriverObject->MajorFunction[IRP_MJ_READ]=HelloDDKRead;//设置读派遣函数DriverObject->MajorFunction[IRP_MJ_WRITE]=HelloDDKWrite;//设置写派遣函数//#if DBG//_asm int 3//#endif//创建设备CreateDevice(DriverObject);return STATUS_SUCCESS;}//读派遣函数NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP){//#if DBG//_asm int 3//#endifPDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;NTSTATUS status=STATUS_SUCCESS;PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrP);//获取当前堆栈ULONG ulReadLength=stack->Parameters.Read.Length;//获取读的长度ULONG ulReadOffset=(ULONG)stack->Parameters.Read.ByteOffset.QuadPart;//获取读的偏移PVOID user_address=pIrP->UserBuffer;//获取用户模式地址if (user_address==NULL){ASSERT(FALSE);//完成IRPpIrP->IoStatus.Status=STATUS_UNSUCCESSFUL;//设置完成状态pIrP->IoStatus.Information=0;//设置读取长度IoCompleteRequest(pIrP,IO_NO_INCREMENT);//完成IRPreturn status;}DbgPrint("0X%0X\n",user_address);__try{//判断指针是否可写ProbeForWrite(user_address,ulReadLength,4);memset(user_address,0XAA,ulReadLength);DbgPrint("测试下");}__except(EXCEPTION_EXECUTE_HANDLER){DbgPrint("打我PG我不乖\n");status=STATUS_UNSUCCESSFUL;}//完成IRPpIrP->IoStatus.Status=status;//设置完成状态pIrP->IoStatus.Information=ulReadLength;//设置读取长度IoCompleteRequest(pIrP,IO_NO_INCREMENT);//完成IRPreturn status;}//写派遣函数NTSTATUS HelloDDKWrite(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP){//#if DBG//_asm int 3//#endifPDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;NTSTATUS status=STATUS_SUCCESS;PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrP);ULONG ulWriteLength=stack->Parameters.Read.Length;//获取写的长度ULONG ulReadOffset=(ULONG)stack->Parameters.Read.ByteOffset.QuadPart;//获取写的偏移PVOID user_address=pIrP->UserBuffer;//获取用户模式地址if (user_address==NULL){ASSERT(FALSE);//完成IRPpIrP->IoStatus.Status=STATUS_UNSUCCESSFUL;//设置完成状态pIrP->IoStatus.Information=0;//设置读取长度IoCompleteRequest(pIrP,IO_NO_INCREMENT);//完成IRPreturn status;}DbgPrint("0X%0X\n",user_address);__try{//判断指针是否可写ProbeForWrite(user_address,ulWriteLength,4);UCHAR buffer[10]={0};memcpy(buffer,user_address,ulWriteLength);for (int i=0;i<(int)ulWriteLength;i++){DbgPrint("%02x\n",buffer[i]);}memset(user_address,0XAA,ulWriteLength);DbgPrint("测试下");}__except(EXCEPTION_EXECUTE_HANDLER){DbgPrint("打我PG我不乖\n");status=STATUS_UNSUCCESSFUL;}//完成IRPpIrP->IoStatus.Status=status;//设置完成状态pIrP->IoStatus.Information=ulWriteLength;//设置写取长度IoCompleteRequest(pIrP,IO_NO_INCREMENT);//完成IRPreturn status;}//卸载函数void HelloUnload(IN PDRIVER_OBJECT DriverObject){DbgPrint("Goodbye from!\n");PDEVICE_OBJECT pNextObj=NULL;pNextObj=DriverObject->DeviceObject;while (pNextObj){PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;//释放内存if (pDevExt->buffer){ExFreePool(pDevExt->buffer);pDevExt->buffer=NULL;}//删除符号连接IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);//删除设备IoDeleteDevice(pDevExt->pDevice);pNextObj=pNextObj->NextDevice;}}//创建设备NTSTATUS CreateDevice(PDRIVER_OBJECT pDriver_Object){//定义变量NTSTATUS status=STATUS_SUCCESS;PDEVICE_OBJECT pDevObje=NULL;PDEVICE_EXTENSION pDevExt=NULL;//初始化字符串UNICODE_STRING devname;UNICODE_STRING symLinkName;RtlInitUnicodeString(&devname,L"\\device\\hello");RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");//创建设备if (IoCreateDevice(pDriver_Object,sizeof(PDEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObje)!=STATUS_SUCCESS ){DbgPrint("创建设备失败\n");return status;}pDevExt=(PDEVICE_EXTENSION)pDevObje->DeviceExtension;pDevExt->pDevice=pDevObje;pDevExt->ustrDeviceName=devname;pDevExt->ustrSymLinkName=symLinkName;//申请模拟文件的缓冲区pDevExt->buffer=(PUCHAR)ExAllocatePool(PagedPool,MAX_FILE_LENGTH);pDevExt->file_length=0;if (pDevExt->buffer==NULL){DbgPrint("内存分配失败\n");}//创建符号连接if (IoCreateSymbolicLink(&symLinkName,&devname)!=STATUS_SUCCESS ){DbgPrint("创建符号连接失败\n");IoDeleteDevice(pDevObje);return status;}return STATUS_SUCCESS;}//派遣函数NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP){//#if DBG//_asm int 3//#endifPIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrP);//建立一个字符串数组与IRP类型对应起来static char* irpname[] = {"IRP_MJ_CREATE","IRP_MJ_CREATE_NAMED_PIPE","IRP_MJ_CLOSE","IRP_MJ_READ","IRP_MJ_WRITE","IRP_MJ_QUERY_INFORMATION","IRP_MJ_SET_INFORMATION","IRP_MJ_QUERY_EA","IRP_MJ_SET_EA","IRP_MJ_FLUSH_BUFFERS","IRP_MJ_QUERY_VOLUME_INFORMATION","IRP_MJ_SET_VOLUME_INFORMATION","IRP_MJ_DIRECTORY_CONTROL","IRP_MJ_FILE_SYSTEM_CONTROL","IRP_MJ_DEVICE_CONTROL","IRP_MJ_INTERNAL_DEVICE_CONTROL","IRP_MJ_SHUTDOWN","IRP_MJ_LOCK_CONTROL","IRP_MJ_CLEANUP","IRP_MJ_CREATE_MAILSLOT","IRP_MJ_QUERY_SECURITY","IRP_MJ_SET_SECURITY","IRP_MJ_POWER","IRP_MJ_SYSTEM_CONTROL","IRP_MJ_DEVICE_CHANGE","IRP_MJ_QUERY_QUOTA","IRP_MJ_SET_QUOTA","IRP_MJ_PNP",};UCHAR type = stack->MajorFunction;if (type >= CountArray(irpname))KdPrint(("无效的IRP类型 %X\n", type));elseKdPrint(("%s\n", irpname[type]));pIrP->IoStatus.Status=STATUS_SUCCESS;//设置完成状态pIrP->IoStatus.Information=0;//设置操作字节为0IoCompleteRequest(pIrP,IO_NO_INCREMENT);//结束IRP派遣函数,第二个参数表示不增加优先级return STATUS_SUCCESS;}
0 0
- EXE和SYS通信(ReadFile WriteFile) 其他方式
- EXE和SYS通信(ReadFile WriteFile) 其他方式
- EXE和SYS通信(ReadFile WriteFile DO_BUFFERED_IO) 缓冲区方式
- EXE和SYS通信(ReadFile WriteFile DO_DIRECT_IO) 直接方式
- EXE和SYS通信(ReadFile WriteFile DO_BUFFERED_IO) 缓冲区方式
- EXE和SYS通信(ReadFile WriteFile DO_DIRECT_IO) 直接方式
- WriteFile和ReadFile函数
- WriteFile和ReadFile函数
- WriteFile和ReadFile函数
- WriteFile和ReadFile函数
- WriteFile和ReadFile函数
- EXE和SYS通信IOCTL方式
- EXE和SYS通信MiniFilter方式
- EXE和SYS通信IOCTL方式
- 串口通信中ReadFile和WriteFile的超时详解!
- 串口通信中ReadFile和WriteFile的超时详解!
- Lua中WriteFile和ReadFile
- EXE与SYS通信(其他模式)
- Android 内存监测工具 DDMS --> Heap
- 利用CXF框架开发WebService(转)
- 湖南省第六届省赛有趣题
- java泛型之基础
- hdu 4336 Card Colletor 动态规划-概率dp
- EXE和SYS通信(ReadFile WriteFile) 其他方式
- CDOJ 最短路
- HDU 2795 Billboard 线段树 顺序点更新
- php将汉字转换拼音
- 【模式识别】OpenCV中使用神经网络 CvANN_MLP
- python中的getopt模块
- CXF整合Spring之JaxWsProxyFactoryBean调用
- Android开发之远距离PC控制
- opencv简单滤波
