DPC定时器

EXE部分

#include <stdio.h>#include <Windows.h>#include <WinIoCtl.h>#include "Ioctl.h"int main (void){char linkname[]="\\\\.\\HelloDDK";HANDLE hDevice = CreateFileA(linkname,GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL|FILE_FLAG_OVERLAPPED,//此处设置FILE_FLAG_OVERLAPPEDNULL);if (hDevice == INVALID_HANDLE_VALUE){printf("Win32 error code: %d\n",GetLastError());return 1;}DWORD dwOutput;DWORD dwMircoSeconds=1000*1000*1;DeviceIoControl(hDevice, IOCTL_START_TIMER, &dwMircoSeconds, sizeof(DWORD), NULL, 0, &dwOutput, NULL);getchar();getchar();DeviceIoControl(hDevice, IOCTL_STOP_TIMER, NULL, 0, NULL, 0, &dwOutput, NULL);CloseHandle(hDevice);getchar();getchar();return 0;}

 

 

 

 

SYS部分

#pragma once#include <ntddk.h>#define CountArray(Array)  (sizeof(Array)/sizeof(Array[0]))//设定3秒间隔时间#define TIMER_OUT3typedef struct _DEVICE_EXTENSION{PDEVICE_OBJECTpDevice;//设备对象UNICODE_STRINGustrDeviceName;//设备名称UNICODE_STRINGustrSymLinkName;//符号名称KDPCpollingDPC;//存储DPC对象KTIMERpollingTimer;//存储计时器对象LARGE_INTEGERpollingInterval;//记录计时器间隔时间}DEVICE_EXTENSION,*PDEVICE_EXTENSION;#ifdef __cplusplusextern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath);#endifvoid HelloUnload(IN PDRIVER_OBJECT DriverObject);//卸载函数NTSTATUS CreateDevice(PDRIVER_OBJECT PDevObj);//创建设备NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);//派遣函数NTSTATUS HelloDDKControl(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);//IRP_MJ_DIRECTORY_CONTROL

 

#include "hello.h"#include "Ioctl.h"NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING  RegistryPath){DbgPrint("Hello from!\n");DriverObject->DriverUnload = HelloUnload;for (int i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++){DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;}DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=HelloDDKControl;#if DBG_asm int 3#endif//创建设备CreateDevice(DriverObject);return STATUS_SUCCESS;}//卸载函数void HelloUnload(IN PDRIVER_OBJECT DriverObject){#if DBG_asm int 3#endifDbgPrint("Goodbye from!\n");PDEVICE_OBJECT pNextObj=NULL;pNextObj=DriverObject->DeviceObject;while (pNextObj){PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;//删除符号连接IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);//删除设备IoDeleteDevice(pDevExt->pDevice);pNextObj=pNextObj->NextDevice;}}VOID PollingTimerDpc(IN PKDPC pDpc,IN PVOID PContext,IN PVOID SysArg1,IN PVOID SysArg2){PDEVICE_OBJECT pDevObj=(PDEVICE_OBJECT)PContext;PDEVICE_EXTENSION pdx=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;KeSetTimer(&pdx->pollingTimer,pdx->pollingInterval,&pdx->pollingDPC);//检验是运行在任意线程上下文PEPROCESS pEProcess=IoGetCurrentProcess();PTSTR ProcessName=(PTSTR)((ULONG)pEProcess+0x164);DbgPrint("%s\n",ProcessName);return;}NTSTATUS HelloDDKControl(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp){#if DBG_asm int 3#endifNTSTATUS status=STATUS_SUCCESS;//获取当前堆栈PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrp);//获取输入参数大小ULONG cbin=stack->Parameters.DeviceIoControl.InputBufferLength;//获取输出参数大小ULONG cbout=stack->Parameters.DeviceIoControl.OutputBufferLength;//得到IOCTL控制码ULONG code=stack->Parameters.DeviceIoControl.IoControlCode;//获取设备扩展PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;switch (code){case IOCTL_START_TIMER:{//从用户模式传进来的超时ULONG ulMircoSeconds=*(PULONG)pIrp->AssociatedIrp.SystemBuffer;pDevExt->pollingInterval=RtlConvertLongToLargeInteger(ulMircoSeconds*-10);DbgPrint("%d\n",ulMircoSeconds*-10);KeSetTimer(&pDevExt->pollingTimer,pDevExt->pollingInterval,&pDevExt->pollingDPC);}break;case IOCTL_STOP_TIMER:{KeCancelTimer(&pDevExt->pollingTimer);}break;default:status=STATUS_INVALID_VARIANT;}//设置IRP的完成状态pIrp->IoStatus.Status=status;pIrp->IoStatus.Information=0;IoCompleteRequest(pIrp,IO_NO_INCREMENT);return status;}//创建设备NTSTATUS CreateDevice(PDRIVER_OBJECT pDriver_Object){//定义变量NTSTATUS status=STATUS_SUCCESS;PDEVICE_OBJECT pDevObj=NULL;PDEVICE_EXTENSION pDevExt=NULL;//初始化字符串UNICODE_STRING devname;UNICODE_STRING symLinkName;RtlInitUnicodeString(&devname,L"\\device\\hello");RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");//创建设备status =IoCreateDevice(pDriver_Object,sizeof(DEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObj);if (!NT_SUCCESS(status)){DbgPrint("创建设备失败\n");return status;}pDevObj->Flags |= DO_BUFFERED_IO;;pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;pDevExt->pDevice=pDevObj;pDevExt->ustrDeviceName=devname;pDevExt->ustrSymLinkName=symLinkName;KeInitializeTimer(&pDevExt->pollingTimer);KeInitializeDpc(&pDevExt->pollingDPC,PollingTimerDpc,(PVOID)pDevObj);//创建符号连接status =IoCreateSymbolicLink(&symLinkName,&devname) ;if (!NT_SUCCESS(status)) {DbgPrint("创建符号连接失败\n");IoDeleteDevice(pDevObj);return status;}return STATUS_SUCCESS;}//派遣函数NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP){//#if DBG//_asm int 3//#endifPIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrP);//建立一个字符串数组与IRP类型对应起来static char* irpname[] = {"IRP_MJ_CREATE","IRP_MJ_CREATE_NAMED_PIPE","IRP_MJ_CLOSE","IRP_MJ_READ","IRP_MJ_WRITE","IRP_MJ_QUERY_INFORMATION","IRP_MJ_SET_INFORMATION","IRP_MJ_QUERY_EA","IRP_MJ_SET_EA","IRP_MJ_FLUSH_BUFFERS","IRP_MJ_QUERY_VOLUME_INFORMATION","IRP_MJ_SET_VOLUME_INFORMATION","IRP_MJ_DIRECTORY_CONTROL","IRP_MJ_FILE_SYSTEM_CONTROL","IRP_MJ_DEVICE_CONTROL","IRP_MJ_INTERNAL_DEVICE_CONTROL","IRP_MJ_SHUTDOWN","IRP_MJ_LOCK_CONTROL","IRP_MJ_CLEANUP","IRP_MJ_CREATE_MAILSLOT","IRP_MJ_QUERY_SECURITY","IRP_MJ_SET_SECURITY","IRP_MJ_POWER","IRP_MJ_SYSTEM_CONTROL","IRP_MJ_DEVICE_CHANGE","IRP_MJ_QUERY_QUOTA","IRP_MJ_SET_QUOTA","IRP_MJ_PNP",};UCHAR type = stack->MajorFunction;if (type >= CountArray(irpname))KdPrint(("无效的IRP类型 %X\n", type));elseKdPrint(("%s\n", irpname[type]));pIrP->IoStatus.Status=STATUS_SUCCESS;//设置完成状态pIrP->IoStatus.Information=0;//设置操作字节为0IoCompleteRequest(pIrP,IO_NO_INCREMENT);//结束IRP派遣函数，第二个参数表示不增加优先级return STATUS_SUCCESS;}