驱动开发（3）使用SCM加载NT驱动（用应用程序加载驱动）

来源：互联网发布：html视频播放器源码编辑：程序博客网时间：2024/05/01 14:06

本博文由CSDN博主zuishikonghuan所作，版权归zuishikonghuan所有，转载请注明出处：http://blog.csdn.net/zuishikonghuan/article/details/48827825

在上一篇中，我简单介绍编写了一个NT驱动空壳，这一篇中，将介绍如何自己编写一个驱动程序加载器，即使用编程的方法加载驱动，而不是使用工具。

我在上一篇中也提到了，驱动程序是通过服务加载的，我以前写过SCM（服务控制管理器）API的文章，详细介绍各函数的具体用法，详见：

[Win32] SCManager 服务控制管理器API（1）：http://blog.csdn.net/zuishikonghuan/article/details/47803033
[Win32] SCManager 服务控制管理器API（2）：http://blog.csdn.net/zuishikonghuan/article/details/47808805

加载NT驱动的基本步骤是：

1。获取SCM服务控制管理器句柄。
2。用CreateService创建驱动服务。
3。用OpenService获取服务句柄。
4。用StartService启动驱动服务。
5。用ControlService停止驱动服务。

启动驱动服务除了用StartService外，还有很多“非官方，非正式”的方法，比如使用Zw/NtLoadDriver，Zw/NtSetSystemInformation等

好了废话不多说，加载上一篇中的驱动，加载器源码如下，驱动为C:\mydriver.sys，驱动服务名为mydriver

#include <Windows.h>BOOL WINAPI InstallService(LPCTSTR ServiceName,LPCTSTR DisplayName,LPCTSTR szPath,DWORD StartType,DWORD ErrorControl = SERVICE_ERROR_NORMAL,DWORD ServiceType = SERVICE_WIN32_OWN_PROCESS){SC_HANDLE hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);if (hSCManager != NULL){SC_HANDLE hService = CreateService(hSCManager, ServiceName, DisplayName, SERVICE_ALL_ACCESS, ServiceType, StartType, ErrorControl, szPath, NULL, NULL, NULL, NULL, TEXT(""));if (hService != NULL){CloseServiceHandle(hService);CloseServiceHandle(hSCManager);return TRUE;}CloseServiceHandle(hSCManager);return FALSE;}else return FALSE;}BOOL WINAPI DeleteService(LPCTSTR ServiceName){SC_HANDLE hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);if (hSCManager != NULL){SC_HANDLE hService = OpenService(hSCManager, ServiceName, DELETE);if (hService != NULL){if (DeleteService(hService)){CloseServiceHandle(hService);CloseServiceHandle(hSCManager);return TRUE;}CloseServiceHandle(hService);CloseServiceHandle(hSCManager);return FALSE;}CloseServiceHandle(hSCManager);return FALSE;}else return FALSE;}BOOL WINAPI StartService2(LPCTSTR ServiceName){SC_HANDLE hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);if (hSCManager != NULL){SC_HANDLE hService = OpenService(hSCManager, ServiceName, SERVICE_START);if (hService != NULL){if (StartService(hService, 0, NULL)){CloseServiceHandle(hService);CloseServiceHandle(hSCManager);return TRUE;}CloseServiceHandle(hService);CloseServiceHandle(hSCManager);return FALSE;}CloseServiceHandle(hSCManager);return FALSE;}else return FALSE;}BOOL WINAPI StopService(LPCTSTR ServiceName){SC_HANDLE hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);SERVICE_STATUS svcsta = { 0 };if (hSCManager != NULL){SC_HANDLE hService = OpenService(hSCManager, ServiceName, SERVICE_STOP);if (hService != NULL){if (ControlService(hService, SERVICE_CONTROL_STOP, &svcsta)){CloseServiceHandle(hService);CloseServiceHandle(hSCManager);return TRUE;}CloseServiceHandle(hService);CloseServiceHandle(hSCManager);return FALSE;}CloseServiceHandle(hSCManager);return FALSE;}else return FALSE;}int _tmain(int argc, _TCHAR* argv[]){InstallService(TEXT("mydriver"), TEXT("mydriver"), TEXT("C:\\mydriver.sys"), SERVICE_DEMAND_START, SERVICE_ERROR_IGNORE, SERVICE_KERNEL_DRIVER);//SERVICE_KERNEL_DRIVER：驱动服务；SERVICE_DEMAND_START：手动启动if (StartService2(TEXT("mydriver"))){printf("驱动已经加载\n");}Sleep(3000);if (StopService(TEXT("mydriver"))){printf("驱动已经停止\n");}getchar();return 0;}

效果和上一篇里的使用工具加载效果一样

0 0