Minifilter的动态安装、加载及卸载

MINIFILTER框架的文件系统过滤驱动，无法使用的CreateService和OpenService进行动态加载。看了一下，使用Inf文件安装Minifilter驱动的方式是在注册表驱动服务项下比传统驱动多创建了Instances子键，然后读取DefaultInstance值，这个值标明了Instance选项，然后，再去读指定的Instance的Altitude和Flags值。

#include <windows.h>#include <winsvc.h>#include <winioctl.h>#include <stdio.h>#define DRIVER_NAME "HelloWorld"#define DRIVER_PATH "HelloWorld.sys"#defineDRIVER_ALTITUDE"370030"BOOL InstallDriver(const char* lpszDriverName, const char* lpszDriverPath, const char* lpszAltitude);BOOL StartDriver(const char* lpszDriverName);BOOL StopDriver(const char* lpszDriverName);BOOL DeleteDriver(const char* lpszDriverName);

#include "SysLoader.h"//======================================== 动态加载/卸载sys驱动 ======================================// SYS文件跟程序放在同个目录下// 如果产生的SYS名为HelloDDK.sys,那么安装驱动InstallDriver("HelloDDK",".\\HelloDDK.sys","370030"/*Altitude*/);// 启动驱动服务 StartDriver("HelloDDK");// 停止驱动服务 StopDriver("HelloDDK");// 卸载SYS也是类似的调用过程， DeleteDriver("HelloDDK");//====================================================================================================BOOL InstallDriver(const char* lpszDriverName, const char* lpszDriverPath, const char* lpszAltitude){char    szTempStr[MAX_PATH];HKEY    hKey;DWORD    dwData;char    szDriverImagePath[MAX_PATH];if (NULL == lpszDriverName || NULL == lpszDriverPath){return FALSE;}//得到完整的驱动路径GetFullPathName(lpszDriverPath, MAX_PATH, szDriverImagePath, NULL);SC_HANDLE hServiceMgr = NULL;// SCM管理器的句柄SC_HANDLE hService = NULL;// NT驱动程序的服务句柄//打开服务控制管理器hServiceMgr = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);if (hServiceMgr == NULL){// OpenSCManager失败CloseServiceHandle(hServiceMgr);return FALSE;}// OpenSCManager成功  //创建驱动所对应的服务hService = CreateService(hServiceMgr,lpszDriverName,             // 驱动程序的在注册表中的名字lpszDriverName,             // 注册表驱动程序的DisplayName 值SERVICE_ALL_ACCESS,         // 加载驱动程序的访问权限SERVICE_FILE_SYSTEM_DRIVER, // 表示加载的服务是文件系统驱动程序SERVICE_DEMAND_START,       // 注册表驱动程序的Start 值SERVICE_ERROR_IGNORE,       // 注册表驱动程序的ErrorControl 值szDriverImagePath,          // 注册表驱动程序的ImagePath 值"FSFilter Activity Monitor",// 注册表驱动程序的Group 值NULL,"FltMgr",                   // 注册表驱动程序的DependOnService 值NULL,NULL);if (hService == NULL){if (GetLastError() == ERROR_SERVICE_EXISTS){//服务创建失败，是由于服务已经创立过CloseServiceHandle(hService);       // 服务句柄CloseServiceHandle(hServiceMgr);    // SCM句柄return TRUE;}else{CloseServiceHandle(hService);       // 服务句柄CloseServiceHandle(hServiceMgr);    // SCM句柄return FALSE;}}CloseServiceHandle(hService);       // 服务句柄CloseServiceHandle(hServiceMgr);    // SCM句柄//-------------------------------------------------------------------------------------------------------// SYSTEM\\CurrentControlSet\\Services\\DriverName\\Instances子健下的键值项 //-------------------------------------------------------------------------------------------------------strcpy(szTempStr, "SYSTEM\\CurrentControlSet\\Services\\");strcat(szTempStr, lpszDriverName);strcat(szTempStr, "\\Instances");if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, szTempStr, 0, "", TRUE, KEY_ALL_ACCESS, NULL, &hKey, (LPDWORD)&dwData) != ERROR_SUCCESS){return FALSE;}// 注册表驱动程序的DefaultInstance 值 strcpy(szTempStr, lpszDriverName);strcat(szTempStr, " Instance");if (RegSetValueEx(hKey, "DefaultInstance", 0, REG_SZ, (CONST BYTE*)szTempStr, (DWORD)strlen(szTempStr)) != ERROR_SUCCESS){return FALSE;}RegFlushKey(hKey);//刷新注册表RegCloseKey(hKey);//-------------------------------------------------------------------------------------------------------//-------------------------------------------------------------------------------------------------------// SYSTEM\\CurrentControlSet\\Services\\DriverName\\Instances\\DriverName Instance子健下的键值项 //-------------------------------------------------------------------------------------------------------strcpy(szTempStr, "SYSTEM\\CurrentControlSet\\Services\\");strcat(szTempStr, lpszDriverName);strcat(szTempStr, "\\Instances\\");strcat(szTempStr, lpszDriverName);strcat(szTempStr, " Instance");if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, szTempStr, 0, "", TRUE, KEY_ALL_ACCESS, NULL, &hKey, (LPDWORD)&dwData) != ERROR_SUCCESS){return FALSE;}// 注册表驱动程序的Altitude 值strcpy(szTempStr, lpszAltitude);if (RegSetValueEx(hKey, "Altitude", 0, REG_SZ, (CONST BYTE*)szTempStr, (DWORD)strlen(szTempStr)) != ERROR_SUCCESS){return FALSE;}// 注册表驱动程序的Flags 值dwData = 0x0;if (RegSetValueEx(hKey, "Flags", 0, REG_DWORD, (CONST BYTE*)&dwData, sizeof(DWORD)) != ERROR_SUCCESS){return FALSE;}RegFlushKey(hKey);//刷新注册表RegCloseKey(hKey);//-------------------------------------------------------------------------------------------------------return TRUE;}BOOL StartDriver(const char* lpszDriverName){SC_HANDLE        schManager;SC_HANDLE        schService;SERVICE_STATUS    svcStatus;if (NULL == lpszDriverName){return FALSE;}schManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);if (NULL == schManager){CloseServiceHandle(schManager);return FALSE;}schService = OpenService(schManager, lpszDriverName, SERVICE_ALL_ACCESS);if (NULL == schService){CloseServiceHandle(schService);CloseServiceHandle(schManager);return FALSE;}if (!StartService(schService, 0, NULL)){CloseServiceHandle(schService);CloseServiceHandle(schManager);if (GetLastError() == ERROR_SERVICE_ALREADY_RUNNING){// 服务已经开启return TRUE;}return FALSE;}CloseServiceHandle(schService);CloseServiceHandle(schManager);return TRUE;}BOOL StopDriver(const char* lpszDriverName){SC_HANDLE        schManager;SC_HANDLE        schService;SERVICE_STATUS    svcStatus;bool            bStopped = false;schManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);if (NULL == schManager){return FALSE;}schService = OpenService(schManager, lpszDriverName, SERVICE_ALL_ACCESS);if (NULL == schService){CloseServiceHandle(schManager);return FALSE;}if (!ControlService(schService, SERVICE_CONTROL_STOP, &svcStatus) && (svcStatus.dwCurrentState != SERVICE_STOPPED)){CloseServiceHandle(schService);CloseServiceHandle(schManager);return FALSE;}CloseServiceHandle(schService);CloseServiceHandle(schManager);return TRUE;}BOOL DeleteDriver(const char* lpszDriverName){SC_HANDLE        schManager;SC_HANDLE        schService;SERVICE_STATUS    svcStatus;schManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);if (NULL == schManager){return FALSE;}schService = OpenService(schManager, lpszDriverName, SERVICE_ALL_ACCESS);if (NULL == schService){CloseServiceHandle(schManager);return FALSE;}ControlService(schService, SERVICE_CONTROL_STOP, &svcStatus);if (!DeleteService(schService)){CloseServiceHandle(schService);CloseServiceHandle(schManager);return FALSE;}CloseServiceHandle(schService);CloseServiceHandle(schManager);return TRUE;}int main(void){InstallDriver(DRIVER_NAME, DRIVER_PATH, DRIVER_ALTITUDE);getchar();getchar();StartDriver(DRIVER_NAME);getchar();getchar();StopDriver(DRIVER_NAME);getchar();getchar();DeleteDriver(DRIVER_NAME);getchar();getchar();return 0;}