您的位置:首页 > 其它

章三.Windows驱动编译环境配置、安装及调试(下)--驱动加载

2012-10-14 20:26 686 查看
以下内容全部来自《Windows驱动开发技术详解》,作者张帆、史彩成等,属摘抄型笔记。

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

PS:因为驱动加载涉及到一小部分代码,索性单出一篇文章来做笔记吧,比较清楚。

驱动程序的动态加载主要由服务控制管理程序(Service Control Manager,SCM)系统组件完成。Windows服务可以在系统启动时加载,用户需要在服务控制平台开启或者关闭服务。

加载和卸载NT驱动分为以下步骤:

1.为NT驱动创建新的服务

2.开启此项服务

3.关闭此项服务

4.删除NT驱动所创建的服务

SC_HANDLE OpenSCManager(  LPCTSTR lpMachineName,   // computer name
LPCTSTR lpDatabaseName,  // SCM database name
DWORD dwDesiredAccess    // access type);
lpMachineName:指定计算机名称,如果是NULL代表本机

lpDaabaseName:指定SCM数据库名称,NULL代表缺省数据库

dwDwsireAccess:使用权限,一般设置为SC_MANAGER_ALL_ACCESS

返回值,如果成功返回SCM管理器的句柄,如果失败返回NULL

SC_HANDLE CreateService(  SC_HANDLE hSCManager,       // handle to SCM database
LPCTSTR lpServiceName,      // name of service to start
LPCTSTR lpDisplayName,      // display name
DWORD dwDesiredAccess,      // type of access to service
DWORD dwServiceType,        // type of service
DWORD dwStartType,          // when to start service
DWORD dwErrorControl,       // severity of service failure
LPCTSTR lpBinaryPathName,   // name of binary file
LPCTSTR lpLoadOrderGroup,   // name of load ordering group
LPDWORD lpdwTagId,          // tag identifier
LPCTSTR lpDependencies,     // array of dependency names
LPCTSTR lpServiceStartName,  // account name
LPCTSTR lpPassword          // account password);
hSCManager:SCM管理器句柄

lpServiceName:服务名称,在设备管理器看到的名称

lpDisplayName:服务显示出的名称

dwDesiredAccess:打开权限,如果没有特殊要求,设置为SERVICE_ALL_ACCESS

dwServiceType:服务类型,SERVICE_FILE_SYSTEM_DRIVER文件系统驱动;SERVICE_KERNEL_DRIVER普通程序驱动

dwStartType:打开服务时间,SERVICE_AUTO_START驱动自加载;SERVICE_BOOT_START被system loader加载,系统启动前就被启动;SERVICE_DEMAND_START按照需要启动时启动

dwErrorControl:错误控制,SERVICE_ERROR_IGNORE遇到错误全部忽略,SERVICE_ERROR_NORMAL遇到错误按照缺省处理;SERVICE_ERROR_CRITICAL添加对错误处理的校验,并提示出对话框,并记录错误至LOG文件中

lpBinaryPathName:驱动文件路径

lpLoadOrderGroup:开启服务的用户组

lpdwTagID:输出验证标签

lpDependencies:所以赖服务的名称

lpServiceStartName:用户账户名称

lpPassword:用户帐户密码

BOOL ControlService(  SC_HANDLE hService,               // handle to service
DWORD dwControl,                  // control code
LPSERVICE_STATUS lpServiceStatus  // status information);
向相关的服务发送控制码

hService:服务的句柄,可以是CreateService也可以是OpenService返回的句柄

dwControl:SERVICE_CONTROL_CONTINUE对暂停后的服务发送继续运行的指令;SERVICE_CONTROL_PAUSE对正在运行的服务发出暂停指令;SERVICE_CONTROL_STOP对运行的服务发出停止指令

lpServiceStatus:返回状态码



#include <stdio.h>
#include <windows.h>
#include <winsvc.h>
#include <conio.h>

#define DRIVER_NAME "DRIVERFRAME"
#define DRIVER_PATH "F:\\DriverStudio\\DriverFarme\\objchk_wxp_x86\\i386\\DRIVERFRAME.sys"

BOOL LoadNTDriver(char * lpszDriverName, char *  lpszDrivePath)
{
char szDriverImagePath[256];
GetFullPathName(lpszDrivePath, 256, szDriverImagePath, NULL);

BOOL bRet = FALSE;

SC_HANDLE hServiceMgr = NULL;
SC_HANDLE hServiceDDK = NULL;

hServiceMgr = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hServiceMgr == NULL)
{
printf("OpenSCManager() Faild %d\n", GetLastError());
bRet = FALSE;
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
else
{
printf("OpenSCManager() ok\n");
}

hServiceDDK =CreateService(hServiceMgr, lpszDriverName, lpszDriverName,
SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START,
SERVICE_ERROR_IGNORE, szDriverImagePath, NULL, NULL, NULL, NULL, NULL);

DWORD dwRtn;
if (hServiceDDK == NULL)
{
dwRtn = GetLastError();
if (dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_EXISTS)
{
printf("CreateService() Faild %d\n", dwRtn);
bRet = FALSE;
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
else
{
printf("CreateService() Faild Service is ERROR_IO_PENDING or ERROR_SERVICE_EXIST\n");
}

hServiceDDK = OpenService(hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS);
if (hServiceDDK == NULL)
{
dwRtn = GetLastError();
printf("OpenService() Faild %d\n", dwRtn);
bRet = FALSE;
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
else
{
printf("OpenService() ok\n");
}
}
else
{
printf("CreateService() ok\n");
}

bRet = StartService(hServiceDDK, NULL, NULL);

if(!bRet)
{
DWORD dwRtn = GetLastError();
if (dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_ALREADY_RUNNING)
{
printf("StartService() Faild %d\n", dwRtn);
bRet = FALSE;
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
else
{
if (dwRtn == ERROR_IO_PENDING)
{
printf("StartService() Faild ERROR_IO_PENDING\n");
bRet =FALSE;
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
else
{
printf("StartService() Faild ERROR_SERVICE_ALREADY_RUNNING\n");
bRet =TRUE;
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
}

}
bRet = TRUE;
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}

BOOL UnloadNTDriver(char * szSrvName)
{
BOOL bRet = FALSE;

SC_HANDLE hServiceMgr = NULL;
SC_HANDLE hServiceDDK = NULL;

SERVICE_STATUS SrvSta;

hServiceMgr = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hServiceMgr == NULL)
{
printf("OpenSCManager() Faild %d\n", GetLastError());
bRet = FALSE;
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
else
{
printf("OpenSCManager()  ok\n");
}

hServiceDDK = OpenService(hServiceMgr, szSrvName, SERVICE_ALL_ACCESS);
if (hServiceDDK == NULL)
{
printf("OpenService() Faild %d\n", GetLastError());
bRet = FALSE;
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
else
{
printf("OpenService()  ok\n");
}

if (!ControlService(hServiceDDK, SERVICE_CONTROL_STOP, &SrvSta))
{
printf("ControlService Faild %d\n", GetLastError());
}
else
{
printf("ControlService()  ok\n");
}

if (!DeleteService(hServiceDDK))
{
printf("DeleteService Faild %d\n", GetLastError());
}
else
{
printf("DeleteService()  ok\n");
}

bRet = TRUE;
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}

int main()
{
BOOL bRet = LoadNTDriver(DRIVER_NAME, DRIVER_PATH);
if (!bRet)
{
printf("LoadNTDriver Error\r\n");
return 0;
}
getch();

bRet = UnloadNTDriver(DRIVER_NAME);
if (!bRet)
{
printf("UnloadNTDriver Error\r\n");
return 0;
}
return 0;
}


PS:这篇文章其实没什么内容,之前也知道通过服务加载,只是将《Windows驱动开发技术详解》上的代码又打了一遍。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航