自己构造IRP包来实现驱动与驱动之间的通信(成功笔记下来以后参考用)
2013-05-04 21:35
411 查看
#include <ntddk.h>
#define DEVICE_NAMEL"\\device\\NTModelDrv"
#define LINK_NAMEL"\\dosDevices\\NTModelDrv"
#define IOCTL_BASE 0x8000
#define MY_CTL_CODE(i) \
CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASE+i, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_HELLO MY_CTL_CODE(0)
VOID DriverUnload(PDRIVER_OBJECT pDriverObject)
{
DbgPrint("DriverUnload: DriverUnload is Run!\n");
}
NTSTATUS
LM87RequestComplete (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PKEVENT Event;
Event = (PKEVENT) Context;
__asm int 3
KeSetEvent (Event, IO_NO_INCREMENT, FALSE);
return STATUS_MORE_PROCESSING_REQUIRED;
}
VOID WorkThread(PVOID pContext)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
PIRP SMBIrp;
PIO_STACK_LOCATION irpStack;
IO_STACK_LOCATION status_block;
UNICODE_STRING usDeviceToFilter = { 0 };
KEVENT SyncEvent;
//注意这里定义的指针哦
PFILE_OBJECT FileObject = NULL;
PDEVICE_OBJECT DeviceObject = NULL;
ULONG i = 0;
LARGE_INTEGER waitTime = { 0 };
waitTime.QuadPart = -3 * 10000000i64;
DbgPrint("In WorkThread!\n");
//这里使用的设备对象名而不是符号链接名称
RtlInitUnicodeString(&usDeviceToFilter, DEVICE_NAME);
KeInitializeEvent(&SyncEvent, NotificationEvent, FALSE);
while(1)
{
DbgPrint("WorkThread: %x\n", i);
//得到设备对象
__asm int 3
//尽管FileObject与DeviceObject定义的是指针,这里还是要取地址表示是双指针
ntStatus = IoGetDeviceObjectPointer(&usDeviceToFilter,
GENERIC_ALL,&FileObject,&DeviceObject);
if( !NT_SUCCESS(ntStatus) )
{
DbgPrint("IoGetDeviceObjectPointer is Failed!\n");
continue;
}
//根据设备对象创建针对该设备对象的IRP包
SMBIrp = IoAllocateIrp (DeviceObject->StackSize, FALSE);
if(!SMBIrp)
{
KdPrint(("IoAllocateIrp: Allocate irp failed!\n "));
continue;
}
SMBIrp->UserEvent = &SyncEvent;
//SMBIrp->UserIosb = &status_block;
//SMBIrp->Tail.Overlay.Thread = PsGetCurrentThread();
//这句有什么作用呢?
irpStack = IoGetNextIrpStackLocation(SMBIrp);
//设置IRP包的控制码
irpStack->MajorFunction = IRP_MJ_DEVICE_CONTROL;
irpStack->Parameters.DeviceIoControl.IoControlCode = IOCTL_HELLO;
//irpStack->FileObject = FileObject;
//设置完成函数,完成函数中要对我们发送的IRP包进行完成,不能再发回到IO管理器上
IoSetCompletionRoutine (SMBIrp, LM87RequestComplete, &SyncEvent, TRUE, TRUE, TRUE);
//直接向设备发送IRP包,这里设备对象为指针对象
IoCallDriver(DeviceObject, SMBIrp);
KeWaitForSingleObject(&SyncEvent, Executive, KernelMode, FALSE, NULL);
i++;
KeDelayExecutionThread(KernelMode, FALSE, &waitTime);//延迟3秒
//最后释放IRP包
IoFreeIrp(SMBIrp);
}
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegPath)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
HANDLE hThread;
ntStatus = PsCreateSystemThread(
&hThread,
0,
NULL,
(HANDLE)0,
NULL,
WorkThread,
NULL
);
if(!NT_SUCCESS(ntStatus))
{
DbgPrint("PsCreateSystemThread is Failed!\n");
}
ZwClose(hThread);
return STATUS_SUCCESS;
}
#define DEVICE_NAMEL"\\device\\NTModelDrv"
#define LINK_NAMEL"\\dosDevices\\NTModelDrv"
#define IOCTL_BASE 0x8000
#define MY_CTL_CODE(i) \
CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASE+i, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_HELLO MY_CTL_CODE(0)
VOID DriverUnload(PDRIVER_OBJECT pDriverObject)
{
DbgPrint("DriverUnload: DriverUnload is Run!\n");
}
NTSTATUS
LM87RequestComplete (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PKEVENT Event;
Event = (PKEVENT) Context;
__asm int 3
KeSetEvent (Event, IO_NO_INCREMENT, FALSE);
return STATUS_MORE_PROCESSING_REQUIRED;
}
VOID WorkThread(PVOID pContext)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
PIRP SMBIrp;
PIO_STACK_LOCATION irpStack;
IO_STACK_LOCATION status_block;
UNICODE_STRING usDeviceToFilter = { 0 };
KEVENT SyncEvent;
//注意这里定义的指针哦
PFILE_OBJECT FileObject = NULL;
PDEVICE_OBJECT DeviceObject = NULL;
ULONG i = 0;
LARGE_INTEGER waitTime = { 0 };
waitTime.QuadPart = -3 * 10000000i64;
DbgPrint("In WorkThread!\n");
//这里使用的设备对象名而不是符号链接名称
RtlInitUnicodeString(&usDeviceToFilter, DEVICE_NAME);
KeInitializeEvent(&SyncEvent, NotificationEvent, FALSE);
while(1)
{
DbgPrint("WorkThread: %x\n", i);
//得到设备对象
__asm int 3
//尽管FileObject与DeviceObject定义的是指针,这里还是要取地址表示是双指针
ntStatus = IoGetDeviceObjectPointer(&usDeviceToFilter,
GENERIC_ALL,&FileObject,&DeviceObject);
if( !NT_SUCCESS(ntStatus) )
{
DbgPrint("IoGetDeviceObjectPointer is Failed!\n");
continue;
}
//根据设备对象创建针对该设备对象的IRP包
SMBIrp = IoAllocateIrp (DeviceObject->StackSize, FALSE);
if(!SMBIrp)
{
KdPrint(("IoAllocateIrp: Allocate irp failed!\n "));
continue;
}
SMBIrp->UserEvent = &SyncEvent;
//SMBIrp->UserIosb = &status_block;
//SMBIrp->Tail.Overlay.Thread = PsGetCurrentThread();
//这句有什么作用呢?
irpStack = IoGetNextIrpStackLocation(SMBIrp);
//设置IRP包的控制码
irpStack->MajorFunction = IRP_MJ_DEVICE_CONTROL;
irpStack->Parameters.DeviceIoControl.IoControlCode = IOCTL_HELLO;
//irpStack->FileObject = FileObject;
//设置完成函数,完成函数中要对我们发送的IRP包进行完成,不能再发回到IO管理器上
IoSetCompletionRoutine (SMBIrp, LM87RequestComplete, &SyncEvent, TRUE, TRUE, TRUE);
//直接向设备发送IRP包,这里设备对象为指针对象
IoCallDriver(DeviceObject, SMBIrp);
KeWaitForSingleObject(&SyncEvent, Executive, KernelMode, FALSE, NULL);
i++;
KeDelayExecutionThread(KernelMode, FALSE, &waitTime);//延迟3秒
//最后释放IRP包
IoFreeIrp(SMBIrp);
}
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegPath)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
HANDLE hThread;
ntStatus = PsCreateSystemThread(
&hThread,
0,
NULL,
(HANDLE)0,
NULL,
WorkThread,
NULL
);
if(!NT_SUCCESS(ntStatus))
{
DbgPrint("PsCreateSystemThread is Failed!\n");
}
ZwClose(hThread);
return STATUS_SUCCESS;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- java事务学习笔记(四)--成功的案例(自己实现一个线程安全的TransactionManager)
- Silverlight与WCF之间的通信(2)利用WCF的双工通信“推送”给SL数据 (自己参考)
- ------------------------------利用BroadcastReceiver进行Activity和Service之间的通信(留着自己参考用)
- Android开发笔记(2) Android Bundle类实现Activity之间通信
- 驱动入门实战演练--在驱动下实现自己的CopyFile
- 在Android Studio中使用AIDL实现进程之间的通信
- 华为设备三成交换机实现valn之间的通信问题
- Android打印机--没有设备驱动sdk,自己实现USB打印功能
- wince驱动学习笔记(vs2005实现流驱动动态加载与卸载 2)
- 使用GameKit实现IOS设备之间的蓝牙通信
- tcp 多路复用实现 两个客户端之间的通信
- java线程间通信[实现不同线程之间的消息传递(通信),生产者和消费者模型]
- linux内核两个驱动之间的通信
- 实现两台MPTCP主机之间的通信——VSFTPD的配置与使用
- Windows 驱动与驱动之间的通信
- iOS笔记--iOS对象之间通信方式有哪些?
- 利用LocalConnection实现多个应用之间的通讯 (不同MXML之间的通信)
- 如何实现浏览器内多个标签页之间的通信
- 关于在嵌入式设备和服务器之间通信数据--不能用SQL,以后不用再讨论了
- 传统方式实现三个线程之间的通信: notify与notifyAll