驱动中以文件句柄形式调用其他驱动程序(同步调用)
2015-08-06 20:19
302 查看
EXE部分
SYS部分(驱动B调用驱动A)
以下是驱动A的代码
以下是驱动B的代码
#include <stdio.h>
#include <Windows.h>
#include <WinIoCtl.h>
#include "Ioctl.h"
int main (void)
{
char linkname[]="\\\\.\\HelloDDKB";
HANDLE hDevice = CreateFileA(linkname,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hDevice == INVALID_HANDLE_VALUE)
{
printf("Win32 error code: %d\n",GetLastError());
return 1;
}
DWORD dwRead;
//如果读IRP没有被完成,ReadFile一直都不会退出
ReadFile(hDevice,NULL,NULL,&dwRead,NULL);
printf("Readfile返回%d\n",GetLastError());
CloseHandle(hDevice);
getchar();
getchar();
return 0;
}SYS部分(驱动B调用驱动A)
以下是驱动A的代码
#pragma once
#include <ntddk.h>
#define CountArray(Array) ( sizeof(Array) / sizeof(Array[0]) )
typedef struct _DEVICE_EXTENSION
{
PDEVICE_OBJECT pDevice; //设备对象
UNICODE_STRING ustrDeviceName; //设备名称
UNICODE_STRING ustrSymLinkName; //符号名称
KDPC pollingDPC; //存储DPC对象
KTIMER pollingTimer; //存储计时器对象
PIRP currentPendingIRP; //记录当前挂起的IRP
}DEVICE_EXTENSION,*PDEVICE_EXTENSION;
#ifdef __cplusplus
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath);
#endif
void HelloUnload(IN PDRIVER_OBJECT DriverObject); //卸载函数
NTSTATUS CreateDevice(PDRIVER_OBJECT PDevObj); //创建设备
NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp); //派遣函数
NTSTATUS HelloDDKControl(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp); //IRP_MJ_DIRECTORY_CONTROL
NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);
NTSTATUS HelloDDKCreate(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);
NTSTATUS HelloDDKClose(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);#include "hello.h"
#include "Ioctl.h"
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
DbgPrint("Hello from!\n");
DriverObject->DriverUnload = HelloUnload;
for (int i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)
{
DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;
}
DriverObject->MajorFunction[IRP_MJ_READ]=HelloDDKRead;
DriverObject->MajorFunction[IRP_MJ_CREATE]=HelloDDKCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE]=HelloDDKClose;
#if DBG
_asm int 3
#endif
//创建设备
CreateDevice(DriverObject);
return STATUS_SUCCESS;
}
//卸载函数
void HelloUnload(IN PDRIVER_OBJECT DriverObject)
{
#if DBG
_asm int 3
#endif
DbgPrint("Goodbye from!\n");
PDEVICE_OBJECT pNextObj=NULL;
pNextObj=DriverObject->DeviceObject;
while (pNextObj)
{
PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;
//删除符号连接
IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);
//删除设备
IoDeleteDevice(pDevExt->pDevice);
pNextObj=pNextObj->NextDevice;
}
KdPrint(("DriverA:Leave A DriverUnload\n"));
}
NTSTATUS HelloDDKControl(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp)
{
#if DBG
_asm int 3
#endif
NTSTATUS status=STATUS_SUCCESS;
//获取当前堆栈
PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrp);
//获取输入参数大小
ULONG cbin=stack->Parameters.DeviceIoControl.InputBufferLength;
//获取输出参数大小
ULONG cbout=stack->Parameters.DeviceIoControl.OutputBufferLength;
//得到IOCTL控制码
ULONG code=stack->Parameters.DeviceIoControl.IoControlCode;
//获取设备扩展
PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
//从用户模式传进来的微秒数
ULONG ulMircoSeconds=*(PULONG)pIrp->AssociatedIrp.SystemBuffer;
switch (code)
{
case IOCTL_WAIT_METHOD1:
{
}
break;
default:
status=STATUS_INVALID_VARIANT;
}
//设置IRP的完成状态
pIrp->IoStatus.Status=status;
pIrp->IoStatus.Information=0;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
return status;
}
VOID OnTimerDpc(IN PKDPC pDpc,IN PVOID pContext,IN PVOID SysArg1,IN PVOID SysArg2)
{
#if DBG
_asm int 3
#endif
PDEVICE_OBJECT pDevObj=(PDEVICE_OBJECT)pContext;
PDEVICE_EXTENSION pdx=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
PIRP currentPendingIRP=pdx->currentPendingIRP;
DbgPrint("DriverA:complete the Driver A IRP_MJ_READ irp\n");
//设置完成状态为STATUS_SUCCESS
currentPendingIRP->IoStatus.Status=STATUS_SUCCESS; //完成
currentPendingIRP->IoStatus.Information=0;
IoCompleteRequest(currentPendingIRP,IO_NO_INCREMENT);
return;
}
NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp)
{
#if DBG
_asm int 3
#endif
PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
//将IRP设置为挂起
IoMarkIrpPending(pIrp);
//将挂起的IRP记录下来
pDevExt->currentPendingIRP=pIrp;
//定义5秒的超时
ULONG ulMicroSecond=5000000;
//将32位整数转化成64位整数
LARGE_INTEGER timeout=RtlConvertLongToLargeInteger(-10*ulMicroSecond);
KeSetTimer(&pDevExt->pollingTimer,timeout,&pDevExt->pollingDPC);
DbgPrint("DriverA:Leave A HelloDDKRead\n");
return STATUS_PENDING; //挂起
}
NTSTATUS HelloDDKCreate(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp)
{
#if DBG
_asm int 3
#endif
DbgPrint("DriverA:Enter A HelloDDKCreate\n");
//完成IRP
pIrp->IoStatus.Status=STATUS_SUCCESS;
pIrp->IoStatus.Information=0;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS HelloDDKClose(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp)
{
#if DBG
_asm int 3
#endif
DbgPrint("DriverA:Enter A HelloDDKClose\n");
//完成IRP
pIrp->IoStatus.Status=STATUS_SUCCESS;
pIrp->IoStatus.Information=0;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
//创建设备
NTSTATUS CreateDevice(PDRIVER_OBJECT pDriver_Object)
{
//定义变量
NTSTATUS status=STATUS_SUCCESS;
PDEVICE_OBJECT pDevObj=NULL;
PDEVICE_EXTENSION pDevExt=NULL;
//初始化字符串
UNICODE_STRING devname;
UNICODE_STRING symLinkName;
RtlInitUnicodeString(&devname,L"\\device\\MyDDKDeviceA");
RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDKA");
//创建设备
status =IoCreateDevice(pDriver_Object,sizeof(DEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObj);
if (!NT_SUCCESS(status))
{
DbgPrint("创建设备失败\n");
return status;
}
pDevObj->Flags |= DO_BUFFERED_IO;;
pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
pDevExt->pDevice=pDevObj;
pDevExt->ustrDeviceName=devname;
pDevExt->ustrSymLinkName=symLinkName;
KeInitializeTimer(&pDevExt->pollingTimer);
KeInitializeDpc(&pDevExt->pollingDPC,OnTimerDpc,(PVOID)pDevObj);
//创建符号连接
status =IoCreateSymbolicLink(&symLinkName,&devname) ;
if (!NT_SUCCESS(status))
{
DbgPrint("创建符号连接失败\n");
IoDeleteDevice(pDevObj);
return status;
}
return STATUS_SUCCESS;
}
//派遣函数
NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP)
{
//#if DBG
// _asm int 3
//#endif
PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrP);
//建立一个字符串数组与IRP类型对应起来
static char* irpname[] =
{
"IRP_MJ_CREATE",
"IRP_MJ_CREATE_NAMED_PIPE",
"IRP_MJ_CLOSE",
"IRP_MJ_READ",
"IRP_MJ_WRITE",
"IRP_MJ_QUERY_INFORMATION",
"IRP_MJ_SET_INFORMATION",
"IRP_MJ_QUERY_EA",
"IRP_MJ_SET_EA",
"IRP_MJ_FLUSH_BUFFERS",
"IRP_MJ_QUERY_VOLUME_INFORMATION",
"IRP_MJ_SET_VOLUME_INFORMATION",
"IRP_MJ_DIRECTORY_CONTROL",
"IRP_MJ_FILE_SYSTEM_CONTROL",
"IRP_MJ_DEVICE_CONTROL",
"IRP_MJ_INTERNAL_DEVICE_CONTROL",
"IRP_MJ_SHUTDOWN",
"IRP_MJ_LOCK_CONTROL",
"IRP_MJ_CLEANUP",
"IRP_MJ_CREATE_MAILSLOT",
"IRP_MJ_QUERY_SECURITY",
"IRP_MJ_SET_SECURITY",
"IRP_MJ_POWER",
"IRP_MJ_SYSTEM_CONTROL",
"IRP_MJ_DEVICE_CHANGE",
"IRP_MJ_QUERY_QUOTA",
"IRP_MJ_SET_QUOTA",
"IRP_MJ_PNP",
};
UCHAR type = stack->MajorFunction;
if (type >= CountArray(irpname))
KdPrint(("无效的IRP类型 %X\n", type));
else
KdPrint(("%s\n", irpname[type]));
pIrP->IoStatus.Status=STATUS_SUCCESS; //设置完成状态
pIrP->IoStatus.Information=0; //设置操作字节为0
IoCompleteRequest(pIrP,IO_NO_INCREMENT); //结束IRP派遣函数,第二个参数表示不增加优先级
return STATUS_SUCCESS;
}以下是驱动B的代码
#pragma once
#include <ntddk.h>
#define CountArray(Array) ( sizeof(Array) / sizeof(Array[0]) )
typedef struct _DEVICE_EXTENSION
{
PDEVICE_OBJECT pDevice; //设备对象
UNICODE_STRING ustrDeviceName; //设备名称
UNICODE_STRING ustrSymLinkName; //符号名称
}DEVICE_EXTENSION,*PDEVICE_EXTENSION;
#ifdef __cplusplus
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath);
#endif
void HelloUnload(IN PDRIVER_OBJECT DriverObject); //卸载函数
NTSTATUS CreateDevice(PDRIVER_OBJECT PDevObj); //创建设备
NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp); //派遣函数
NTSTATUS HelloDDKControl(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp); //IRP_MJ_DIRECTORY_CONTROL
NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);
NTSTATUS HelloDDKCreate(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);
NTSTATUS HelloDDKClose(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);#include "hello.h"
#include "Ioctl.h"
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
DbgPrint("Hello from!\n");
DriverObject->DriverUnload = HelloUnload;
for (int i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)
{
DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;
}
DriverObject->MajorFunction[IRP_MJ_READ]=HelloDDKRead;
DriverObject->MajorFunction[IRP_MJ_CREATE]=HelloDDKCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE]=HelloDDKClose;
#if DBG
_asm int 3
#endif
//创建设备
CreateDevice(DriverObject);
return STATUS_SUCCESS;
}
//卸载函数
void HelloUnload(IN PDRIVER_OBJECT DriverObject)
{
#if DBG
_asm int 3
#endif
DbgPrint("Goodbye from!\n");
PDEVICE_OBJECT pNextObj=NULL;
pNextObj=DriverObject->DeviceObject;
while (pNextObj)
{
PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;
//删除符号连接
IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);
//删除设备
IoDeleteDevice(pDevExt->pDevice);
pNextObj=pNextObj->NextDevice;
}
KdPrint(("DriverB:Leave B DriverUnload\n"));
}
NTSTATUS HelloDDKControl(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp)
{
#if DBG
_asm int 3
#endif
NTSTATUS status=STATUS_SUCCESS;
//获取当前堆栈
PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrp);
//获取输入参数大小
ULONG cbin=stack->Parameters.DeviceIoControl.InputBufferLength;
//获取输出参数大小
ULONG cbout=stack->Parameters.DeviceIoControl.OutputBufferLength;
//得到IOCTL控制码
ULONG code=stack->Parameters.DeviceIoControl.IoControlCode;
//获取设备扩展
PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
//从用户模式传进来的微秒数
ULONG ulMircoSeconds=*(PULONG)pIrp->AssociatedIrp.SystemBuffer;
switch (code)
{
case IOCTL_WAIT_METHOD1:
{
}
break;
default:
status=STATUS_INVALID_VARIANT;
}
//设置IRP的完成状态
pIrp->IoStatus.Status=status;
pIrp->IoStatus.Information=0;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
return status;
}
NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp)
{
#if DBG
_asm int 3
#endif
DbgPrint("DriverB:Enter B HelloDDKRead\n");
NTSTATUS status=STATUS_SUCCESS;
UNICODE_STRING DeviceName;
RtlInitUnicodeString(&DeviceName,L"\\device\\MyDDKDeviceA");
//初始化objectAttributes;
OBJECT_ATTRIBUTES objectAttributes;
InitializeObjectAttributes(&objectAttributes,&DeviceName,OBJ_CASE_INSENSITIVE,NULL,NULL);
//同步打开设备
HANDLE hDevice=NULL;
IO_STATUS_BLOCK status_block;
//设定了FILE_SYNCHRONOUS_IO_NONALERT或者FILE_SYNCHRONOUS_IO_ALERT为同步打开设备
status=ZwCreateFile(&hDevice,
FILE_READ_ATTRIBUTES|SYNCHRONIZE,
&objectAttributes,
&status_block,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN_IF,
FILE_SYNCHRONOUS_IO_NONALERT, //设定同步打开文件参数
NULL,
NULL);
//判断文件打开成功
#if DBG
_asm int 3
#endif
DbgPrint("%x\n",hDevice);
if (NT_SUCCESS(status))
{
ZwReadFile(hDevice,NULL,NULL,NULL,&status_block,NULL,NULL,NULL,NULL);
}
DbgPrint("%x\n",hDevice);
#if DBG
_asm int 3
#endif
ZwClose(hDevice);
//完成IRP
pIrp->IoStatus.Status=status;
pIrp->IoStatus.Information=0;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
return status;
}
NTSTATUS HelloDDKCreate(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp)
{
#if DBG
_asm int 3
#endif
DbgPrint("DriverB:Enter B HelloDDKCreate\n");
//完成IRP
pIrp->IoStatus.Status=STATUS_SUCCESS;
pIrp->IoStatus.Information=0;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS HelloDDKClose(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp)
{
#if DBG
_asm int 3
#endif
DbgPrint("DriverB:Enter B HelloDDKClose\n");
//完成IRP
pIrp->IoStatus.Status=STATUS_SUCCESS;
pIrp->IoStatus.Information=0;
IoCompleteRequest(pIrp,IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
//创建设备
NTSTATUS CreateDevice(PDRIVER_OBJECT pDriver_Object)
{
//定义变量
NTSTATUS status=STATUS_SUCCESS;
PDEVICE_OBJECT pDevObj=NULL;
PDEVICE_EXTENSION pDevExt=NULL;
//初始化字符串
UNICODE_STRING devname;
UNICODE_STRING symLinkName;
RtlInitUnicodeString(&devname,L"\\device\\MyDDKDeviceB");
RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDKB");
//创建设备
status =IoCreateDevice(pDriver_Object,sizeof(DEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObj);
if (!NT_SUCCESS(status))
{
DbgPrint("创建设备失败\n");
return status;
}
pDevObj->Flags |= DO_BUFFERED_IO;;
pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
pDevExt->pDevice=pDevObj;
pDevExt->ustrDeviceName=devname;
pDevExt->ustrSymLinkName=symLinkName;
//创建符号连接
status =IoCreateSymbolicLink(&symLinkName,&devname) ;
if (!NT_SUCCESS(status))
{
DbgPrint("创建符号连接失败\n");
IoDeleteDevice(pDevObj);
return status;
}
return STATUS_SUCCESS;
}
//派遣函数
NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP)
{
//#if DBG
// _asm int 3
//#endif
PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrP);
//建立一个字符串数组与IRP类型对应起来
static char* irpname[] =
{
"IRP_MJ_CREATE",
"IRP_MJ_CREATE_NAMED_PIPE",
"IRP_MJ_CLOSE",
"IRP_MJ_READ",
"IRP_MJ_WRITE",
"IRP_MJ_QUERY_INFORMATION",
"IRP_MJ_SET_INFORMATION",
"IRP_MJ_QUERY_EA",
"IRP_MJ_SET_EA",
"IRP_MJ_FLUSH_BUFFERS",
"IRP_MJ_QUERY_VOLUME_INFORMATION",
"IRP_MJ_SET_VOLUME_INFORMATION",
"IRP_MJ_DIRECTORY_CONTROL",
"IRP_MJ_FILE_SYSTEM_CONTROL",
"IRP_MJ_DEVICE_CONTROL",
"IRP_MJ_INTERNAL_DEVICE_CONTROL",
"IRP_MJ_SHUTDOWN",
"IRP_MJ_LOCK_CONTROL",
"IRP_MJ_CLEANUP",
"IRP_MJ_CREATE_MAILSLOT",
"IRP_MJ_QUERY_SECURITY",
"IRP_MJ_SET_SECURITY",
"IRP_MJ_POWER",
"IRP_MJ_SYSTEM_CONTROL",
"IRP_MJ_DEVICE_CHANGE",
"IRP_MJ_QUERY_QUOTA",
"IRP_MJ_SET_QUOTA",
"IRP_MJ_PNP",
};
UCHAR type = stack->MajorFunction;
if (type >= CountArray(irpname))
KdPrint(("无效的IRP类型 %X\n", type));
else
KdPrint(("%s\n", irpname[type]));
pIrP->IoStatus.Status=STATUS_SUCCESS; //设置完成状态
pIrP->IoStatus.Information=0; //设置操作字节为0
IoCompleteRequest(pIrP,IO_NO_INCREMENT); //结束IRP派遣函数,第二个参数表示不增加优先级
return STATUS_SUCCESS;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- BizTalk Orchestration execute Flat file disassembler ReceivePipeline
- 贪心+优先队列 HDOJ 5360 Hiking
- hdu 1325 水题
- SQLServer 常用命令
- c++ 计蒜客冗余关系
- 开发文档收集
- Xml文件的相关操作
- 利用哈希值封死飞秋等客户端软件
- 用css样式画尖角
- 三目运算符的简单介绍
- Android ListView&异步加载的学习(三)——AsyncTask加载图片&运用Lru算法优化图片加载
- hdu5363 排列组合+快速幂
- C#生成随机数的三种方法
- HDU 4183--Pahom on Water【最大流dinic】
- 45 个非常有用的 Oracle 查询语句
- C/C++中的二维数组动态内存分配与释放
- 最小生成树 prim算法和kruskal
- 九度OJ 题目1029:魔咒词典
- 湖南多校对抗赛(A - A)
- makefile