把TA教程的SCM驱动加载代码改成了“面向过程”版
本帖最后由 gfw 于 2015-9-16 16:43 编辑原版的代码比较啰嗦 于是抽空改写了份 现在看来舒爽多了 方便大家 不隐藏不卖B了 哈哈
#pragma comment(lib,"advapi32.lib") //Finishing by GFW@vbasm.com
SC_HANDLE InstallDriver(PCHAR m_pSysPath, PCHAR m_pServiceName)
{
PCHAR m_pDisplayName = m_pServiceName;
SC_HANDLE m_hSCManager = OpenSCManagerA(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if (NULL == m_hSCManager)
{
return 0;
}
SC_HANDLE m_hService = CreateServiceA(m_hSCManager,
m_pServiceName,
m_pDisplayName,
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_NORMAL,
m_pSysPath,
NULL,NULL,NULL,NULL,NULL);
if (NULL == m_hService)
{
if (ERROR_SERVICE_EXISTS == GetLastError())
{
m_hService = OpenServiceA(m_hSCManager,m_pServiceName,SERVICE_ALL_ACCESS);
}
}
CloseServiceHandle(m_hSCManager);
return m_hService;
}
BOOL StartDriver(SC_HANDLE m_hService)
{
return StartServiceA(m_hService,NULL,NULL);
}
BOOL StopDriver(SC_HANDLE m_hService)
{
SERVICE_STATUS ss = {0};
return ControlService(m_hService,SERVICE_CONTROL_STOP,&ss);
}
BOOL RemoveDriver(SC_HANDLE m_hService)
{
return DeleteService(m_hService);
}
HANDLE OpenDriver(PCHAR pLinkName)/* \\\\.\\test */
{
HANDLE m_hDriver = CreateFileA(pLinkName, GENERIC_READ | GENERIC_WRITE, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if(m_hDriver != INVALID_HANDLE_VALUE)
return m_hDriver;
else
return 0;
}
BOOL CloseDriver(HANDLE m_hDriver)
{
__try
{
return CloseHandle(m_hDriver);
}
__except(1)
{
return 0;
}
}
_inline DWORD CTL_CODE_GEN(DWORD lngFunction)
{
return (FILE_DEVICE_UNKNOWN * 65536) | (FILE_ANY_ACCESS * 16384) | (lngFunction * 4) | METHOD_BUFFERED;
}
BOOL ControlDriver(HANDLE m_hDriver, DWORD dwIoCode, PVOID InBuff, DWORD InBuffLen, PVOID OutBuff, DWORD OutBuffLen, DWORD *RealRetBytes)
{
DWORD dw=0;
BOOL b=DeviceIoControl(m_hDriver,CTL_CODE_GEN(dwIoCode),InBuff,InBuffLen,OutBuff,OutBuffLen,&dw,NULL);
if(RealRetBytes)
{
*RealRetBytes=dw;
}
return b;
}
void GetAppPath(char *szPathString)
{
GetModuleFileNameA(0,szPathString,MAX_PATH);
for(SIZE_T i=strlen(szPathString)-1;i>=0;i--)
{
if(szPathString=='\\')
{
szPathString='\0';
break;
}
}
}
SC_HANDLE GetServiceHandle(PCHAR m_pServiceName)
{
SC_HANDLE m_hSCManager = OpenSCManagerA(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if (NULL == m_hSCManager)
{
return 0;
}
SC_HANDLE m_hService = OpenServiceA(m_hSCManager,m_pServiceName,SERVICE_ALL_ACCESS);
if (NULL == m_hService)
{
CloseServiceHandle(m_hSCManager);
return 0;
}
CloseServiceHandle(m_hSCManager);
return m_hService;
}
如何使用?void test()
{
CHAR szDrvFile={0};
GetAppPath(szDrvFile);
strcat(szDrvFile,"KrnlHW64.sys");
SC_HANDLE hSc=InstallDriver(szDrvFile,"KrnlHW64");
if(hSc)
{
StartDriver(hSc);
HANDLE hDrv=OpenDriver("\\\\.\\KrnlHW64");
ControlDriver(hDrv,0x800,0,0,0,0,0);
CloseDriver(hDrv);
StopDriver(hSc);
RemoveDriver(hSc);
}
} 嗯,不错。已将链接加入教程帖目录。此外最后应该加上:CloseServiceHandle(hSC),防止句柄泄漏。
又把你的例子加上了点内容,『驱动本体』和『加载器』完全模板化了。WIN32+WIN64都可以用。SC_HANDLE g_hSc;
HANDLE g_hDrv;
BOOLEAN DriverInit(BOOLEAN IsInit)
{
if(IsInit)
{
char szFileName[]="XXXX.sys";//TODO: CHANGE THIS VALUE
char szLinkName[]="\\\\.\\XXXX";//TODO: CHANGE THIS VALUE
CHAR szDrvFile={0};
GetAppPath(szDrvFile);
strcat(szDrvFile,szFileName);
g_hSc=InstallDriver(szDrvFile,szFileName);
if(g_hSc)
{
StartDriver(g_hSc);
g_hDrv=OpenDriver(szLinkName);
if(g_hDrv)
return 1;
else
return 0;
}
return 0;
}
else
{
BOOLEAN b;
b=CloseDriver(g_hDrv);if(!b) return 0;
b=StopDriver(g_hSc);if(!b) return 0;
b=RemoveDriver(g_hSc);if(!b) return 0;
b=CloseServiceHandle(g_hSc);if(!b) return 0;
return 1;
}
}
void main()
{
BOOLEAN b;
b=DriverInit(1);if(b){puts("load driver OK!");}else{puts("load driver failed!");return;}
system("pause");
//ControlDriver(g_hDrv,0x800,0,0,0,0,0);
b=DriverInit(0);if(b){puts("unload driver OK!");}else{puts("unload driver failed!");}
system("pause");
}
页:
[1]