[开源]VB.NET实现加载驱动，通用32/64的Windows平台

tangptr@126.com

不知为何，这份代码有个很奇怪的BUG，就是不能加载路径太长的驱动，比如桌面上的驱动。。。（梧桐牛说可能是MAX_PATH的问题）
首先创建cls_Driver的类文件，代码如下：

1. Private Declare Function OpenSCManager Lib "advapi32.dll" Alias "OpenSCManagerA" (ByVal lpMachineName As String, ByVal lpDatabaseName As String, ByVal dwDesiredAccess As Integer) As IntPtr
   
2.     Private Declare Function OpenService Lib "advapi32.dll" Alias "OpenServiceA" (ByVal hSCManager As IntPtr, ByVal lpServiceName As String, ByVal dwDesiredAccess As Integer) As IntPtr
   
3.     Private Declare Function StartService Lib "advapi32.dll" Alias "StartServiceA" (ByVal hService As IntPtr, ByVal dwNumServiceArgs As Integer, ByVal lpServiceArgVectors As IntPtr) As Integer
   
4.     Private Declare Function CreateService Lib "advapi32.dll" Alias "CreateServiceA" (ByVal hSCManager As IntPtr, ByVal lpServiceName As String, ByVal lpDisplayName As String, ByVal dwDesiredAccess As Integer, ByVal dwServiceType As Integer, ByVal dwStartType As Integer, ByVal dwErrorControl As Integer, ByVal lpBinaryPathName As String, ByVal lpLoadOrderGroup As UIntPtr, ByVal lpdwTagId As Integer, ByVal lpDependencies As UIntPtr, ByVal lp As UIntPtr, ByVal lpPassword As UIntPtr) As IntPtr
   
5.     Private Declare Function ControlService Lib "advapi32.dll" (ByVal hService As IntPtr, ByVal dwControl As Integer, ByRef lpServiceStatus As SERVICE_STATUS) As Integer
   
6.     Private Declare Function DeviceIoControl Lib "kernel32" (ByVal hDevice As IntPtr, ByVal dwIoControlCode As Integer, ByVal lpInBuffer As UIntPtr, ByVal nInBufferSize As UInteger, ByVal lpOutBuffer As UIntPtr, ByVal nOutBufferSize As UInteger, ByVal lpBytesReturned As UIntPtr, ByRef lpOverlapped As OVERLAPPED) As Integer
   
7.     Private Declare Function DeleteService Lib "advapi32.dll" (ByVal hService As IntPtr) As Integer
   
8.     Private Declare Function CloseServiceHandle Lib "advapi32.dll" (ByVal hSCObject As IntPtr) As Integer
   
9.     Private Declare Function QueryServiceStatus Lib "advapi32.dll" (ByVal hService As IntPtr, ByRef lpServiceStatus As SERVICE_STATUS) As Integer
   
10.     Private Declare Function CreateFile Lib "kernel32.dll" Alias "CreateFileA" (ByVal lpFileName As String, ByVal dwDesiredAccess As Integer, ByVal dwShareMode As Integer, ByVal lpSecurityAttributes As UIntPtr, ByVal dwCreationDisposition As Integer, ByVal dwFlagsAndAttributes As Integer, ByVal hTemplateFile As IntPtr) As IntPtr
    
11.     Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As IntPtr) As Integer
    
12.     Private Declare Function GetLastError Lib "kernel32.dll" () As Integer
    
13.     Private Declare Sub Sleep Lib "kernel32.dll" (ByVal dwMilliseconds As UInteger)
    
14. 
    
15.     Private Const SC_MANAGER_CONNECT = &H1
    
16.     Private Const SC_MANAGER_CREATE_SERVICE = &H2
    
17.     Private Const SC_MANAGER_ENUMERATE_SERVICE = &H4
    
18.     Private Const SC_MANAGER_LOCK = &H8
    
19.     Private Const SC_MANAGER_QUERY_LOCK_STATUS = &H10
    
20.     Private Const SC_MANAGER_MODIFY_BOOT_CONFIG = &H20
    
21.     Private Const STANDARD_RIGHTS_REQUIRED = &HF0000
    
22.     Private Const SC_MANAGER_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED Or SC_MANAGER_CONNECT Or SC_MANAGER_CREATE_SERVICE Or SC_MANAGER_ENUMERATE_SERVICE Or SC_MANAGER_LOCK Or SC_MANAGER_QUERY_LOCK_STATUS Or SC_MANAGER_MODIFY_BOOT_CONFIG)
    
23. 
    
24.     Private Const SERVICE_QUERY_CONFIG = &H1
    
25.     Private Const SERVICE_CHANGE_CONFIG = &H2
    
26.     Private Const SERVICE_QUERY_STATUS = &H4
    
27.     Private Const SERVICE_ENUMERATE_DEPENDENTS = &H8
    
28.     Private Const SERVICE_START = &H10
    
29.     Private Const SERVICE_STOP = &H20
    
30.     Private Const SERVICE_PAUSE_CONTINUE = &H40
    
31.     Private Const SERVICE_INTERROGATE = &H80
    
32.     Private Const SERVICE_USER_DEFINED_CONTROL = &H100
    
33.     Private Const SERVICE_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED Or SERVICE_QUERY_CONFIG Or SERVICE_CHANGE_CONFIG Or SERVICE_QUERY_STATUS Or SERVICE_ENUMERATE_DEPENDENTS Or SERVICE_START Or SERVICE_STOP Or SERVICE_PAUSE_CONTINUE Or SERVICE_INTERROGATE Or SERVICE_USER_DEFINED_CONTROL)
    
34. 
    
35.     Private Const SERVICE_KERNEL_DRIVER As Integer = &H1
    
36. 
    
37.     Private Const SERVICE_DEMAND_START As Integer = &H3
    
38. 
    
39.     Private Const SERVICE_ERROR_NORMAL As Integer = &H1
    
40. 
    
41.     Private Const SERVICE_CONTROL_STOP = &H1
    
42. 
    
43.     Private Structure SERVICE_STATUS
    
44.         Dim dwServiceType As Integer
    
45.         Dim dwCurrentState As Integer
    
46.         Dim dwControlsAccepted As Integer
    
47.         Dim dwWin32ExitCode As Integer
    
48.         Dim dwServiceSpecificExitCode As Integer
    
49.         Dim dwCheckPoint As Integer
    
50.         Dim dwWaitHint As Integer
    
51.     End Structure
    
52.     Private Const SERVICE_START_PENDING As Integer = &H2
    
53.     Private Const SERVICE_RUNNING As Integer = &H4
    
54.     Private Const SERVICE_RUNS_IN_SYSTEM_PROCESS As Integer = &H1
    
55.     Private Const SERVICE_STOP_PENDING As Integer = &H3
    
56.     Private Const SERVICE_STOPPED As Integer = &H1
    
57. 
    
58.     Private Const GENERIC_READ As Integer = &H80000000
    
59.     Private Const GENERIC_WRITE As Integer = &H40000000
    
60.     Private Const OPEN_EXISTING As Integer = 3
    
61.     Private Const FILE_ATTRIBUTE_NORMAL As Integer = &H80
    
62.     Private Const FILE_FLAG_OVERLAPPED As Integer = &H40000000
    
63.     Private Const FILE_FLAG_DELETE_ON_CLOSE As Integer = &H4000000
    
64.     Private Const FILE_SHARE_READ As Integer = &H1
    
65.     Private Const FILE_SHARE_WRITE As Integer = &H2
    
66. 
    
67.     Private Structure OVERLAPPED
    
68.         Dim InternalLow As UIntPtr
    
69.         Dim InternalHigh As UIntPtr
    
70.         Dim Pointer As ULong
    
71.         Dim hEvent As IntPtr
    
72.     End Structure
    
73. 
    
74.     Private Const INVALID_HANDLE_VALUE As Long = (-1)
    
75. 
    
76.     Private Const FILE_DEVICE_UNKNOWN As Integer = &H22
    
77.     Private Const METHOD_BUFFERED As Integer = 0
    
78.     Private Const FILE_ANY_ACCESS As Integer = 0
    
79. 
    
80.     Private Const ERROR_SERVICE_EXISTS As Integer = 1073&
    
81.     Private Const ERROR_IO_PENDING As Integer = 997
    
82.     Private Const ERROR_SERVICE_MARKED_FOR_DELETE As Integer = 1072&
    
83. 
    
84.     Public szDrvSvcName As String
    
85.     Public szDrvDisplayName As String
    
86.     Public szDrvFilePath As String
    
87.     Public szDrvLinkName As String 'e.g. "\\.\TestDrv"
    
88. 
    
89.     Dim hSvcHandle As IntPtr
    
90.     Dim scHandle As IntPtr
    
91.     Dim hDrvHandle As IntPtr
    
92. 
    
93.     Public Function InstDrv() As Boolean
    
94.         Static nTry As Integer
    
95.         scHandle = OpenSCManager(vbNullString, vbNullString, SC_MANAGER_ALL_ACCESS)
    
96.         If (Not CBool(scHandle)) Then
    
97.             DelDrv()
    
98.             Return False
    
99.             Exit Function
    
100.         End If
     
101.         hSvcHandle = CreateService(scHandle, szDrvSvcName, szDrvDisplayName, SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, szDrvFilePath, 0, 0, 0, 0, 0)
     
102.         If (Not CBool(hSvcHandle)) Then
     
103.             'If ((GetLastError = ERROR_SERVICE_EXISTS) Or (GetLastError = ERROR_SERVICE_MARKED_FOR_DELETE)) Then
     
104.             If (nTry > 5) Then InstDrv = False : nTry = 0 : Exit Function
     
105.             hSvcHandle = OpenService(scHandle, szDrvSvcName, SERVICE_ALL_ACCESS)
     
106.             DelDrv()
     
107.             nTry = nTry + 1
     
108.             InstDrv()
     
109.             'Else
     
110.             'DelDrv
     
111.             'Exit Function
     
112.             'End If
     
113.         End If
     
114.         InstDrv = True
     
115.     End Function
     
116. 
     
117.     Public Function StartDrv() As Boolean
     
118.         Dim ret&
     
119.         Dim ss As SERVICE_STATUS
     
120.         Call QueryServiceStatus(hSvcHandle, ss)
     
121.         'If (ss.dwCurrentState = SERVICE_RUNS_IN_SYSTEM_PROCESS) Then StartDrv = True: Exit Function
     
122.         ret = StartService(hSvcHandle, 0, 0)
     
123.         If (CBool(ret)) Then
     
124.             Dim nTry As Long : nTry = 0
     
125.             Call QueryServiceStatus(hSvcHandle, ss)
     
126.             While ((ss.dwCurrentState = SERVICE_START_PENDING) And (nTry < 80))
     
127.                 Sleep(50)
     
128.                 nTry = nTry + 1
     
129.                 Call QueryServiceStatus(hSvcHandle, ss)
     
130.             End While
     
131.         End If
     
132.         StartDrv = CBool(ret)
     
133.     End Function
     
134. 
     
135.     Public Function OpenDrv() As Boolean
     
136.         Dim MyFile As String
     
137.         If (hDrvHandle <> INVALID_HANDLE_VALUE) Then OpenDrv = True : Exit Function
     
138.         MyFile = szDrvLinkName
     
139.         If Left(szDrvLinkName, Len("\\.")) <> "\\." Then
     
140.             MyFile = "\\." & szDrvLinkName
     
141.         End If
     
142.         hDrvHandle = CreateFile(MyFile, GENERIC_READ Or GENERIC_WRITE, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0)
     
143.         OpenDrv = (hDrvHandle <> INVALID_HANDLE_VALUE)
     
144.     End Function
     
145. 
     
146.     Public Function IoControl(ByVal dwIoControlCode As Integer, ByVal lpInBuffer As UIntPtr, ByVal nInBufferSize As UInteger, ByVal lpOutBuffer As UIntPtr, ByVal nOutBufferSize As UInteger, Optional ByRef lpBytesReturned As ULong = 0) As Integer
     
147.         Dim lDrvRetSize As Long
     
148.         Dim pOver As OVERLAPPED
     
149.         IoControl = DeviceIoControl(hDrvHandle, dwIoControlCode, lpInBuffer, nInBufferSize, lpOutBuffer, nOutBufferSize, lDrvRetSize, pOver)
     
150.         lpBytesReturned = lDrvRetSize
     
151.     End Function
     
152. 
     
153.     Public Function StopDrv() As Boolean
     
154.         Dim ss As SERVICE_STATUS
     
155.         StopDrv = CBool(ControlService(hSvcHandle, SERVICE_CONTROL_STOP, ss))
     
156.         Dim nTry As Long : nTry = 0
     
157.         Call QueryServiceStatus(hSvcHandle, ss)
     
158.         While ((ss.dwCurrentState = SERVICE_STOP_PENDING) And (nTry < 80))
     
159.             Sleep(50)
     
160.             nTry = nTry + 1
     
161.             Call QueryServiceStatus(hSvcHandle, ss)
     
162.         End While
     
163.     End Function
     
164. 
     
165.     Public Function DelDrv() As Boolean
     
166.         Call CloseHandle(hDrvHandle)
     
167.         Call StopDrv()
     
168.         Call DeleteService(hSvcHandle)
     
169.         Call CloseServiceHandle(hSvcHandle)
     
170.         Call CloseServiceHandle(scHandle)
     
171.         hSvcHandle = 0
     
172.         scHandle = 0
     
173.         DelDrv = True
     
174.     End Function
     
175. 
     
176.     '构造函数
     
177.     Sub New(ByVal FilePath As String, ByVal DisplayName As String, ByVal LinkName As String, ByVal ServiceName As String)
     
178.         hSvcHandle = 0
     
179.         scHandle = 0
     
180.         hDrvHandle = INVALID_HANDLE_VALUE
     
181.         szDrvDisplayName = DisplayName
     
182.         szDrvFilePath = FilePath
     
183.         szDrvLinkName = LinkName
     
184.         szDrvSvcName = ServiceName
     
185.     End Sub
     
186. 
     
187.     Sub Terminate()
     
188.         DelDrv()
     
189.     End Sub
     
190. 
     
191.     Public Function CTL_CODE(ByVal lngDevFileSys As Integer, ByVal lngFunction As Integer, ByVal lngMethod As Integer, ByVal lngAccess As Integer) As Integer
     
192.         CTL_CODE = CInt((lngDevFileSys * (2 ^ 16))) Or CInt((lngAccess * (2 ^ 14))) Or CInt((lngFunction * (2 ^ 2))) Or lngMethod
     
193.     End Function
     
194. 
     
195.     Public Function CTL_CODE_GEN(ByVal lngFunction As Long) As Integer
     
196.         CTL_CODE_GEN = CInt((FILE_DEVICE_UNKNOWN * (2 ^ 16))) Or CInt((FILE_ANY_ACCESS * (2 ^ 14))) Or CInt((lngFunction * (2 ^ 2))) Or METHOD_BUFFERED
     
197.     End Function

复制代码

定义一个新驱动：

1. Dim a As New cls_Driver(文件名,显示名,链接名,服务名)

复制代码

加载驱动：

1. With a
   
2.             .InstDrv()
   
3.             .StartDrv()
   
4.             If .OpenDrv = False Then MsgBox("Failed to load driver!", vbExclamation, "Error") : End
   
5. End With

复制代码

卸载驱动：

1. With DrvCtrl
   
2.             .StopDrv()
   
3.             .DelDrv()
   
4. End With

复制代码

Tesla.Angela

感觉这个有点多余了。直接利用.NET提供的注册表操作类写好注册表数据，然后调用ZwLoadDriver即可。