(资料图片仅供参考)

https://blog.csdn.net/csdn_gddf102384398/article/details/106835990

驱动程序DriverEntry.c

#include #define DEVICE_NAMEL"\\Device\\MyDDKDevice1"#define SYMBOLIC_LINK_NAMEL"\\??\\MyDDKDevice1"#define DEVICE_EX_SIZE200//读设备#define READ_CTL_CODE CTL_CODE(FILE_DEVICE_UNKNOWN,0x830,METHOD_BUFFERED,FILE_READ_ACCESS)//写设备#define WRITE_CTL_CODE CTL_CODE(FILE_DEVICE_UNKNOWN,0x831,METHOD_BUFFERED,FILE_WRITE_ACCESS)VOID DriverUnload(__in struct _DRIVER_OBJECT *DriverObject){UNICODE_STRING symbolLinkName;DbgPrint("DriverUnload\n");if (DriverObject->DeviceObject)IoDeleteDevice(DriverObject->DeviceObject);RtlInitUnicodeString(&symbolLinkName, SYMBOLIC_LINK_NAME);IoDeleteSymbolicLink(&symbolLinkName);}NTSTATUS OnCreateDevice(__in struct _DEVICE_OBJECT *DeviceObject, __inout struct _IRP *Irp){NTSTATUS status = STATUS_SUCCESS;DbgPrint("OnCreateDevice\n");Irp->IoStatus.Status = status;Irp->IoStatus.Information = 0;IoCompleteRequest(Irp, IO_NO_INCREMENT);return status;}NTSTATUS OnReadDevice(__in struct _DEVICE_OBJECT *DeviceObject, __inout struct _IRP *Irp){NTSTATUS status = STATUS_SUCCESS;PIO_STACK_LOCATION stack;ULONG wantRead;char* pData = "This data is from kernel.";int len = strlen(pData) + 1;DbgPrint("OnReadDevice\n");stack = IoGetCurrentIrpStackLocation(Irp);wantRead = stack->Parameters.Read.Length;//用户想要读取的字节数DbgPrint("App wants to read %d bytes\n", wantRead);// 完成IRP//设置IRP完成状态Irp->IoStatus.Status = status;//设置IRP操作了多少字节Irp->IoStatus.Information = len;DbgPrint("readBuf address:%p\n", Irp->AssociatedIrp.SystemBuffer);memcpy(Irp->AssociatedIrp.SystemBuffer, pData, len);//处理IRPIoCompleteRequest(Irp, IO_NO_INCREMENT);return status;}NTSTATUS OnWriteDevice(__in struct _DEVICE_OBJECT *DeviceObject, __inout struct _IRP *Irp){NTSTATUS status = STATUS_SUCCESS;PIO_STACK_LOCATION stack;ULONG len;//App写到内核的数据量DbgPrint("OnWriteDevice\n");stack = IoGetCurrentIrpStackLocation(Irp);len = stack->Parameters.Write.Length;//App写到内核的数据量DbgPrint("writeBuf address:%p\n", Irp->AssociatedIrp.SystemBuffer);DbgPrint("Kernel recved %d bytes from App.The content is:%s\n", len, Irp->AssociatedIrp.SystemBuffer);// 完成IRP//设置IRP完成状态Irp->IoStatus.Status = status;//设置IRP操作了多少字节Irp->IoStatus.Information = 13;RtlZeroMemory(DeviceObject->DeviceExtension, DEVICE_EX_SIZE);memcpy(DeviceObject->DeviceExtension, Irp->AssociatedIrp.SystemBuffer, len);//处理IRPIoCompleteRequest(Irp, IO_NO_INCREMENT);return status;}NTSTATUS OnCloseDevice(__in struct _DEVICE_OBJECT *DeviceObject, __inout struct _IRP *Irp){NTSTATUS status = STATUS_SUCCESS;DbgPrint("OnCloseDevice\n");Irp->IoStatus.Status = status;Irp->IoStatus.Information = 0;IoCompleteRequest(Irp, IO_NO_INCREMENT);return status;}NTSTATUS OnCleanupDevice(__in struct _DEVICE_OBJECT *DeviceObject, __inout struct _IRP *Irp){NTSTATUS status = STATUS_SUCCESS;DbgPrint("OnCleanupDevice\n");Irp->IoStatus.Status = status;Irp->IoStatus.Information = 0;IoCompleteRequest(Irp, IO_NO_INCREMENT);return status;}NTSTATUS OnDeviceIoControl(__in struct _DEVICE_OBJECT *DeviceObject, __inout struct _IRP *Irp){NTSTATUS status = STATUS_SUCCESS;ULONG_PTR Informaiton = 0;PVOID InputData = NULL;ULONG InputDataLength = 0;PVOID OutputData = NULL;ULONG OutputDataLength = 0;ULONG IoControlCode = 0;char* pData = NULL;int len = 0;PIO_STACK_LOCATION  IoStackLocation = IoGetCurrentIrpStackLocation(Irp);  //Irp堆栈  IoControlCode = IoStackLocation->Parameters.DeviceIoControl.IoControlCode;DbgPrint("OnDeviceIoControl\n");switch (IoControlCode){case WRITE_CTL_CODE:InputData = Irp->AssociatedIrp.SystemBuffer;InputDataLength = IoStackLocation->Parameters.DeviceIoControl.InputBufferLength;DbgPrint("App write to kernel by DeviceIoControl %d bytes,the content is:%s\n", InputDataLength, InputData);Irp->IoStatus.Information = InputDataLength;break;case READ_CTL_CODE:OutputData = Irp->AssociatedIrp.SystemBuffer;OutputDataLength = IoStackLocation->Parameters.DeviceIoControl.OutputBufferLength;DbgPrint("App wants to read %d bytes from kernel by DeviceIoControl\n", OutputDataLength);pData = "Ring0 --> Ring3";len = strlen(pData) + 1;memcpy(OutputData, pData, len);Irp->IoStatus.Information = len;break;}Irp->IoStatus.Status = status;IoCompleteRequest(Irp, IO_NO_INCREMENT);return status;}NTSTATUS DriverEntry(__in struct _DRIVER_OBJECT  *DriverObject, __in PUNICODE_STRING  RegistryPath){NTSTATUS status = STATUS_SUCCESS;DEVICE_OBJECT* pdo;UNICODE_STRING devicename, symbolLinkName;RtlInitUnicodeString(&devicename, DEVICE_NAME);RtlInitUnicodeString(&symbolLinkName, SYMBOLIC_LINK_NAME);DbgPrint("DriverEntry\n");status = IoCreateDevice(DriverObject, DEVICE_EX_SIZE, &devicename, FILE_DEVICE_UNKNOWN, 0, TRUE, &pdo);if (!NT_SUCCESS(status)){DbgPrint("Create Device Object Failed:%x\n", status);return status;}pdo->Flags |= DO_BUFFERED_IO;status = IoCreateSymbolicLink(&symbolLinkName, &devicename);if (!NT_SUCCESS(status)){DbgPrint("Create SymbolicLink Name Failed:%x\n", status);IoDeleteDevice(pdo);return status;}DriverObject->MajorFunction[IRP_MJ_CREATE] = OnCreateDevice;DriverObject->MajorFunction[IRP_MJ_READ] = OnReadDevice;DriverObject->MajorFunction[IRP_MJ_WRITE] = OnWriteDevice;DriverObject->MajorFunction[IRP_MJ_CLOSE] = OnCloseDevice;DriverObject->MajorFunction[IRP_MJ_CLEANUP] = OnCleanupDevice;DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = OnDeviceIoControl;DriverObject->DriverUnload = DriverUnload;return status;}

应用程序main.c

#include #include #include #include #define DEVICE_NAME "\\\\.\\MyDDKDevice1"//读设备#define READ_CTL_CODE CTL_CODE(FILE_DEVICE_UNKNOWN,0x830,METHOD_BUFFERED,FILE_READ_ACCESS)//写设备#define WRITE_CTL_CODE CTL_CODE(FILE_DEVICE_UNKNOWN,0x831,METHOD_BUFFERED,FILE_WRITE_ACCESS)DWORD ReadMyDevice(HANDLE hDevice, char* buf, int len){DWORD dwRead = 0;DeviceIoControl(hDevice, READ_CTL_CODE, NULL, 0, buf, len, &dwRead, NULL);return dwRead;}DWORD WriteMyDevice(HANDLE hDevice,char* buf,int len){DWORD dwWrite = 0;DeviceIoControl(hDevice, WRITE_CTL_CODE, buf, len, NULL, 0, &dwWrite, NULL);return dwWrite;}void main(){system("pause"); HANDLE hDevice = CreateFileA(DEVICE_NAME, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE,NULL, OPEN_EXISTING, FILE_ATTRIBUTE_DEVICE, NULL);if (hDevice == INVALID_HANDLE_VALUE){printf("打开设备失败\n");system("pause");return;}char readBuf[50] = {0};char* pWriteBuf = "This Data is from App.";int len = strlen(pWriteBuf) + 1;DWORD dwRead = 0, dwWrite = 0;system("pause");if (ReadFile(hDevice, readBuf, sizeof(readBuf), &dwRead, NULL)){printf("readBuf地址为：%p\n",readBuf);printf("从设备读取了%d字节数据，内容为：%s\n", dwRead, readBuf);}system("pause");if (WriteFile(hDevice, pWriteBuf, len, &dwWrite, NULL)){printf("pWriteBuf地址为：%p\n", pWriteBuf);printf("实际写入设备%d字节\n", dwWrite);}printf("写设备\n");system("pause");dwWrite = 0;pWriteBuf = "Ring3 --> Ring0";len = strlen(pWriteBuf) + 1;dwWrite=WriteMyDevice(hDevice, pWriteBuf, len);printf("通过DeviceIoControl写入设备%d字节\n", dwWrite);printf("读设备\n");system("pause");memset(readBuf, 0, sizeof(readBuf));dwRead = 0;dwRead = ReadMyDevice(hDevice, readBuf, sizeof(readBuf));printf("通过DeviceIoControl读取设备%d字节，读取的内容为：%s\n", dwRead, readBuf);system("pause");CloseHandle(hDevice);system("pause");}

makefile文件：

!INCLUDE $(NTMAKEENV)\makefile.def

sources文件

TARGETNAME=WinDDK1_Win7_X64TARGETTYPE=DRIVERSOURCES=DriverEntry.c

运行截图：

关键词：