EXE部分

[cpp]?view plaincopy

#include?<stdio.h>??

#include?<Windows.h>??

??

int?main?(void)??

{??

????char?linkname[]="\\\\.\\HelloDDK";??

????HANDLE?hDevice?=?CreateFileA(linkname,GENERIC_READ?|?GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);??

????if?(hDevice?==?INVALID_HANDLE_VALUE)??

????{??

????????printf("Win32?error?code:?%d\n",GetLastError());??

????????return?1;??

????}??

??

????UCHAR?buffer[10]={0};??

????ULONG?ulRead=0;??

????if?(ReadFile(hDevice,buffer,10,&ulRead,NULL))??

????{??

????????printf("Read?%d?bytes:",ulRead);??

????????for?(int?i=0;i<(int)ulRead;i++)??

????????{??

????????????printf("%02X?",buffer[i]);??

????????}??

????????printf("\n");??

????}??

????getchar();??

????getchar();??

??

????ulRead=0;??

????if?(WriteFile(hDevice,buffer,10,&ulRead,NULL))??

????{??

????????printf("write?%d?bytes\n",ulRead);??

????????for?(int?i=0;i<(int)ulRead;i++)??

????????{??

????????????printf("%02X?",buffer[i]);??

????????}??

????????printf("\n");??

????}??

??

????CloseHandle(hDevice);??

??

????getchar();??

????getchar();??

????return?0;??

}??

?

?

SYS部分

[cpp]?view plaincopy

#pragma?once??

??

#include?<ntddk.h>??

#define?CountArray(Array)??(????sizeof(Array)???/???sizeof(Array[0])????)??

??

#define?MAX_FILE_LENGTH?1024??

??

typedef?struct?_DEVICE_EXTENSION??

{??

????PDEVICE_OBJECT?pDevice;?????????????????????????????????????//設(shè)備對(duì)象??

????UNICODE_STRING?ustrDeviceName;??????????????????//設(shè)備名稱??

????UNICODE_STRING?ustrSymLinkName;?????????????????//符號(hào)名稱??

??

????PUCHAR??????buffer;?????????????????????????????????????????????????//緩沖區(qū)指針??

????ULONG???????file_length;????????????????????????????????????????????//緩沖區(qū)長(zhǎng)度??

}DEVICE_EXTENSION,*PDEVICE_EXTENSION;??

??

??

??

#ifdef?__cplusplus??

extern?"C"?NTSTATUS?DriverEntry(IN?PDRIVER_OBJECT?DriverObject,?IN?PUNICODE_STRING??RegistryPath);??

#endif??

??

void?HelloUnload(IN?PDRIVER_OBJECT?DriverObject);???????????????????????????????????????????????????????//卸載函數(shù)??

NTSTATUS?CreateDevice(PDRIVER_OBJECT?PDevObj);??????????????????????????????????????????????????//創(chuàng)建設(shè)備??

NTSTATUS?HelloDDKDispatchRoutine(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrp);???//派遣函數(shù)??

NTSTATUS?HelloDDKRead(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP);??????????????????????//讀請(qǐng)求派遣函數(shù)??

NTSTATUS?HelloDDKWrite(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP);?????????????????????//寫(xiě)請(qǐng)求派遣函數(shù)??

?

[cpp]?view plaincopy

#include?"hello.h"??

??

NTSTATUS?DriverEntry(IN?PDRIVER_OBJECT?DriverObject,?IN?PUNICODE_STRING??RegistryPath)??

{??

????????DbgPrint("Hello?from!\n");??

????????DriverObject->DriverUnload?=?HelloUnload;??

????????for?(int?i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)??

????????{??

????????????DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;??

????????}??

????????DriverObject->MajorFunction[IRP_MJ_READ]=HelloDDKRead;???????????//設(shè)置讀派遣函數(shù)??

????????DriverObject->MajorFunction[IRP_MJ_WRITE]=HelloDDKWrite;?????//設(shè)置寫(xiě)派遣函數(shù)??

??

??

//#if?DBG??

//??????_asm?int?3??

//#endif??

????????//創(chuàng)建設(shè)備??

????????CreateDevice(DriverObject);??

??

????????return?STATUS_SUCCESS;??

}??

??

//讀派遣函數(shù)??

NTSTATUS?HelloDDKRead(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP)??

{??

//#if?DBG??

//??_asm?int?3??

//#endif??

????PDEVICE_EXTENSION?pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;??

????NTSTATUS?status=STATUS_SUCCESS;??

??

????PIO_STACK_LOCATION?stack=IoGetCurrentIrpStackLocation(pIrP);????????????????????????????//獲取當(dāng)前堆棧??

????ULONG?ulReadLength=stack->Parameters.Read.Length;????????????????????????????????????????????//獲取讀的長(zhǎng)度??

????ULONG?ulReadOffset=(ULONG)stack->Parameters.Read.ByteOffset.QuadPart;????//獲取讀的偏移??

????PVOID?user_address=pIrP->UserBuffer;?????????????????????????????????????????????????????????????????????????//獲取用戶模式地址??

??

????if?(user_address==NULL)??

????{??

????????ASSERT(FALSE);??

????????//完成IRP??

????????pIrP->IoStatus.Status=STATUS_UNSUCCESSFUL;???????????????????????????????????//設(shè)置完成狀態(tài)??

????????pIrP->IoStatus.Information=0;????????????????????????????????????????????????????????????????????//設(shè)置讀取長(zhǎng)度??

????????IoCompleteRequest(pIrP,IO_NO_INCREMENT);????????????????????????????????????????//完成IRP??

????????return?status;??

????}??

????DbgPrint("0X%0X\n",user_address);??

??

????__try??

????{??

????????????//判斷指針是否可寫(xiě)??

????????ProbeForWrite(user_address,ulReadLength,4);??

????????memset(user_address,0XAA,ulReadLength);??

????????DbgPrint("測(cè)試下");??

????}??

????__except(EXCEPTION_EXECUTE_HANDLER)??

????{??

????????DbgPrint("打我PG我不乖\n");??

????????status=STATUS_UNSUCCESSFUL;??

????}??

??

????//完成IRP??

????pIrP->IoStatus.Status=status;????????????????????????????????????????????????????????????????????//設(shè)置完成狀態(tài)??

????pIrP->IoStatus.Information=ulReadLength;?????????????????????????????????????????//設(shè)置讀取長(zhǎng)度??

????IoCompleteRequest(pIrP,IO_NO_INCREMENT);????????????????????????????????????????//完成IRP??

??

????return?status;??

}??

??

//寫(xiě)派遣函數(shù)??

NTSTATUS?HelloDDKWrite(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP)??

{??

//#if?DBG??

//??_asm?int?3??

//#endif??

????PDEVICE_EXTENSION?pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;??

????NTSTATUS?status=STATUS_SUCCESS;??

??

????PIO_STACK_LOCATION?stack=IoGetCurrentIrpStackLocation(pIrP);??

????ULONG?ulWriteLength=stack->Parameters.Read.Length;???????????????????????????????????????????//獲取寫(xiě)的長(zhǎng)度??

????ULONG?ulReadOffset=(ULONG)stack->Parameters.Read.ByteOffset.QuadPart;????//獲取寫(xiě)的偏移??

????PVOID?user_address=pIrP->UserBuffer;?????????????????????????????????????????????????????????????????????????//獲取用戶模式地址??

??

????if?(user_address==NULL)??

????{??

????????ASSERT(FALSE);??

????????//完成IRP??

????????pIrP->IoStatus.Status=STATUS_UNSUCCESSFUL;???????????????????????????????????//設(shè)置完成狀態(tài)??

????????pIrP->IoStatus.Information=0;????????????????????????????????????????????????????????????????????//設(shè)置讀取長(zhǎng)度??

????????IoCompleteRequest(pIrP,IO_NO_INCREMENT);????????????????????????????????????????//完成IRP??

????????return?status;??

????}??

????DbgPrint("0X%0X\n",user_address);??

??

????__try??

????{??

????????//判斷指針是否可寫(xiě)??

????????ProbeForWrite(user_address,ulWriteLength,4);??

??

????????UCHAR?buffer[10]={0};??

????????memcpy(buffer,user_address,ulWriteLength);??

????????for?(int?i=0;i<(int)ulWriteLength;i++)??

????????{??

????????????DbgPrint("%02x\n",buffer[i]);??

????????}??

??

????????memset(user_address,0XAA,ulWriteLength);??

??

????????DbgPrint("測(cè)試下");??

????}??

????__except(EXCEPTION_EXECUTE_HANDLER)??

????{??

????????DbgPrint("打我PG我不乖\n");??

????????status=STATUS_UNSUCCESSFUL;??

????}??

??

????//完成IRP??

????pIrP->IoStatus.Status=status;????????????????????????????????????????????????????????????????????//設(shè)置完成狀態(tài)??

????pIrP->IoStatus.Information=ulWriteLength;????????????????????????????????????????????//設(shè)置寫(xiě)取長(zhǎng)度??

????IoCompleteRequest(pIrP,IO_NO_INCREMENT);????????????????????????????????????????//完成IRP??

??

????return?status;??

}??

??

//卸載函數(shù)??

void?HelloUnload(IN?PDRIVER_OBJECT?DriverObject)??

{??

????????DbgPrint("Goodbye?from!\n");??

????????PDEVICE_OBJECT?pNextObj=NULL;??

????????pNextObj=DriverObject->DeviceObject;??

??

????????while?(pNextObj)??

????????{??

????????????PDEVICE_EXTENSION?pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;??

????????????//釋放內(nèi)存??

????????????if?(pDevExt->buffer)??

????????????{??

????????????????ExFreePool(pDevExt->buffer);??

????????????????pDevExt->buffer=NULL;??

????????????}??

????????????//刪除符號(hào)連接??

????????????IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);??

????????????//刪除設(shè)備??

????????????IoDeleteDevice(pDevExt->pDevice);??

????????????pNextObj=pNextObj->NextDevice;??

????????}??

}??

??

//創(chuàng)建設(shè)備??

NTSTATUS?CreateDevice(PDRIVER_OBJECT?pDriver_Object)??

{??

????//定義變量??

????NTSTATUS?status=STATUS_SUCCESS;??

????PDEVICE_OBJECT?pDevObje=NULL;??

????PDEVICE_EXTENSION?pDevExt=NULL;??

??

????//初始化字符串??

????UNICODE_STRING?devname;??

????UNICODE_STRING?symLinkName;??

????RtlInitUnicodeString(&devname,L"\\device\\hello");??

????RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");??

??

????//創(chuàng)建設(shè)備??

????if?(IoCreateDevice(pDriver_Object,sizeof(PDEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObje)!=STATUS_SUCCESS?)??

????{??

????????DbgPrint("創(chuàng)建設(shè)備失敗\n");??

????????return?status;??

????}??

??

????pDevExt=(PDEVICE_EXTENSION)pDevObje->DeviceExtension;??

????pDevExt->pDevice=pDevObje;??

????pDevExt->ustrDeviceName=devname;??

????pDevExt->ustrSymLinkName=symLinkName;??

??

????//申請(qǐng)模擬文件的緩沖區(qū)??

????pDevExt->buffer=(PUCHAR)ExAllocatePool(PagedPool,MAX_FILE_LENGTH);??

????pDevExt->file_length=0;??

??

????if?(pDevExt->buffer==NULL)??

????{??

????????DbgPrint("內(nèi)存分配失敗\n");??

????}??

??

??

????//創(chuàng)建符號(hào)連接??

????if?(IoCreateSymbolicLink(&symLinkName,&devname)!=STATUS_SUCCESS?)??

????{??

????????DbgPrint("創(chuàng)建符號(hào)連接失敗\n");??

????????IoDeleteDevice(pDevObje);??

????????return?status;??

????}??

????return?STATUS_SUCCESS;??

}??

??

//派遣函數(shù)??

NTSTATUS?HelloDDKDispatchRoutine(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP)??

{??

//#if?DBG??

//??_asm?int?3??

//#endif??

??

????PIO_STACK_LOCATION?stack?=?IoGetCurrentIrpStackLocation(pIrP);??

????//建立一個(gè)字符串?dāng)?shù)組與IRP類型對(duì)應(yīng)起來(lái)??

????static?char*?irpname[]?=???

????{??

????????"IRP_MJ_CREATE",??

????????"IRP_MJ_CREATE_NAMED_PIPE",??

????????"IRP_MJ_CLOSE",??

????????"IRP_MJ_READ",??

????????"IRP_MJ_WRITE",??

????????"IRP_MJ_QUERY_INFORMATION",??

????????"IRP_MJ_SET_INFORMATION",??

????????"IRP_MJ_QUERY_EA",??

????????"IRP_MJ_SET_EA",??

????????"IRP_MJ_FLUSH_BUFFERS",??

????????"IRP_MJ_QUERY_VOLUME_INFORMATION",??

????????"IRP_MJ_SET_VOLUME_INFORMATION",??

????????"IRP_MJ_DIRECTORY_CONTROL",??

????????"IRP_MJ_FILE_SYSTEM_CONTROL",??

????????"IRP_MJ_DEVICE_CONTROL",??

????????"IRP_MJ_INTERNAL_DEVICE_CONTROL",??

????????"IRP_MJ_SHUTDOWN",??

????????"IRP_MJ_LOCK_CONTROL",??

????????"IRP_MJ_CLEANUP",??

????????"IRP_MJ_CREATE_MAILSLOT",??

????????"IRP_MJ_QUERY_SECURITY",??

????????"IRP_MJ_SET_SECURITY",??

????????"IRP_MJ_POWER",??

????????"IRP_MJ_SYSTEM_CONTROL",??

????????"IRP_MJ_DEVICE_CHANGE",??

????????"IRP_MJ_QUERY_QUOTA",??

????????"IRP_MJ_SET_QUOTA",??

????????"IRP_MJ_PNP",??

????};??

??

????UCHAR?type?=?stack->MajorFunction;??

??

????if?(type?>=?CountArray(irpname))??

????????KdPrint(("無(wú)效的IRP類型?%X\n",?type));??

????else??

????????KdPrint(("%s\n",?irpname[type]));??

??

??

??

??

????pIrP->IoStatus.Status=STATUS_SUCCESS;????????????????????//設(shè)置完成狀態(tài)??

????pIrP->IoStatus.Information=0;????????????????????????????????????????//設(shè)置操作字節(jié)為0??

????IoCompleteRequest(pIrP,IO_NO_INCREMENT);????????????//結(jié)束IRP派遣函數(shù)，第二個(gè)參數(shù)表示不增加優(yōu)先級(jí)??

????return?STATUS_SUCCESS;??

}?

總結(jié)

以上是生活随笔為你收集整理的EXE和SYS通信(ReadFile WriteFile) 其他方式的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。