EXE部分

[cpp]?view plaincopy

#ifndef??IOCTLS_H??

#define??IOCTLS_H??

??

??

#ifndef?CTL_CODE??

#pragma??message("CTL_CODE?undefined.?Include?winioctl.h?or?ntddk.h")??

#endif??

??

??

//緩沖內存模式IOCTL??

#define?IOCTL_TEST1??CTL_CODE(FILE_DEVICE_UNKNOWN,0X800,METHOD_BUFFERED,FILE_ANY_ACCESS)??

??

//直接內存模式IOCTL??

#define?IOCTL_TEST2?CTL_CODE(FILE_DEVICE_UNKNOWN,0X801,METHOD_IN_DIRECT,FILE_ANY_ACCESS)??

#define?IOCTL_TEST3?CTL_CODE(FILE_DEVICE_UNKNOWN,0X802,METHOD_OUT_DIRECT,FILE_ANY_ACCESS)??

??

//其他內存模式IOCTL??

#define?IOCTL_TEST4?CTL_CODE(FILE_DEVICE_UNKNOWN,0X803,METHOD_NEITHER,FILE_ANY_ACCESS)??

??

??

#endif??

?

[cpp]?view plaincopy

#include?<stdio.h>??

#include?<Windows.h>??

#include?<WinIoCtl.h>??

#include?"Ioctl.h"??

??

??

??

int?main?(void)??

{??

????char?linkname[]="\\\\.\\HelloDDK";??

????HANDLE?hDevice?=?CreateFileA(linkname,GENERIC_READ?|?GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);??

????if?(hDevice?==?INVALID_HANDLE_VALUE)??

????{??

????????printf("Win32?error?code:?%d\n",GetLastError());??

????????return?1;??

????}??

??

??

????UCHAR?InputBuffer[10]={0};??

????UCHAR?OutputBuffer[10]={0};??

????DWORD?dwOutput=0;??

????memset(InputBuffer,0xBB,10);??

??

????if?(DeviceIoControl(hDevice,IOCTL_TEST1,InputBuffer,sizeof(InputBuffer),OutputBuffer,sizeof(OutputBuffer),&dwOutput,NULL))??

????{??

????????printf("讀入字節數%d\n",dwOutput);??

????????for?(int?i=0;i<(int)dwOutput;i++)??

????????{??

????????????printf("%02X",OutputBuffer[i]);??

????????}??

????????printf("\n");??

????}??

????getchar();??

????getchar();??

??????

????if?(DeviceIoControl(hDevice,IOCTL_TEST2,InputBuffer,sizeof(InputBuffer),OutputBuffer,sizeof(OutputBuffer),&dwOutput,NULL))??

????{??

????????printf("讀入字節數%d\n",dwOutput);??

????????for?(int?i=0;i<(int)dwOutput;i++)??

????????{??

????????????printf("%02X",OutputBuffer[i]);??

????????}??

????????printf("\n");??

????}??

????getchar();??

????getchar();??

??

????if?(DeviceIoControl(hDevice,IOCTL_TEST4,InputBuffer,sizeof(InputBuffer),OutputBuffer,sizeof(OutputBuffer),&dwOutput,NULL))??

????{??

????????printf("讀入字節數%d\n",dwOutput);??

????????for?(int?i=0;i<(int)dwOutput;i++)??

????????{??

????????????printf("%02X",OutputBuffer[i]);??

????????}??

????????printf("\n");??

????}??

????getchar();??

????getchar();??

??

??

????CloseHandle(hDevice);??

??

????getchar();??

????getchar();??

????return?0;??

}??

?

?

?

?

SYS部分

[cpp]?view plaincopy

#pragma??message("哈哈哈哈哈哈哈哈哈哈哈哈哈哈11111111112222")??

#ifndef??IOCTLS_H??

#define?IOCTLS_H??

??

??

#ifndef?CTL_CODE??

#pragma??message("CTL_CODE?undefined.?Include?winioctl.h?or?ntddk.h")??

#endif??

??

??

//緩沖內存模式IOCTL??

#define?IOCTL_TEST1??CTL_CODE(FILE_DEVICE_UNKNOWN,0X800,METHOD_BUFFERED,FILE_ANY_ACCESS)??

??

//直接內存模式IOCTL??

#define?IOCTL_TEST2?CTL_CODE(FILE_DEVICE_UNKNOWN,0X801,METHOD_IN_DIRECT,FILE_ANY_ACCESS)??

#define?IOCTL_TEST3?CTL_CODE(FILE_DEVICE_UNKNOWN,0X802,METHOD_OUT_DIRECT,FILE_ANY_ACCESS)??

??

//其他內存模式IOCTL??

#define?IOCTL_TEST4?CTL_CODE(FILE_DEVICE_UNKNOWN,0X803,METHOD_NEITHER,FILE_ANY_ACCESS)??

??

??

#endif??

?

[cpp]?view plaincopy

#pragma?once??

#include?<ntddk.h>??

#define?CountArray(Array)??(????sizeof(Array)???/???sizeof(Array[0])????)??

??

#define?MAX_FILE_LENGTH?1024??

??

typedef?struct?_DEVICE_EXTENSION??

{??

????PDEVICE_OBJECT?pDevice;?????????????????????????????????????//設備對象??

????UNICODE_STRING?ustrDeviceName;??????????????????//設備名稱??

????UNICODE_STRING?ustrSymLinkName;?????????????????//符號名稱??

}DEVICE_EXTENSION,*PDEVICE_EXTENSION;??

??

??

??

#ifdef?__cplusplus??

extern?"C"?NTSTATUS?DriverEntry(IN?PDRIVER_OBJECT?DriverObject,?IN?PUNICODE_STRING??RegistryPath);??

#endif??

??

void?HelloUnload(IN?PDRIVER_OBJECT?DriverObject);???????????????????????????????????????????????????????//卸載函數??

NTSTATUS?CreateDevice(PDRIVER_OBJECT?PDevObj);??????????????????????????????????????????????????//創建設備??

NTSTATUS?HelloDDKDispatchRoutine(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrp);???//派遣函數??

NTSTATUS?HelloDDKControl(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrp);???????????????????//IRP_MJ_DIRECTORY_CONTROL??

?

[cpp]?view plaincopy

#include?"hello.h"??

#include?"Ioctl.h"??

??

NTSTATUS?DriverEntry(IN?PDRIVER_OBJECT?DriverObject,?IN?PUNICODE_STRING??RegistryPath)??

{??

????????DbgPrint("Hello?from!\n");??

????????DriverObject->DriverUnload?=?HelloUnload;??

????????for?(int?i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)??

????????{??

????????????DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;??

????????}??

????????DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=HelloDDKControl;??

??

??

??

#if?DBG??

????????_asm?int?3??

#endif??

????????//創建設備??

????????CreateDevice(DriverObject);??

??

????????return?STATUS_SUCCESS;??

}??

??

??

??

??

//卸載函數??

void?HelloUnload(IN?PDRIVER_OBJECT?DriverObject)??

{??

????????DbgPrint("Goodbye?from!\n");??

????????PDEVICE_OBJECT?pNextObj=NULL;??

????????pNextObj=DriverObject->DeviceObject;??

??

????????while?(pNextObj)??

????????{??

????????????PDEVICE_EXTENSION?pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;??

????????????//刪除符號連接??

????????????IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);??

????????????//刪除設備??

????????????IoDeleteDevice(pDevExt->pDevice);??

????????????pNextObj=pNextObj->NextDevice;??

????????}??

}??

??

NTSTATUS?HelloDDKControl(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrp)??

{??

#if?DBG??

????_asm?int?3??

#endif??

??

????NTSTATUS?status=STATUS_SUCCESS;??

????//獲取當前堆棧??

????PIO_STACK_LOCATION?stack=IoGetCurrentIrpStackLocation(pIrp);??

????//獲取輸入緩沖區大小??

????ULONG?cbin=stack->Parameters.DeviceIoControl.InputBufferLength;??

????//得到輸出緩沖區大小??

????ULONG?cbout=stack->Parameters.DeviceIoControl.OutputBufferLength;??

????//得到IOCTL控制碼??

????ULONG?code=stack->Parameters.DeviceIoControl.IoControlCode;??

????ULONG?info=0;??

??

????switch?(code)??

????{??

????case?IOCTL_TEST1:???//緩沖區方式IOCTL??

????????{??

????????????UCHAR*?InputBuffer=(UCHAR*)pIrp->AssociatedIrp.SystemBuffer;??

????????????for?(ULONG?i=0;i<cbin;i++)??

????????????{??

????????????????DbgPrint("%X\n",InputBuffer[i]);??

????????????}??

??

????????????//操作輸出緩沖區??

????????????UCHAR*?OutputBuffer=(UCHAR*)pIrp->AssociatedIrp.SystemBuffer;??

????????????memset(OutputBuffer,0XAA,cbout);??

????????????info=cbout;??

????????}??

????????break;??

????case?IOCTL_TEST2://直接內存模式IOCTL?讀??

????case?IOCTL_TEST3://直接內存模式IOCTL?寫??

????????{??

????????????//顯示輸入緩沖區內容??

????????????UCHAR*?InputBuffer=(UCHAR*)pIrp->AssociatedIrp.SystemBuffer;??

????????????for?(ULONG?i=0;i<cbin;i++)??

????????????{??

????????????????DbgPrint("%X\n",InputBuffer[i]);??

????????????}??

??

????????????//pIrp->MdlAddress為DeviceIoControl輸出緩沖區地址相同??

????????????DbgPrint("user?address:?0X%08X\n",MmGetMdlVirtualAddress(pIrp->MdlAddress));??

????????????UCHAR*?OutputBuffer=(UCHAR*)MmGetSystemAddressForMdlSafe(pIrp->MdlAddress,NormalPagePriority);??

????????????//InputBuffer被影射到內核模式下的的內存地址，必定在0X80000000-0XFFFFFFFF之間??

????????????memset(OutputBuffer,0XAA,cbout);??

????????????info=cbout;??

????????}??

????????break;??

????case?IOCTL_TEST4:???//其他內存模式IOCTL??

????????{??

????????????//顯示輸入緩沖區數據??

????????????UCHAR*?UserInputBuffer=(UCHAR*)stack->Parameters.DeviceIoControl.Type3InputBuffer;??

????????????DbgPrint("userInputBuffer:0X%0X\n",UserInputBuffer);??

????????????//得到用戶模式地址??

????????????PVOID?UserOutputBuffer=pIrp->UserBuffer;??

????????????DbgPrint("UserOutputBuffer:0X%0X\n",UserOutputBuffer);??

??

????????????__try??

????????????{??

????????????????//判斷指針是否可讀??

????????????????ProbeForRead(UserInputBuffer,cbin,4);??

??

????????????????//顯示輸入緩沖區內容??

????????????????for?(ULONG?i=0;i<cbin;i++)??

????????????????{??

????????????????????DbgPrint("%X\n",UserInputBuffer[i]);??

????????????????}??

??

????????????????//判斷指針是否可寫??

????????????????ProbeForWrite(UserOutputBuffer,cbout,4);??

??

????????????????//操作輸出緩沖區??

????????????????memset(UserOutputBuffer,0XAA,cbout);??

????????????????info=cbout;??

????????????????DbgPrint("OK\n");??

????????????}??

????????????__except(EXCEPTION_EXECUTE_HANDLER)??

????????????{??

????????????????DbgPrint("打我PG我不乖\n");??

????????????????status=STATUS_UNSUCCESSFUL;??

????????????}??

????????????info=cbout;??

????????}??

????????break;??

????default:??

????????status=STATUS_INVALID_VARIANT;??

????}??

??

????//設置IRP的完成狀態??

????pIrp->IoStatus.Status=status;??

????pIrp->IoStatus.Information=info;??

????IoCompleteRequest(pIrp,IO_NO_INCREMENT);??

????return?status;??

}??

??

//創建設備??

NTSTATUS?CreateDevice(PDRIVER_OBJECT?pDriver_Object)??

{??

????//定義變量??

????NTSTATUS?status=STATUS_SUCCESS;??

????PDEVICE_OBJECT?pDevObje=NULL;??

????PDEVICE_EXTENSION?pDevExt=NULL;??

??

????//初始化字符串??

????UNICODE_STRING?devname;??

????UNICODE_STRING?symLinkName;??

????RtlInitUnicodeString(&devname,L"\\device\\hello");??

????RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");??

??

????//創建設備??

????if?(IoCreateDevice(pDriver_Object,sizeof(PDEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObje)!=STATUS_SUCCESS?)??

????{??

????????DbgPrint("創建設備失敗\n");??

????????return?status;??

????}??

????pDevObje->Flags?|=?DO_DIRECT_IO;??

????pDevExt=(PDEVICE_EXTENSION)pDevObje->DeviceExtension;??

????pDevExt->pDevice=pDevObje;??

????pDevExt->ustrDeviceName=devname;??

????pDevExt->ustrSymLinkName=symLinkName;??

??

????//創建符號連接??

????if?(IoCreateSymbolicLink(&symLinkName,&devname)!=STATUS_SUCCESS?)??

????{??

????????DbgPrint("創建符號連接失敗\n");??

????????IoDeleteDevice(pDevObje);??

????????return?status;??

????}??

????return?STATUS_SUCCESS;??

}??

??

//派遣函數??

NTSTATUS?HelloDDKDispatchRoutine(IN?PDEVICE_OBJECT?pDevObj,IN?PIRP?pIrP)??

{??

//#if?DBG??

//??_asm?int?3??

//#endif??

??

????PIO_STACK_LOCATION?stack?=?IoGetCurrentIrpStackLocation(pIrP);??

????//建立一個字符串數組與IRP類型對應起來??

????static?char*?irpname[]?=???

????{??

????????"IRP_MJ_CREATE",??

????????"IRP_MJ_CREATE_NAMED_PIPE",??

????????"IRP_MJ_CLOSE",??

????????"IRP_MJ_READ",??

????????"IRP_MJ_WRITE",??

????????"IRP_MJ_QUERY_INFORMATION",??

????????"IRP_MJ_SET_INFORMATION",??

????????"IRP_MJ_QUERY_EA",??

????????"IRP_MJ_SET_EA",??

????????"IRP_MJ_FLUSH_BUFFERS",??

????????"IRP_MJ_QUERY_VOLUME_INFORMATION",??

????????"IRP_MJ_SET_VOLUME_INFORMATION",??

????????"IRP_MJ_DIRECTORY_CONTROL",??

????????"IRP_MJ_FILE_SYSTEM_CONTROL",??

????????"IRP_MJ_DEVICE_CONTROL",??

????????"IRP_MJ_INTERNAL_DEVICE_CONTROL",??

????????"IRP_MJ_SHUTDOWN",??

????????"IRP_MJ_LOCK_CONTROL",??

????????"IRP_MJ_CLEANUP",??

????????"IRP_MJ_CREATE_MAILSLOT",??

????????"IRP_MJ_QUERY_SECURITY",??

????????"IRP_MJ_SET_SECURITY",??

????????"IRP_MJ_POWER",??

????????"IRP_MJ_SYSTEM_CONTROL",??

????????"IRP_MJ_DEVICE_CHANGE",??

????????"IRP_MJ_QUERY_QUOTA",??

????????"IRP_MJ_SET_QUOTA",??

????????"IRP_MJ_PNP",??

????};??

??

????UCHAR?type?=?stack->MajorFunction;??

??

????if?(type?>=?CountArray(irpname))??

????????KdPrint(("無效的IRP類型?%X\n",?type));??

????else??

????????KdPrint(("%s\n",?irpname[type]));??

??

??

??

??

????pIrP->IoStatus.Status=STATUS_SUCCESS;????????????????????//設置完成狀態??

????pIrP->IoStatus.Information=0;????????????????????????????????????????//設置操作字節為0??

????IoCompleteRequest(pIrP,IO_NO_INCREMENT);????????????//結束IRP派遣函數，第二個參數表示不增加優先級??

????return?STATUS_SUCCESS;??

} ?

總結

以上是生活随笔為你收集整理的EXE和SYS通信IOCTL方式的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。