Mengzhi future Windows Driver Programming 03rd course-driven programming specifications, future 03

Mengzhi future Windows Driver Programming 03rd course-driven programming specifications, future 03

Recently, I learned about driver programming in Windows based on the driver tutorial of mengzhi future Forum and made a note. This is the 03rd course "Driver Programming specifications".

The driver part includes the basic driver uninstallation function and the simplest distribution routine for the driver to enable and disable read/write operations. The Code is as follows:

1 // CreateDevice. c 2 // 2016.07.14 3 4 # include "ntddk. h "5 6 // driver unmount function Self 7 VOID MyDriverUnload (PDRIVER_OBJECT pDriverObject) 8 {9 UNICODE_STRING usSymName; 10 RtlInitUnicodeString (& usSymName, L "\\?? \ FirstDevice "); 11 12 // Delete the Symbolic Link first, and then delete the device object 13 if (pDriverObject-> DeviceObject! = NULL) 14 {15 IoDeleteSymbolicLink (& usSymName); // Delete the Symbolic Link 16 IoDeleteDevice (pDriverObject-> DeviceObject); // Delete the Device object 17 KdPrint ("Delete Device Sucess. "); 18} 19} 20 21 // create a device function Self 22 NTSTATUS CreateDevice (PDRIVER_OBJECT pDriverObject) 23 {24 NTSTATUS Status; 25 UNICODE_STRING usDevName; 26 UNICODE_STRING usSymName; 27 PDEVICE_OBJECT p1_bj; // device object, used to point to the created device 28 29 // ddk api to assign a value to UNICODE_STRING 30 RtlInitUnicodeString (& usDevName, L "\ Device \ FirstDevice "); 31 32 // create Device function API create Device "\ Device \ FirstDevice" 33 // after the Device is created, it will be returned to p1_bj, assign a value to pDriverObject> DeviceObject 34 // The IoCreateDevice routine creates a device object for use by a driver. 35/* 36 NTSTATUS IoCreateDevice (37 _ In _ PDRIVER_OBJECT DriverObject, 38 _ In _ ULONG DeviceExtensionSize, 39 _ In_opt _ PUNICODE_STRING DeviceName, 40 _ In _ DE VICE_TYPE DeviceType, 41 _ In _ ULONG DeviceCharacteristics, 42 _ In _ BOOLEAN Exclusive, 43 _ Out _ PDEVICE_OBJECT * DeviceObject 44); 45 */46 Status = IoCreateDevice (pDriverObject, 47 0, 48 & usDevName, 49 FILE_DEVICE_UNKNOWN, 50 FILE_DEVICE_SECURE_OPEN, 51 TRUE, 52 & p1_bj); 53 if (! NT_SUCCESS (Status) // check the return value 54 {55 return Status; 56} 57 58 // DO_BUFFERED_IO or DO_DIRECT_IO 59 // Specifies the type of buffering that is used by the I/O manager for I/O requests that are sent to the device stack. 60 // Higher-level drivers OR this member with the same value as the next-lower driver in the stack, counter t possibly for highest-level drivers. 61 p0000bj-> Flags | = DO_BUFFERED_IO; 62 63 RtlInitUnicodeString (& usSymName, L "\\?? \ FirstDevice "); 64 65 // The IoCreateSymbolicLink routine sets up a symbolic link between a device object name and a user-visible name for the device. 66/* 67 NTSTATUS IoCreateSymbolicLink (68 _ In _ PUNICODE_STRING SymbolicLinkName, 69 _ In _ PUNICODE_STRING DeviceName 70); 71 */72 Status = IoCreateSymbolicLink (& usSymName, & usDevName ); // ddk api creates a symbolic link 73 if (! NT_SUCCESS (Status) 74 {75 IoDeleteDevice (p1_bj); // Delete the device object 76 return Status; 77} 78 79 return STATUS_SUCCESS; 80} 81 82 // enable the device function 83 NTSTATUS CreateCompleteRoutine (PDRIVER_OBJECT pDriverObject, PIRP pIrp) 84 {85 NTSTATUS Status; 86 87 Status = STATUS_SUCCESS; 88 89 KdPrint ("Create"); 90 91 // A driver sets an IRP's I/O status block to indicate the final status of an I/O request, before calli Ng IoCompleteRequest for the IRP. 92 93 // This is the completion status, either STATUS_SUCCESS if the requested operation was completed successfully or an informational, warning, or error STATUS _ XXX value. 94 // For more information, see Using NTSTATUS values. 95 pIrp-> IoStatus. status = Status; 96 // This is the completion status, either STATUS_SUCCESS if the requested operation was completed succe Ssfully or an informational, warning, or error STATUS _ XXX value. 97 // For more information, see Using NTSTATUS values. 98 pIrp-> IoStatus. information = 0; 99 100 // The IoCompleteRequest routine indicates that the caller has completed all processing for a given I/O request and is returning the given IRP to the I/O manager.101 // IO_NO_INCREMENT pass 102 IoCompleteRequest (pIrp, IO_NO_INCREMENT (); 103 Return Status; 104} 105 106 // function for disabling a device: 107 NTSTATUS CloseCompleteRoutine (PDRIVER_OBJECT pDriverObject, PIRP) 108 {109 NTSTATUS Status; 110 111 Status = STATUS_SUCCESS; 112 113 KdPrint ("Close"); 114 115 pIrp-> IoStatus. status = Status; 116 pir-> IoStatus. information = 0; 117 118 IoCompleteRequest (pIrp, IO_NO_INCREMENT); 119 return Status; 120} 121 122 // function for reading the device 123 NTSTATUS ReadCompleteRoutine (PDRIVER_O BJECT pDriverObject, PIRP) 124 {125 NTSTATUS Status; 126 127 Status = STATUS_SUCCESS; 128 129 130 KdPrint ("Read"); 131 pIrp-> IoStatus. status = Status; 132 pir-> IoStatus. information = 0; 133 134 IoCompleteRequest (pIrp, IO_NO_INCREMENT); 135 return Status; 136} 137 138 // function for writing to the device 139 NTSTATUS WriteCompleteRoutine (PDRIVER_OBJECT pDriverObject, PIRP) 140 {141 NTSTATUS Status; 142 143 STATUS = Status _ SUCCESS; 144 145 KdPrint ("Write"); 146 147 pir-> IoStatus. status = Status; 148 pir-> IoStatus. information = 0; 149 150 IoCompleteRequest (pIrp, IO_NO_INCREMENT); 151 return Status; 152} 153 154 // driver entry function 155 NTSTATUS DriverEntry (PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath) 156 {157 // output information 158 // dbuplint ("1111"); 159 160 161 NTSTATUS Status; 162 Status = CreateDevice (pDriverObject); // create a device object And the symbolic link 163 if (! NT_SUCCESS (Status) 164 {165 KdPrint ("Create Device Failed. "); 166} else {167 KdPrint (" Create Device Sucess. "); 168 KdPrint (" % wZ ", pRegistryPath )); 169} 170 171 // enable the distribution routine for disabling read and write operations with a value of 172 pDriverObject-> MajorFunction [IRP_MJ_CREATE] = (PDRIVER_DISPATCH) CreateCompleteRoutine; // open the device 173 pDriverObject-> MajorFunction [IRP_MJ_CLOSE] = (PDRIVER_DISPATCH) CloseCompleteRoutine; // disable the device 174 pDriverObject-> MajorFunction [handler] = (PDRIVER_DISPATCH) ReadCompleteRoutine; // read the device 175 pDriverObject-> MajorFunction [IRP_MJ_WRITE] = (PDRIVER_DISPATCH) WriteCompleteRoutine; // write the device 176 177 // The driver uninstall function assigns a value of 178 pDriverObject-> DriverUnload = MyDriverUnload; 179 180 return STATUS_SUCCESS; 181}CreateDevice. c

 

The application layer uses MFC to Create a window with three buttons: Create, Read, and Write. The interface is as follows:

 

The Create button processing function is as follows:

1 void CCheckMyDriverDlg: OnCreateButton () 2 {3 // TODO: add control notification handler code 4 HANDLE hFile = CreateFileW (L "\\\\. \ FirstDevice ", 5 FILE_ALL_ACCESS, 6 0, 7 NULL, 8 OPEN_EXISTING, 9 FILE_ATTRIBUTE_NORMAL, 10 NULL); 11 if (hFile = INVALID_HANDLE_VALUE) 12 {13 AfxMessageBox (L "Open Device Failed. "); 14 return; 15} 16 17 CloseHandle (hFile); 18}

 

The Read button processing function is as follows:

1 void CCheckMyDriverDlg: OnReadButton () 2 {3 // TODO: add control notification handler code 4 HANDLE hFile = CreateFileW (L "\\\\. \ FirstDevice ", 5 FILE_ALL_ACCESS, 6 0, 7 NULL, 8 OPEN_EXISTING, 9 FILE_ATTRIBUTE_NORMAL, 10 NULL); 11 if (hFile = INVALID_HANDLE_VALUE) 12 {13 AfxMessageBox (L "Open Device Failed. "); 14 return; 15} 16 17 wchar_t Buffer [MAX_PATH] = {0}; 18 DWORD len = 0; 19 if (! ReadFile (hFile, Buffer, MAX_PATH-1, & len, NULL) 20 {21 AfxMessageBox (L "Read Device Failed. "); 22 return; 23} 24 25 CloseHandle (hFile); 26 27}

 

The Write button processing function is as follows:

1 void CCheckMyDriverDlg: OnBnClickedButton4 () 2 {3 // TODO: add the control notification handler code 4 HANDLE hFile = CreateFileW (L "\\\\. \ FirstDevice ", 5 FILE_ALL_ACCESS, 6 0, 7 NULL, 8 OPEN_EXISTING, 9 FILE_ATTRIBUTE_NORMAL, 10 NULL); 11 if (hFile = INVALID_HANDLE_VALUE) 12 {13 AfxMessageBox (L "Open Device Failed. "); 14 return; 15} 16 17 wchar_t Buffer [MAX_PATH] = L" What The Fuck, Man? "; 18 DWORD len; 19 if (! WriteFile (hFile, Buffer, MAX_PATH, & len, NULL) 20 {21 AfxMessageBox (L "Write Device Failed. "); 22 return; 23} 24 25 CloseHandle (hFile); 26 27}

 

 

The procedure is as follows:

Copy the generated FirstDevice. sys file to the XP Virtual Machine. After the driver loading tool InstDrv is used to install and start the driver, the following output information is displayed in the Dbgview tool:

You can find the corresponding registry and use WinObj to view the Device object \ Device \ FirstDevice:

View the symbolic link \\?? \ FirstDevice:

 

Output when the driver is stopped using InstDrv:

 

No blue screen problems occurred during the period

 

After the driver is installed, use the MFC program checkmydriver.exe written by Alibaba, click the Create button, and output

 

Click the Read button and output:

 

Click the Write button and output:

 

 

The preceding operations show blue screens. This course ends.

 

As I have just started to learn the driver and have limited strength, I may not understand the driver in some places correctly. I hope you can give suggestions, learn together, and make progress together.

Finally, thank you for your support.

14:58:13