Hello.h
#pragma once#include <ntddk.h> #define Countarray (Array) (sizeof (array)/sizeof (array[0)) typedef struct _DEVICE _extension{pdevice_object pdevice;//Device Object unicode_string ustrdevicename;//device name unicode_string ustrsymlinkname;//symbol name }device_extension,*pdevice_extension, #ifdef __cplusplusextern "C" {#endif # include <NTDDK.h> Ntkernelapintstatusobreferenceobjectbyname (in punicode_string objectname,in ULONG attributes,in PACCESS_STATE Passedaccessstate optional,in access_mask desiredaccess optional,in pobject_type ObjectType,IN KPROCESSOR_MODE Accessmode,in out PVOID parsecontext optional,out PVOID *object); Ntkernelapipdevice_objectntapiiogetbasefilesystemdeviceobject (in Pfile_object fileobject), extern POBJECT_TYPE Iodeviceobjecttype;extern pobject_type *iodriverobjecttype; #ifdef __cplusplus} #endif typedef struct _OBJECT_CREATE_ Information{ulong Attributes; HANDLE rootdirectory; PVOID Parsecontext; Kprocessor_mode Probemode; ULONG Pagedpoolcharge; ULONG Nonpagedpoolcharge; ULONG SECURITYDESCRIPtorcharge; Psecurity_descriptor SecurityDescriptor; Psecurity_quality_of_service Securityqos; Security_quality_of_service Securityqualityofservice;} object_create_information, * pobject_create_information;typedef struct _object_header{long PointerCount;union{LONG Handlecount; Psingle_list_entry SEntry;}; Pobject_type TYPE; UCHAR Nameinfooffset; UCHAR Handleinfooffset; UCHAR Quotainfooffset; UCHAR flags;union{pobject_create_information Objectcreateinfo; PVOID quotablockcharged;}; Psecurity_descriptor SecurityDescriptor; QUAD Body;} Object_header, * pobject_header; #define Number_hash_buckets 37typedef struct _object_directory{struct _object_ directory_entry* hashbuckets[number_hash_buckets];struct _object_directory_entry** LookupBucket; BOOLEAN Lookupfound; USHORT symboliclinkusagecount;struct _device_map* DeviceMap;} Object_directory, * pobject_directory;typedef struct _object_header_name_info{pobject_directory DIRECTORY; Unicode_string Name; ULONG Reserved; #if dbgulong Reserved2; LONG Dbgdereferencecount; #endif} object_header_name_info, * pobject_header_name_info; #define Object_to_object_header (o) containing_ RECORD ((o), Object_header, Body) #define Object_header_to_name_info (OH) ((Pobject_header_name_info) ((OH) Nameinfooffset = = 0? NULL: ((PCHAR) (OH)-(OH)->nameinfooffset))) #ifdef __cplusplusextern "C" NTSTATUS driverentry (in Pdriver_object DriverObject, in Punicode_string registrypath): #endifvoid hellounload (in Pdriver_object driverobject);//unload function Ntstatus CreateDevice (Pdriver_object pdevobj);//Create Device Ntstatus helloddkdispatchroutine (in Pdevice_object pdevobj,in PIRP PIRP) ;//Dispatch function Ntstatus Helloddkcontrol (in Pdevice_object pdevobj,in pirp pirp);//irp_mj_directory_control
Driver.cpp
#include "hello.h"//Get device information void Getdeviceobjectinfo (Pdevice_object devobj) {//variable definition pobject_header objectheader; Pobject_header_name_info Objectnameinfo; The parameter determines if (devobj = = NULL) return;//Gets the object header Objectheader = Object_to_object_header (devobj); if (Objectheader) {// Query Device header Information Objectnameinfo = Object_header_to_name_info (Objectheader);//Output device information if (Objectnameinfo && Objectnameinfo->name.buffer) {dbgprint ("Driver name:%wz-device name:%wz-driver address:0x%x-device Address:0x%x\ n ", &devobj->driverobject->drivername,&objectnameinfo->name,devobj->driverobject,devobj);} else if (devobj->driverobject) {//For devices without names, print nulldbgprint ("Driver name:%wz-device name:%s-driver address:0x%x -Device address:0x%x\n ", &devobj->driverobject->drivername,l" NULL ", Devobj->driverobject,devobj);}} Get filtering device information void Getattacheddeviceinfo (Pdevice_object devobj) {//variable definition pdevice_object deviceobject;//parameter to determine if (devobj = = NULL) return;//variable assignment deviceobject = Devobj->attachEddevice;while (DeviceObject) {//Print filter device information Dbgprint ("attached Driver name:%wz,attached Driver address:0x%x,attached Deviceaddress:0x%x\n ", &deviceobject->driverobject->drivername,deviceobject->driverobject, DeviceObject);//Get Next device DeviceObject = Deviceobject->attacheddevice;}} Enumerate device stacks Pdriver_object enumdevicestack (pwstr pwszdevicename) {//variable definition unicode_string drivername; Pdriver_object driverobject = NULL; Pdevice_object DeviceObject = null;//Gets the device object pointer rtlinitunicodestring (&drivername,pwszdevicename); O Breferenceobjectbyname (&drivername,obj_case_insensitive,null,0, (Pobject_type) IoDriverObjectType,KernelMode , NULL, (pvoid*) &driverobject);//device Determines if (DriverObject = = NULL) return null;//variable assignment deviceobject = driverobject-> deviceobject;//gets the device stack while (DeviceObject) {//Gets device information Getdeviceobjectinfo (deviceobject);//Determines if there is a filter driver on the current device (filter Driver) if (deviceobject->attacheddevice) {//Get filter device Getattacheddeviceinfo (DeviceObject);} Further determine if the device on the current device is VPB (DEVICEOBJECT->VPB && deviceobject->vpb->deviceobject) {getdeviceobjectinfo (deviceobject->vpb->deviceobject); Deviceobject->vpb->deviceobject->attacheddevice) {Getattacheddeviceinfo (DeviceObject->Vpb-> deviceobject);}} Get the next device built on this drive device_object deviceobject = Deviceobject->nextdevice;} return driverobject;} NTSTATUS DriverEntry (in Pdriver_object driverobject, in punicode_string registrypath) {dbgprint ("Hello from!\n");D Riverobject->driverunload = hellounload;for (int i=0;i<irp_mj_maximum_function;i++) {DriverObject-> Majorfunction[i]=helloddkdispatchroutine;} Create Device CreateDevice (DriverObject); Enumdevicestack (L "\\Driver\\Kbdclass"); return status_success;} unload function void Hellounload (in Pdriver_object driverobject) {dbgprint ("Goodbye from!\n"); Pdevice_object Pnextobj=null;pnextobj=driverobject->deviceobject;while (pnextobj) {PDEVICE_EXTENSION pDevExt= ( pdevice_extension) pnextobj->deviceextension;//Delete symbolic connection Iodeletesymboliclink (&pdevext->ustrsymlinkname);//delete device Iodeletedevice (pdevext->pdevice);p Nextobj=pnextobj->nextdevice;}} Create Device Ntstatus CreateDevice (Pdriver_object pdriver_object) {//define variable ntstatus status=status_success; Pdevice_object Pdevobje=null; Pdevice_extension pdevext=null;//initializes the string unicode_string devname; Unicode_string Symlinkname; Rtlinitunicodestring (&devname,l "\\device\\hello"); Rtlinitunicodestring (&symlinkname,l "\ \?? \\HelloDDK ");//Create Device if (IoCreateDevice (pdriver_object,sizeof (pdevice_extension), &devname,file_device_unknown , Null,true,&pdevobje)!=status_success) {dbgprint ("Create device failed \ n"); return STATUS; Pdevobje->flags |= do_direct_io;pdevext= (pdevice_extension) pdevobje->deviceextension;pdevext->pdevice= pdevobje;pdevext->ustrdevicename=devname;pdevext->ustrsymlinkname=symlinkname;//Create a symbolic connection if ( Iocreatesymboliclink (&symlinkname,&devname)!=status_success) {dbgprint ("Create symbolic connection failed \ n"); Iodeletedevice ( Pdevobje); return status;} return status_success;} Dispatch function Ntstatus Helloddkdispatchroutine (in Pdevice_object Pdevobj,in pirp pirp) {pio_stack_location STACK = iogetcurrentirpstacklocation (PIRP);//create a string array corresponding to the IRP type static char * irpname[] = {"Irp_mj_create", "Irp_mj_create_named_pipe", "Irp_mj_close", "Irp_mj_read", "Irp_mj_write", "IRP_MJ_ Query_information "," Irp_mj_set_information "," Irp_mj_query_ea "," Irp_mj_set_ea "," Irp_mj_flush_buffers "," IRP_MJ_ Query_volume_information "," Irp_mj_set_volume_information "," Irp_mj_directory_control "," IRP_MJ_FILE_SYSTEM_ CONTROL "," Irp_mj_device_control "," Irp_mj_internal_device_control "," Irp_mj_shutdown "," Irp_mj_lock_control "," IRP _mj_cleanup "," Irp_mj_create_mailslot "," irp_mj_query_security "," irp_mj_set_security "," Irp_mj_power "," IRP_MJ_ System_control "," Irp_mj_device_change "," Irp_mj_query_quota "," Irp_mj_set_quota "," Irp_mj_pnp ",}; UCHAR type = stack->majorfunction;if (Type >= countarray (irpname)) Kdprint (("Invalid IRP type%x\n", type)); Elsekdprint (( "%s\n", Irpname[type]));p irp->iostatus.status=status_success;//Set the completion status pirp->iostatus.information=0;// Set operation Byte to 0IoCompleteRequesT (pirp,io_no_increment);//End IRP dispatch function, second parameter indicates no increment of priority return status_success;}
Go to enumerate device stacks