//
// Load NT driver
//
BOOL LoadNTDriver (LPTSTR lpszDriverName, LPTSTR lpszDriverPath)
{
TCHAR szDriverImagePath [1, 256] = {0 };
//
// Get complete driver path
//
GetFullPathName (lpszDriverPath, 256, szDriverImagePath, NULL );
BOOL bRet = FALSE;
SC _HANDLE hServiceMgr = NULL; // SCM handle (SCM --> Service Control Manager)
SC _HANDLE hServiceDDK = NULL; // NT driver service handle
CComMonitorApp * ptheApp = (CComMonitorApp *) AfxGetApp ();
//
// Open SCM
//
HServiceMgr = OpenSCManager (NULL, NULL, SC _MANAGER_ALL_ACCESS );
If (hServiceMgr = NULL)
{
// OpenSCManager fail
DisplayError (ptheApp-> m_pMainWnd-> GetSafeHwnd (), "OpenSCManager () failed ");
BRet = FALSE;
Goto BeforeLeave;
}
// Else
//{
/// OpenSCManager successfully
// Printf ("OpenSCManager () OK! /N ");
//}
//
// Create service for the driver
//
HServiceDDK = CreateService (hServiceMgr,
LpszDriverName, // name of the driver in the Registry
LpszDriverName, // DisplayName value of the registry driver
SERVICE_ALL_ACCESS, // access permission for loading the driver
SERVICE_KERNEL_DRIVER, // indicates that the loaded service is a driver.
SERVICE_DEMAND_START, // The Start value of the registry driver
SERVICE_ERROR_IGNORE, // The ErrorControl value of the registry driver
SzDriverImagePath, // The ImagePath value of the registry driver
NULL,
NULL,
NULL,
NULL,
NULL );
DWORD dwRtn;
//
// Judge whether service is created.
//
If (hServiceDDK = NULL)
{
DwRtn = GetLastError ();
If (dwRtn! = ERROR_IO_PENDING & dwRtn! = ERROR_SERVICE_EXISTS)
{
//
// An error occurs
//
Displayerror (ptheapp-> m_pmainwnd-> getsafehwnd (), "createservice () failed ");
Bret = false;
Goto beforeleave;
}
//
// Just open the service as the service is already set up.
//
Hserviceddk = openservice (hservicemgr, lpszdrivername, service_all_access );
If (hserviceddk = NULL)
{
//
// If open the service failed, an error occured.
//
DisplayError (ptheApp-> m_pMainWnd-> GetSafeHwnd (), "OpenService () failed ");
BRet = FALSE;
Goto BeforeLeave;
}
}
// AdjustServicePrevelidge (hServiceDDK); // Elevation of Privilege
//
// Start the service
//
BRet = StartService (hServiceDDK, NULL, NULL );
If (! BRet)
{
DWORD dwRtn = GetLastError ();
If (dwRtn! = ERROR_IO_PENDING & dwRtn! = ERROR_SERVICE_ALREADY_RUNNING)
{
DisplayError (ptheApp-> m_pMainWnd-> GetSafeHwnd (), "StartService () failed ");
BRet = FALSE;
Goto BeforeLeave;
}
Else
{
If (dwRtn = ERROR_IO_PENDING)
{
//
// Device is pending
//
BRet = FALSE;
Goto BeforeLeave;
}
Else
{
//
// Service is already running
//
BRet = TRUE;
Goto BeforeLeave;
}
}
}
BRet = TRUE;
//
// Close all handles before return.
//
BeforeLeave:
If (hServiceDDK)
{
CloseServiceHandle (hServiceDDK );
}
If (hServiceMgr)
{
CloseServiceHandle (hServiceMgr );
}
Return bRet;
}
//
// Unload a driver
//
BOOL UnloadNTDriver (LPTSTR szSvrName)
{
BOOL bRet = TRUE;
SC _HANDLE hServiceMgr = NULL; // SCM handle
SC _HANDLE hServiceDDK = NULL; // NT driver's service handle
SERVICE_STATUS SvrSta;
CComMonitorApp * ptheApp = (CComMonitorApp *) AfxGetApp ();
//
// Open SCM --- service control manager.
//
HServiceMgr = OpenSCManager (NULL, NULL, SC _MANAGER_ALL_ACCESS );
If (hServiceMgr = NULL)
{
DisplayError (ptheApp-> m_pMainWnd-> GetSafeHwnd (), "OpenSCManager () failed ");
BRet = FALSE;
Goto BeforeLeave;
}
//
// Open the service for the driver.
//
HServiceDDK = OpenService (hServiceMgr, szSvrName, SERVICE_ALL_ACCESS );
If (hServiceDDK = NULL)
{
// Open service failed.
DisplayError (ptheApp-> m_pMainWnd-> GetSafeHwnd (), "OpenService () failed ");
BRet = FALSE;
Goto BeforeLeave;
}
//
// Stop the driver, if failed, restart the system and reload it.
//
If (! ControlService (hServiceDDK, SERVICE_CONTROL_STOP, & SvrSta ))
{
DisplayError (ptheApp-> m_pMainWnd-> GetSafeHwnd (), "ControlService () failed ");
BRet = FALSE;
}
// Delete the service of the driver, here don't delete the, just stop the service.
// If (! DeleteService (hServiceDDK ))
//{
// DisplayError (ptheApp-> m_pMainWnd-> GetSafeHwnd (), "DeleteService () failed ");
// BRet = FALSE;
//}
BeforeLeave:
// Close the opened handle before leaving
If (hServiceDDK)
{
CloseServiceHandle (hServiceDDK );
}
If (hServiceMgr)
{
CloseServiceHandle (hServiceMgr );
}
Return bRet;
}
It should be called "manually load" the driver. The driver is also a service. Applications can be installed using CreateService and loaded using StartService. Drivers can use ZwLoadDriver to load another driver.
Note: after the driver is installed, its registry key has a Start key value, which means:
0 -- load when the system starts;
1 -- load after kernel Initialization is complete;
2 -- load after the system is started;
3 -- manual Loading;
4 -- Do not load.