NT-Type Driver Loader

Introduction The dynamic loading of device drivers is mainly completed by Service Control Manager (SCM) system components. SCM components can provide many services, such, start, stop, and control services. Write and load the driver, which is mainly used to operate the SCM component. Generally, the following APIs are used to operate the SCM component: SC _handle winapi openscmanager (
_ In_opt lpctstr lpmachinename, // computer name
_ In_opt lpctstr lpdatabasename, // SCM Database Name
_ In DWORD dwdesiredaccess // permission );

Bool winapi closeservicehandle (
_ In SC _handle hscobject // the SCM handle to be closed
);

SC _handle winapi createservice (
_ In SC _handle hscmanager, // SCM manager handle
_ In lpctstr lpservicename, // service name
_ In_opt lpctstr lpdisplayname, // name displayed by the Service
_ In DWORD dwdesiredaccess, // open the permission
_ In DWORD dwservicetype, // service type
_ In DWORD dwstarttype, // time when the service is opened
_ In DWORD dwerrorcontrol, // code for error handling
_ In_opt lpctstr lpbinarypathname, // binary file code
_ In_opt lpctstr lploadordergroup, // user group used for Service Development
_ Out_opt lpdword lpdwtagid, // The output validation tag
_ In_opt lpctstr lpdependencies, // The Name Of The dependent service
_ In_opt lpctstr lpservicestartname, // User Account Name
_ In_opt lpctstr lppassword // User Password
);

SC _handle winapi openservice (
_ In SC _handle hscmanager, // SCM database handle
_ In lpctstr lpservicename, // service name
_ In DWORD dwdesiredaccess // access permission
);

Bool winapi controlservice (
_ In SC _handle hservice, // Service handle
_ In DWORD dwcontrol, // control code
_ Out lpservice_status lpservicestatus // return the status code
); To enable the dialog box to support the file drag function, you only need to perform three steps. 1> set the accept files attribute of the dialog box template to true.
2> respond to the wm_dropfiles message in the Main Dialog Box class

3> Add the following sample code:

Tchar szpath [max_path] = {0}; uint ncount = dragqueryfile (hdropinfo, 0 xffffffff, null, 0); // number of files for (uint idx = 0; idx <ncount; ++ idx) {dragqueryfile (hdropinfo, idx, szpath, max_path); tchar * pfind = _ tcschr (tchar *) szpath ,'\\'); m_strsysfilename = pfind + 1; m_strsysfilepath = szpath;} setdlgitemtext (idc_static_driverpath, m_strsysfilepath); dragfinish (hdropinfo); cdialog: ondropfiles (hdropinfo );

Where,

Cstring m_strsysfilename; // driver name
Cstring m_strsysfilepath; // driver path

All are private member variables of the class.

When the second parameter of the API function dragqueryfile is set to 0xffffffff, the function returns the number of files to be dragged.

The third parameter of dragqueryfile is used to save the obtained file name path information, such as c: \ test. sys.

To intercept the file name (test. sys), use the function _ tcschr to intercept the string.

_ The tcschr function returns the address (including the target character) of the target character in the specified string. Therefore, to remove the backslash '\', add 1 to the returned result.

To install the driver loadntsys function, you can install the driver as follows:

1. Call openscmanager to open the SCM manager. If null is returned, return failure. Otherwise, continue.
2. Call createservice to create a service
3. Based on the returned result of createservice, if null is returned, getlasterror is called to obtain the failure information. Otherwise, the service is successfully created.

// Install the driver void cloadsysdlg: loadntsys () {SC _handle schscmanager; // the SCM manager handle SC _handle schservice; // NT driver Service handle tchar szpath [max_path] = {0}; // open SCM manager schscmanager = openscmanager (null, // computer name null, // SCM data block name SC _manager_all_access); // use the permission if (null = schscmanager) {cstring STR; Str. format (text ("openscmanager error: (% d)"), getlasterror (); MessageBox (STR); return ;} // create the service schservice = createservice (schscmanager ,// SCM database m_strsysfilename, // name of the driver in the Registry m_strsysfilename, // displayname value of the registry driver service_all_access, // access permission for loading the driver service_kernel_driver, // indicates that the loaded service is the driver service_demand_start, // The start value of the registry driver service_error_ignore, // The errorcontrol value of the registry driver m_strsysfilepath, // registry driver's ImagePath value null, // No load ordering group null, // No tag identifier null, // No dependencies null, // LocalSystem account Null); // no password if (! Schservice) {If (error_service_exists = getlasterror () // if the service already exists {setdlgitemtext (idc_static_state, text ("state: the specified service already exists! ");} Else {setdlgitemtext (idc_static_state, text (" status: createservice error! ");} Return;} elsesetdlgitemtext (idc_static_state, text (" status: Service Installation successful !! "); If (schservice) closeservicehandle (schservice); If (schscmanager) closeservicehandle (schscmanager );}

The startntsys function is used to start the driver. The execution steps of this function are as follows:

1. Call openscmanager to open the SCM manager. If null is returned, return failure. Otherwise, continue.
2. Call openservice to open a service based on the service name and the SCM manager handle. If null is returned, the output fails. Otherwise
3. Call startservice to make the specified service running
4. Close the Service handle before exiting

// Start the driver void cloadsysdlg: startntsys () {SC _handle schscmanager; // the SCM manager handle SC _handle schservice; // NT driver Service handle // open SCM manager schscmanager = openscmanager (null, null, SC _manager_all_access); If (null = schscmanager) {cstring STR; Str. format (text ("openscmanager error: (% d)"), getlasterror (); MessageBox (STR); return;} schservice = openservice (schscmanager, m_strsysfilename, service_all_access ); if (! Schservice) {DWORD dwerrorcode = getlasterror (); // get the error message if (error_invalid_name = dwerrorcode) {setdlgitemtext (idc_static_state, _ T ("status: the service name is invalid! ");} Else if (error_service_does_not_exist = dwerrorcode) {setdlgitemtext (idc_static_state, _ T (" status: this service does not exist! ");} Else {setdlgitemtext (idc_static_state, _ T (" status: openservice error! ");} Closeservicehandle (schservice); // close the Service handle schscmanager = NULL; return;} If (startservice (schservice, 0, null) {setdlgitemtext (idc_static_state, _ T ("status: the driver service is started successfully! ");} Else {DWORD dwret = getlasterror (); If (error_service_already_running = dwret) setdlgitemtext (idc_static_state, _ T (" status: the specified service is running! "); Elsesetdlgitemtext (idc_static_state, _ T (" status: An error occurred while running the specified service! ");} If (schservice) closeservicehandle (schservice); If (schscmanager) closeservicehandle (schscmanager );}

The stop-driven stopntsys function is used to stop the driver. The execution steps of this function are as follows:

1. Call openscmanager to open the SCM manager. If null is returned, return failure. Otherwise, continue.
2. Call openservice to open a service based on the service name and the SCM manager handle. If null is returned, the output fails. Otherwise
3. Call controlservice to send control code to the specified service
4. Close Service handle

Bool winapi controlservice (_ in SC _handle hservice, // Service handle _ in DWORD dwcontrol, // control code _ out lpservice_status lpservicestatus // return Status Code ); the controlservice function is used to send control codes to corresponding services and operate services based on different control codes. For example, service_control_continue: Continue service_control_pause: Stop service_control_stop

// Stop the driver void cloadsysdlg: stopntsys () {SC _handle schscmanager; // the SCM manager's handle SC _handle schservice; // service_status status of the NT driver's Service handle; // open the SCM manager schscmanager = openscmanager (null, null, SC _manager_all_access); If (null = schscmanager) {cstring STR; Str. format (text ("openscmanager error: (% d)"), getlasterror (); MessageBox (STR); return;} schservice = openservice (schscmanager, m_strsysfilename, service_all_access ); if (! Schservice) {DWORD dwerrorcode = getlasterror (); // get the error message if (error_invalid_name = dwerrorcode) setdlgitemtext (idc_static_state, _ T ("status: the service name is invalid! "); Else if (error_service_does_not_exist = dwerrorcode) setdlgitemtext (idc_static_state, _ T (" status: this service does not exist! "); Elsesetdlgitemtext (idc_static_state, _ T (" status: openservice error! "); Closeservicehandle (schservice); // close the Service handle schscmanager = NULL; return;} If (! Controlservice (schservice, service_control_stop, & Status) // stop the service {DWORD dwret = getlasterror (); If (error_service_not_active = dwret) setdlgitemtext (idc_static_state, _ T ("status: the specified service is not started! "); Elsesetdlgitemtext (idc_static_state, _ T (" status: service cannot be stopped! ");} Elsesetdlgitemtext (idc_static_state, _ T (" status: Service stopped successfully! "); If (schservice) closeservicehandle (schservice); If (schscmanager) closeservicehandle (schscmanager );}

The unloadntsys function of the unloadntsys driver is used to uninstall the driver. The execution steps of this function are as follows:

1. Call openscmanager to open the SCM manager. If null is returned, return failure. Otherwise, continue.
2. Call openservice to open a service based on the service name and the SCM manager handle. If null is returned, the output fails. Otherwise
3. Call deleteservice to uninstall the specified service
4. Close Service handle

// Uninstall the driver void cloadsysdlg: unloadntsys () {SC _handle schscmanager; // the SCM manager handle SC _handle schservice; // NT driver Service handle // open SCM manager schscmanager = openscmanager (null, null, SC _manager_all_access); If (null = schscmanager) {cstring STR; Str. format (text ("openscmanager error: (% d)"), getlasterror (); MessageBox (STR); return;} schservice = openservice (schscmanager, m_strsysfilename, service_all_access ); if (! Schservice) {DWORD dwerrorcode = getlasterror (); // get the error message if (error_invalid_name = dwerrorcode) {setdlgitemtext (idc_static_state, _ T ("status: the service name is invalid! ");} Else if (error_service_does_not_exist = dwerrorcode) {setdlgitemtext (idc_static_state, _ T (" status: this service does not exist! ");} Else {setdlgitemtext (idc_static_state, _ T (" status: openservice error! ") ;}} Else {If (! Deleteservice (schservice) // remove the setdlgitemtext (idc_static_state, _ T ("status: failed to uninstall the driver service! "); Elsesetdlgitemtext (idc_static_state, _ T (" status: the driver service has been uninstalled successfully! ");} If (schservice) closeservicehandle (schservice); If (schscmanager) closeservicehandle (schscmanager );}

Attachment

NT-Type Driver Loader

All rights reserved. You are welcome to repost it, but please note:
Reprinted from a civil engineer