Lib_Driver.h
#include "Lib.h"<br />//////////////////////////////////////////////////////////////////////////<br />namespace System<br />{<br />class export Driver<br />{<br />private: //結構聲明<br />typedef struct _LSA_UNICODE_STRING {<br />USHORT Length;<br />USHORT MaximumLength;<br />PVOID Buffer;<br />} UNICODE_STRING, *PUNICODE_STRING; </p><p>typedef struct _OBJECT_ATTRIBUTES {<br />ULONG Length;<br />HANDLE RootDirectory;<br />PUNICODE_STRING ObjectName;<br />ULONG Attributes;<br />PVOID SecurityDescriptor;<br />PVOID SecurityQualityOfService;<br />} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;</p><p>typedef struct _IO_STATUS_BLOCK {<br />union {<br />long Status;<br />PVOID Pointer;<br />} ;<br />ULONG_PTR Information;<br />} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;</p><p>private: //變數資料<br /> HANDLE hDriver;<br />HMODULE hNtDll;<br />UNICODE_STRING uDriver, uName;<br />OBJECT_ATTRIBUTES Obj_;<br />IO_STATUS_BLOCK Isb_;<br />TCHAR DriverName[MAX_REASON_NAME_LEN], DriverPath[MAX_PATH];<br />typedef long (_stdcall* _NtClose)(HANDLE Handle);<br />typedef void (_stdcall* _RtlInitUnicodeString)(PUNICODE_STRING DestinationString, PCWSTR SourceString);<br />typedef void (_stdcall* _RtlFreeUnicodeString)(PUNICODE_STRING UnicodeString);<br />_NtClose NtClose;<br />_RtlInitUnicodeString RtlInitUnicodeString;<br />_RtlFreeUnicodeString RtlFreeUnicodeString;<br />private: //內建函式<br />void InitializeObjectAttributes(POBJECT_ATTRIBUTES, PUNICODE_STRING, ULONG Attributes, HANDLE, PSECURITY_DESCRIPTOR);<br />void NtRegisterDriver();<br />public: //公開成員<br />Driver(PTCHAR, PTCHAR);<br />~Driver();<br />long NtCallDriver(ULONG,PVOID,ULONG,PVOID,ULONG);<br />};<br />}
Lib_Driver.cpp
#include "Lib_Driver.h"<br />//////////////////////////////////////////////////////////////////////////<br />using namespace System;<br />//////////////////////////////////////////////////////////////////////////<br />//Driver類函數的實現<br />//////////////////////////////////////////////////////////////////////////<br />void Driver::InitializeObjectAttributes(POBJECT_ATTRIBUTES InitializedAttributes,PUNICODE_STRING ObjectName,ULONG Attributes,HANDLE RootDirectory,PSECURITY_DESCRIPTOR SecurityDescriptor)<br />{<br />InitializedAttributes->Length = sizeof(OBJECT_ATTRIBUTES);<br />InitializedAttributes->RootDirectory = RootDirectory;<br />InitializedAttributes->Attributes = Attributes;<br />InitializedAttributes->ObjectName = ObjectName;<br />InitializedAttributes->SecurityDescriptor = SecurityDescriptor;<br />InitializedAttributes->SecurityQualityOfService = NULL;<br />}</p><p>Driver::Driver(PTCHAR DriverName, PTCHAR DriverPath)<br />{<br />hNtDll = LoadLibraryEx(T("ntdll.dll"), NULL, NULL);<br />if (hNtDll)<br />{<br />NtClose = (_NtClose)GetProcAddress(hNtDll, "NtClose");<br />RtlInitUnicodeString = (_RtlInitUnicodeString)GetProcAddress(hNtDll, "RtlInitUnicodeString");<br />RtlFreeUnicodeString = (_RtlFreeUnicodeString)GetProcAddress(hNtDll, "RtlFreeUnicodeString");<br />}<br />//拷貝字元<br />#define DRIVER_PATH T("//??//")<br />memcpy(this->DriverName, DriverName, Length(DriverName));<br />memcpy(this->DriverPath, DRIVER_PATH, sizeof(DRIVER_PATH) - 2);<br />memcpy(LPBYTE(this->DriverPath) + (sizeof(DRIVER_PATH) -2), DriverPath, Length(DriverPath));<br />//註冊驅動<br />NtRegisterDriver();<br />//載入驅動<br />typedef long (_stdcall* _NtLoadDriver)(PUNICODE_STRING DriverServiceName);<br />typedef long (_stdcall* _NtCreateFile)(PHANDLE FileHandle,ACCESS_MASK DesiredAccess,<br />POBJECT_ATTRIBUTES ObjectAttributes,PIO_STATUS_BLOCK IoStatusBlock,<br />PLARGE_INTEGER AllocationSize,ULONG FileAttributes, ULONG ShareAccess,<br />ULONG CreateDisposition, ULONG CreateOptions, PVOID EaBuffer, ULONG EaLength);<br />_NtLoadDriver NtLoadDriver = (_NtLoadDriver)GetProcAddress(hNtDll, "NtLoadDriver");<br />_NtCreateFile NtCreateFile = (_NtCreateFile)GetProcAddress(hNtDll, "NtCreateFile");<br />//載入驅動程式<br />NtLoadDriver(&uDriver);<br />//擷取驅動控制代碼HANDLE<br />TCHAR OpenName[MAX_REASON_NAME_LEN + 6] = DRIVER_PATH; //驅動開啟路徑<br />wcscat(PTCHAR(LPBYTE(OpenName) + sizeof(DRIVER_PATH) -2), this->DriverName); //追加 驅動名<br />RtlInitUnicodeString(&uName, OpenName);<br />InitializeObjectAttributes(&Obj_,&uName,0x00000200L|0x00000040L/*OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE*/,NULL,NULL);<br />NtCreateFile(&hDriver,GENERIC_READ|GENERIC_WRITE,&Obj_,&Isb_,NULL,FILE_ATTRIBUTE_NORMAL,FILE_SHARE_READ|FILE_SHARE_WRITE,OPEN_EXISTING,NULL,NULL,NULL);<br />}</p><p>Driver::~Driver()<br />{<br />NtClose(hDriver);<br />typedef long (_stdcall* _NtUnloadDriver)(PUNICODE_STRING DriverServiceName);<br />_NtUnloadDriver NtUnloadDriver = (_NtUnloadDriver)GetProcAddress(hNtDll, "NtUnloadDriver");<br />NtUnloadDriver(&uDriver);<br />RtlFreeUnicodeString(&uDriver);<br />FreeLibrary(hNtDll);<br />}</p><p>void Driver::NtRegisterDriver()<br />{<br />typedef long (_stdcall* _NtCreateKey)(PHANDLE KeyHandle,ACCESS_MASK DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes,<br />ULONG TitleIndex,PUNICODE_STRING Class,ULONG CreateOptions,PULONG Disposition);<br />typedef long (_stdcall* _NtSetValueKey)(HANDLE KeyHandle,PUNICODE_STRING ValueName,ULONG TitleIndex,ULONG Type,PVOID Data,ULONG DataSize);<br />_NtCreateKey NtCreateKey = (_NtCreateKey)GetProcAddress(hNtDll, "NtCreateKey");<br />_NtSetValueKey NtSetValueKey = (_NtSetValueKey)GetProcAddress(hNtDll, "NtSetValueKey");<br />//寫入註冊表<br /> #define REG_PATH T("//Registry//Machine//System//CurrentControlSet//Services//")<br />TCHAR RegPath[MAX_PATH] = REG_PATH; //註冊表位置<br />wcscat(PTCHAR(LPBYTE(RegPath) + sizeof(REG_PATH) -2), this->DriverName); //追加 驅動名<br />RtlInitUnicodeString(&this->uDriver, RegPath);<br />InitializeObjectAttributes(&Obj_, &this->uDriver, 0x00000200L|0x00000040L/*OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE*/, NULL, NULL);<br />if(!NtCreateKey(&hDriver, KEY_ALL_ACCESS, &Obj_, NULL, NULL, REG_OPTION_VOLATILE, NULL))<br />{<br />{<br />RtlInitUnicodeString(&uName,T("DisplayName"));<br />NtSetValueKey(hDriver, &uName, 0, REG_SZ, (LPBYTE)this->DriverName, Length(this->DriverName));<br />RtlFreeUnicodeString(&uName);<br />RtlInitUnicodeString(&uName,T("ImagePath"));<br />NtSetValueKey(hDriver, &uName, 0, REG_SZ, (LPBYTE)this->DriverPath, Length(this->DriverPath));<br />RtlFreeUnicodeString(&uName);<br />Obj_.Attributes = 1;<br />RtlInitUnicodeString(&uName,T("Type"));<br />NtSetValueKey(hDriver, &uName, 0, REG_DWORD, (BYTE*)&Obj_.Attributes, sizeof(Obj_.Attributes));<br />RtlFreeUnicodeString(&uName);<br />Obj_.Attributes = 3;<br />RtlInitUnicodeString(&uName,T("Start"));<br />NtSetValueKey(hDriver, &uName, 0, REG_DWORD, (BYTE*)&Obj_.Attributes, sizeof(Obj_.Attributes));<br />}<br />RtlFreeUnicodeString(&uName);<br />NtClose(hDriver);<br />}<br />}</p><p>long Driver::NtCallDriver(ULONG ControlCode,PVOID InputBuffer,ULONG InputBufferLength,PVOID OutputBuffer,ULONG OutputBufferLength)<br />{<br />typedef long (_stdcall* _NtDeviceIoControlFile)(HANDLE FileHandle,HANDLE Event,<br />LPVOID ApcRoutine,PVOID ApcContext,PIO_STATUS_BLOCK IoStatusBlock,<br />ULONG IoControlCode,PVOID InputBuffer,ULONG InputBufferLength,PVOID OutputBuffer,ULONG OutputBufferLength);<br />_NtDeviceIoControlFile NtDeviceIoControlFile = (_NtDeviceIoControlFile)GetProcAddress(hNtDll, "NtDeviceIoControlFile");<br />return NtDeviceIoControlFile(hDriver, NULL, NULL, NULL, &Isb_, ControlCode, InputBuffer, InputBufferLength, OutputBuffer, OutputBufferLength);<br />}
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
