Windows的驅動程式安裝,也就是將已經編譯好的**.sys檔案“嵌入”到Windows作業系統的核心層。以下介紹幾種我所知道的常見方法。
注意:以下幾種方法中,除inf安裝外,適合一般的NT驅動,並不能安裝Minifilter(微過濾驅動)。對於Minifilter的安裝,我們將在以後的文章中談到。
一、藉助相關工具
網上有很多牛人寫的工具,對**.sys檔案的安裝很管用。在這裡介紹筆者用過的小工具——SRVINSTW.EXE(亦即srvinstw.exe),這個工具有漢化版本,操作很簡單。以下兩個連結都可以下載到。(還有其他很多網站上都能下載到此工具,在網上所搜一下就OK了。)
http://www.downxia.com/downinfo/22769.html
http://d.download.csdn.net/detail/netwolf712/3409182
二、代碼實現
主要是OpenSCManager,CreateService,CloseServiceHandle等函數的運用。
//功能:安裝**.sys檔案。#include <windows.h>#include <winsvc.h>#include <stdio.h>void main(){ char name[3]="zx"; //服務名 char info[200]="sfok16"; // 服務描述 char path[300]="sfok16.sys"; //程式路徑 (此處預設為在同一檔案夾內) SC_HANDLE manager=NULL; SC_HANDLE service=NULL; if((manager=OpenSCManager(NULL,NULL,SC_MANAGER_CREATE_SERVICE))==NULL) { printf("OpenSCManager Error"); } service=CreateService( manager,name,info, SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_IGNORE, path,0,0,0,0,0); if(service) printf("服務建立成功\n\n"); else printf("服務建立失敗\n\n"); CloseServiceHandle(service);}
三、通過.inf檔案實現
inf檔案,Microsoft公司為硬體裝置製造商發布其驅動程式推出的一種檔案格式,INF檔案中包含硬體裝置的資訊或j指令碼以控制硬體操作。在INF檔案中指明了硬體驅動該如何安裝到系統中,源檔案在哪裡、安裝到哪一個檔案夾中、怎樣在註冊表中加入自身相關資訊等。
inf檔案才建立可以通過txt檔案直接修改尾碼名即可,如將編輯好的txt檔案名稱直接改為“***.inf”(前提是已經將需要的代碼已經寫好),然後單擊“右鍵”,選擇“安裝”。最難的是inf檔案內部的內容(代碼)如何書寫。以下以一個名為zhang.sys的驅動載入到Windows核心中。(在實際操作中,可以找一個現有的inf檔案,開啟直接修改)
[Version]
signature = "$Windows NT$"
Class = "ActivityMonitor" ;This is determined by the work this filter driver does
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;This value is determined by the Class
Provider = %Msft%
DriverVer = 07/24/2012,1.0.0.3
CatalogFile = zhang.cat
[DestinationDirs]
DefaultDestDir = 12
MiniFilter.DriverFiles = 12 ;%windir%\system32\drivers
;; Default install sections
[DefaultInstall]
OptionDesc = %ServiceDescription%
CopyFiles = MiniFilter.DriverFiles
[DefaultInstall.Services]
AddService = %ServiceName%,,MiniFilter.Service
;;
;; Default uninstall sections
;;
[DefaultUninstall]
DelFiles = MiniFilter.DriverFiles
[DefaultUninstall.Services]
DelService = zhang,0x200 ;Ensure service is stopped before deleting
; Services Section
[MiniFilter.Service]
DisplayName = %ServiceName%
Description = %ServiceDescription%
ServiceBinary = %12%\%DriverName%.sys ;%windir%\system32\drivers\
Dependencies = "FltMgr"
ServiceType = 2 ;SERVICE_FILE_SYSTEM_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
LoadOrderGroup = "FSFilter Encryption"
AddReg = MiniFilter.AddRegistry
; Registry Modifications
[MiniFilter.AddRegistry]
HKR,"Instances","DefaultInstance",0x00000000,%Instance1.Name%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
; Copy Files
[MiniFilter.DriverFiles]
%DriverName%.sys
[SourceDisksFiles]
zhang.sys = 1,,
[SourceDisksNames]
1 = %DiskId1%,,,
;; String Section
[Strings]
Msft = "Microsoft Corporation"
ServiceDescription = "encryption engine minfilter Driver"
ServiceName = "zhang"
DriverName = "zhang"
DiskId1 = "zhang Device Installation Disk"
;Instances specific information.
Instance1.Name = "zhang Instance"
Instance1.Altitude = "141000"
Instance1.Flags = 0x0 ; allow automatic attachments
四、“曲線救國”方法
不需要手動載入inf檔案,代碼調用inf檔案即可。筆者運用的方法比較笨,找沒找到代碼直接調用inf檔案的,採用了一種間接的方法。
寫一個bat(批處理),在批處理裡調用inf,而bat很容易從代碼調用。
bat檔案的語句:
RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Windows\engine.inf
其中,C:\Windows\engine.inf是inf檔案的路徑。
C/C++語言調用bat檔案:
#include <windows.h>
WinExec("C:\\Windows\\AddService.bat", SW_SHOW);
其中, C:\\Windows\\AddService.bat是bat的路徑。記得包含標頭檔windows.h
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
