diff --git a/KernelCommunication.sln b/KernelCommunication.sln
index fee08ca..c758414 100644
--- a/KernelCommunication.sln
+++ b/KernelCommunication.sln
@@ -1,7 +1,7 @@
Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
-VisualStudioVersion = 17.13.35825.156 d17.13
+VisualStudioVersion = 17.13.35825.156
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KernelCommunication", "KernelCommunication\KernelCommunication.vcxproj", "{B1740CFB-94A0-BAA6-1165-49A4F96703C3}"
EndProject
diff --git a/KernelCommunication/KernelCommunication.vcxproj b/KernelCommunication/KernelCommunication.vcxproj
index 1f6e3cf..6f2a9e3 100644
--- a/KernelCommunication/KernelCommunication.vcxproj
+++ b/KernelCommunication/KernelCommunication.vcxproj
@@ -48,11 +48,11 @@
Windows10
true
- WindowsKernelModeDriver10.0
Driver
WDM
Desktop
Unicode
+ WindowsKernelModeDriver10.0
Windows10
@@ -132,11 +132,11 @@
-
+
-
+
diff --git a/KernelCommunication/KernelCommunication.vcxproj.filters b/KernelCommunication/KernelCommunication.vcxproj.filters
index 19d6921..baba3a6 100644
--- a/KernelCommunication/KernelCommunication.vcxproj.filters
+++ b/KernelCommunication/KernelCommunication.vcxproj.filters
@@ -19,12 +19,12 @@
-
+
Source Files
-
+
Header Files
diff --git a/KernelCommunication/ioctl.h b/KernelCommunication/ioctl.h
index c9f7bf1..76626a6 100644
--- a/KernelCommunication/ioctl.h
+++ b/KernelCommunication/ioctl.h
@@ -1,5 +1,40 @@
#pragma once
#define MY_DRVICE_NAME L"YhyDrvice"
+#define KERNEL_REG_DRVICE_NAME L"\\Device\\" MY_DRVICE_NAME
#define SYMBOLIC_LINK L"\\??\\" MY_DRVICE_NAME
+// 内核注册的同步事件对象
+#define NOTIFICATION_OBJECT_NAME L"\\BaseNamedObjects\\YhyDrvice"
+#define KERNEL_TO_USER_EVENT_NAME L"Global\\YhyDrvice"
+#define KERNEL_FILE_NAME L"\\\\.\\" MY_DRVICE_NAME
-#define IOCTL_READ_MEMORY CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)
\ No newline at end of file
+#define DEFINE_IOCTL(function_code) \
+ CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800 + function_code, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
+// 读取任意内存地址数据
+#define IOCTL_READ_MEMORY DEFINE_IOCTL(1)
+
+typedef struct ReadMemoryModel {
+ void* address;
+ int len;
+} ReadMemoryModel;
+
+// 写入内存地址数据
+#define IOCTL_WRITE_MEMORY DEFINE_IOCTL(2)
+typedef struct WriteMemoryModel {
+ void* address; // 目标地址
+ int len; // 写入数据量
+ char buffer[1]; // 缓冲区
+} WriteMemoryModel;
+
+// 枚举进程
+#define IOCTL_ENUMERATION_PROCESS DEFINE_IOCTL(3)
+
+typedef struct EnumerationProcessModel {
+ // TODO: ...
+} EnumerationProcessModel;
+
+// 内核驱动创建命名的事件同步对象,用来让应用层接收事件
+#define IOCTL_KERNEL_CREATE_EVENT_OBJECT CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800 + 4, METHOD_NEITHER , FILE_ANY_ACCESS)
+
+// 通知内核驱动关闭命名的事件对象
+#define IOCTL_CLOSE_EVENT_OBJECT CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800 + 5, METHOD_NEITHER , FILE_ANY_ACCESS)
\ No newline at end of file
diff --git a/KernelCommunication/kernel.cpp b/KernelCommunication/kernel.cpp
new file mode 100644
index 0000000..e637739
--- /dev/null
+++ b/KernelCommunication/kernel.cpp
@@ -0,0 +1,228 @@
+#include "kernel.h"
+
+// 接收三环传递来的通讯线程
+HANDLE gThreadHandle = NULL;
+bool gWorkThreadFlags = false;
+HANDLE gEventHandle = NULL;
+PKEVENT gKernelEvent = NULL;
+
+
+VOID onUnload(_In_ struct _DRIVER_OBJECT* DriverObject) {
+ UNREFERENCED_PARAMETER(DriverObject);
+ KdPrint(("[yhy]: %s", __FUNCTION__));
+
+ // 删除驱动符号链接
+ UNICODE_STRING symLink;
+ RtlInitUnicodeString(&symLink, SYMBOLIC_LINK);
+ NTSTATUS status = IoDeleteSymbolicLink(&symLink);
+ if (!NT_SUCCESS(status)) {
+ KdPrint(("[yhy] [Error]: IoDeleteSymbolicLink Error! errorCode:%08x\n", status));
+ return;
+ }
+ // 删除设备
+ if (DriverObject->DeviceObject != NULL) {
+ IoDeleteDevice(DriverObject->DeviceObject);
+ }
+ KdPrint(("[yhy]: onUnload Success!\n"));
+ KdPrint(("[yhy]: Bye!\n"));
+}
+
+NTSTATUS DispatchCreate(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) {
+ NTSTATUS status = STATUS_SUCCESS;
+ KdPrint(("[yhy]: %s\n", __FUNCTION__));
+ IoCompleteRequest(Irp, IO_NO_INCREMENT);
+ UNREFERENCED_PARAMETER(DeviceObject);
+ return status;
+}
+
+NTSTATUS DispatchClose(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) {
+ NTSTATUS status = STATUS_SUCCESS;
+ KdPrint(("[yhy]: %s\n", __FUNCTION__));
+ IoCompleteRequest(Irp, IO_NO_INCREMENT);
+ UNREFERENCED_PARAMETER(DeviceObject);
+ Irp->IoStatus.Status = STATUS_SUCCESS;
+ Irp->IoStatus.Information = 0;
+ return status;
+}
+
+NTSTATUS DispatchRead(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) {
+ UNREFERENCED_PARAMETER(DeviceObject);
+ NTSTATUS status = STATUS_SUCCESS;
+ KdPrint(("[yhy]: %s\n", __FUNCTION__));
+ // 需要把数据写入缓冲区
+ PIO_STACK_LOCATION pIrpStack = IoGetCurrentIrpStackLocation(Irp);
+ // 需要缓冲区地址+请求读写的长度
+ const char* text = "hello world!";
+ //PVOID pBuffer = Irp->AssociatedIrp.SystemBuffer;
+ PVOID pBuffer = MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority);
+
+ ULONG nBufferSize = pIrpStack->Parameters.Read.Length;
+ // 拷贝字符串
+ ULONG len = min(nBufferSize, (ULONG)strlen(text));
+
+ KdPrint(("[yhy]: DispatchRead() text: %s pBuffer:%p nBufferSize:%d len:%d", text, pBuffer, nBufferSize, len));
+
+ RtlCopyMemory(pBuffer, text, len);
+
+ // 发送一个测试
+ KeSetEvent(gKernelEvent, IO_NO_INCREMENT, FALSE);
+
+ // 完成请求
+ Irp->IoStatus.Status = STATUS_SUCCESS;
+ Irp->IoStatus.Information = len;
+
+
+ IoCompleteRequest(Irp, IO_NO_INCREMENT);
+ return status;
+}
+NTSTATUS DispatchWrite(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) {
+ NTSTATUS status = STATUS_SUCCESS;
+ KdPrint(("[yhy]: %s\n", __FUNCTION__));
+ IoCompleteRequest(Irp, IO_NO_INCREMENT);
+ UNREFERENCED_PARAMETER(DeviceObject);
+ KdPrint(("[yhy]: DeviceObject->StackSize: %d\n", DeviceObject->StackSize));
+ return status;
+}
+
+NTSTATUS handleOnCtlReadMemory(PIO_STACK_LOCATION pIrpStack, _IRP* Irp) {
+ NTSTATUS status = STATUS_SUCCESS;
+ PVOID inBuffer = Irp->AssociatedIrp.SystemBuffer;
+ PVOID outBuffer = Irp->AssociatedIrp.SystemBuffer;
+ // 先解
+ ReadMemoryModel* readModel = (ReadMemoryModel*)inBuffer;
+ ULONG bufferLen = max((ULONG)readModel->len, pIrpStack->Parameters.DeviceIoControl.OutputBufferLength);
+ // 读取目标内存
+ KdPrint(("[yhy]: DispatchControl inBuffer:%p targetAddress:%p\n", inBuffer, readModel->address));
+ RtlCopyMemory(outBuffer, readModel->address, bufferLen);
+ Irp->IoStatus.Status = STATUS_SUCCESS;
+ Irp->IoStatus.Information = bufferLen;
+ return status;
+}
+
+NTSTATUS handleOnCtlWriteMemory(PIO_STACK_LOCATION pIrpStack, _IRP* Irp) {
+ NTSTATUS status = STATUS_SUCCESS;
+ PVOID inBuffer = Irp->AssociatedIrp.SystemBuffer;
+ //PVOID outBuffer = Irp->AssociatedIrp.SystemBuffer;
+ UNREFERENCED_PARAMETER(pIrpStack);
+ WriteMemoryModel* writeModel = (WriteMemoryModel*)inBuffer;
+ ULONG bufferLen = writeModel->len;
+ RtlCopyMemory(writeModel->address, writeModel->buffer, bufferLen);
+ Irp->IoStatus.Status = STATUS_SUCCESS;
+ Irp->IoStatus.Information = bufferLen;
+ return status;
+}
+
+NTSTATUS handleOnCtlEnumProc(PIO_STACK_LOCATION pIrpStack, _IRP* Irp) {
+ NTSTATUS status = STATUS_SUCCESS;
+ // TODO...
+ UNREFERENCED_PARAMETER(pIrpStack);
+ UNREFERENCED_PARAMETER(Irp);
+ return status;
+}
+
+/*
+* 内核驱动创建一个命名的事件对象,用来主动向应用层进行通信
+*/
+NTSTATUS handleCreateNotificationEvent() {
+ NTSTATUS status = STATUS_SUCCESS;
+ UNICODE_STRING EventName = { 0 };
+ RtlInitUnicodeString(&EventName, NOTIFICATION_OBJECT_NAME);
+ gKernelEvent = IoCreateNotificationEvent(&EventName, &gEventHandle);
+ KdPrint(("[yhy] createNotificationEvent! gKernelEvent: %p gEventHandle: %p\n", gKernelEvent, gEventHandle));
+ if (gKernelEvent == NULL) {
+ KdPrint(("[yhy] createNotificationEvent Fail!\n"));
+ status = STATUS_UNSUCCESSFUL;
+ }
+ return status;
+}
+
+NTSTATUS handleCloseNotificationEvent() {
+ KdPrint(("[yhy]: %s\n", __FUNCTION__));
+ NTSTATUS status = STATUS_SUCCESS;
+ // 关闭事件对象
+ // 唤醒事件
+ KeSetEvent(gKernelEvent, IO_NO_INCREMENT, FALSE);
+ KdPrint(("[yhy] [Error]: NtClose! gEventHandle:%p\n", gEventHandle));
+ status = NtClose(gEventHandle);
+ if (!NT_SUCCESS(status)) {
+ KdPrint(("[yhy] [Error]: NtClose Error! errorCode:%08x\n", status));
+ }
+ return status;
+}
+
+NTSTATUS DispatchControl(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) {
+ NTSTATUS status = STATUS_SUCCESS;
+ UNREFERENCED_PARAMETER(DeviceObject);
+ PIO_STACK_LOCATION pIrpStack = IoGetCurrentIrpStackLocation(Irp);
+ ULONG ControlCode = pIrpStack->Parameters.DeviceIoControl.IoControlCode;
+
+ switch (ControlCode) {
+ case IOCTL_READ_MEMORY: {
+ status = handleOnCtlReadMemory(pIrpStack, Irp);
+ break;
+ }
+ case IOCTL_WRITE_MEMORY: {
+ status = handleOnCtlWriteMemory(pIrpStack, Irp);
+ break;
+ }
+ case IOCTL_ENUMERATION_PROCESS: {
+ status = handleOnCtlEnumProc(pIrpStack, Irp);
+ break;
+ }
+ case IOCTL_KERNEL_CREATE_EVENT_OBJECT: {
+ status = handleCreateNotificationEvent();
+ break;
+ }
+ case IOCTL_CLOSE_EVENT_OBJECT: {
+ status = handleCloseNotificationEvent();
+ break;
+ }
+ }
+ IoCompleteRequest(Irp, IO_NO_INCREMENT);
+ return status;
+}
+
+NTSTATUS DriverEntry(
+ _In_ PDRIVER_OBJECT DriverObject,
+ _In_ PUNICODE_STRING RegistryPath
+)
+{
+ UNREFERENCED_PARAMETER(RegistryPath);
+ // NTSTATUS variable to record success or failure
+ NTSTATUS status = STATUS_SUCCESS;
+ DriverObject->DriverUnload = onUnload;
+ // 1. 绑定IRP 处理Dispatch例程
+ DriverObject->MajorFunction[IRP_MJ_CREATE] = DispatchCreate;
+ DriverObject->MajorFunction[IRP_MJ_CLOSE] = DispatchClose;
+ DriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead;
+ DriverObject->MajorFunction[IRP_MJ_WRITE] = DispatchWrite;
+ DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchControl;
+
+ // 2. 创建设备对象
+ UNICODE_STRING deviceName;
+ PDEVICE_OBJECT pDevice = NULL;
+ RtlInitUnicodeString(&deviceName, KERNEL_REG_DRVICE_NAME);
+ KdPrint(("[yhy] deviceName: %wZ", &deviceName));
+ status = IoCreateDevice(DriverObject, 0, &deviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE /*非独占*/,
+ &pDevice);
+ if (!NT_SUCCESS(status)) {
+ KdPrint(("[yhy] DriverEntry IoCreateDevice ErrorCode:%08x\n", status));
+ return status;
+ }
+
+ // 使用缓冲区IO方式
+ //pDevice->Flags |= DO_BUFFERED_IO;
+ pDevice->Flags |= DO_DIRECT_IO;
+
+ // 3. 创建符号
+ UNICODE_STRING symbolName;
+ RtlInitUnicodeString(&symbolName, SYMBOLIC_LINK);
+ status = IoCreateSymbolicLink(&symbolName, &deviceName);
+ if (!NT_SUCCESS(status)) {
+ KdPrint(("[yhy] DriverEntry IoCreateSymbolicLink ErrorCode:%08x\n", status));
+ return status;
+ }
+ KdPrint(("[yhy] DriverEntry IoCreateSymbolicLink Success! symbolName is :%wZ", &symbolName));
+
+ return status;
+}
\ No newline at end of file
diff --git a/KernelCommunication/main.h b/KernelCommunication/kernel.h
similarity index 90%
rename from KernelCommunication/main.h
rename to KernelCommunication/kernel.h
index d82598e..20bdd17 100644
--- a/KernelCommunication/main.h
+++ b/KernelCommunication/kernel.h
@@ -1,4 +1,5 @@
#pragma once
+#include
#include
#include "ioctl.h"
diff --git a/KernelCommunication/main.cpp b/KernelCommunication/main.cpp
deleted file mode 100644
index b41f525..0000000
--- a/KernelCommunication/main.cpp
+++ /dev/null
@@ -1,110 +0,0 @@
-#include "main.h"
-
-VOID onUnload(_In_ struct _DRIVER_OBJECT* DriverObject) {
- UNREFERENCED_PARAMETER(DriverObject);
- KdPrint(("[yhy]: %s", __FUNCDNAME__));
- UNICODE_STRING symLink;
- RtlInitUnicodeString(&symLink, SYMBOLIC_LINK);
- NTSTATUS status = IoDeleteSymbolicLink(&symLink); // 删除符号链接
- if (!NT_SUCCESS(status)) {
- KdPrint(("[yhy] [Error]: IoDeleteSymbolicLink Error! rrorCode:%08x\n", status));
- return;
- }
- // 删除设备
- if (DriverObject->DeviceObject != NULL) {
- IoDeleteDevice(DriverObject->DeviceObject);
- }
- KdPrint(("[yhy]: onUnload Success!\n"));
- KdPrint(("[yhy]: Bye!\n"));
-}
-
-NTSTATUS DispatchCreate(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) {
- NTSTATUS status = STATUS_SUCCESS;
- KdPrint(("[yhy]: %s\n", __FUNCDNAME__));
- IoCompleteRequest(Irp, IO_NO_INCREMENT);
- UNREFERENCED_PARAMETER(DeviceObject);
- return status;
-}
-
-NTSTATUS DispatchClose(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) {
- NTSTATUS status = STATUS_SUCCESS;
- KdPrint(("[yhy]: %s\n", __FUNCDNAME__));
- IoCompleteRequest(Irp, IO_NO_INCREMENT);
- UNREFERENCED_PARAMETER(DeviceObject);
- Irp->IoStatus.Status = STATUS_SUCCESS;
- Irp->IoStatus.Information = 0;
- return status;
-}
-NTSTATUS DispatchRead(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) {
- NTSTATUS status = STATUS_SUCCESS;
- KdPrint(("[yhy]: %s\n", __FUNCDNAME__));
- IoCompleteRequest(Irp, IO_NO_INCREMENT);
- UNREFERENCED_PARAMETER(DeviceObject);
- return status;
-}
-NTSTATUS DispatchWrite(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) {
- NTSTATUS status = STATUS_SUCCESS;
- KdPrint(("[yhy]: %s\n", __FUNCDNAME__));
- IoCompleteRequest(Irp, IO_NO_INCREMENT);
- UNREFERENCED_PARAMETER(DeviceObject);
- return status;
-}
-
-NTSTATUS DispatchControl(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) {
- NTSTATUS status = STATUS_SUCCESS;
- UNREFERENCED_PARAMETER(DeviceObject);
- KdPrint(("[yhy]: %s\n", __FUNCDNAME__));
- PIO_STACK_LOCATION pIrpStack = IoGetCurrentIrpStackLocation(Irp);
- if (pIrpStack->Parameters.DeviceIoControl.IoControlCode == IOCTL_READ_MEMORY) {
- PVOID ioBuffer = Irp->AssociatedIrp.SystemBuffer;
- //ULONG bufferLen = max(pIrpStack->Parameters.DeviceIoControl.InputBufferLength, pIrpStack->Parameters.DeviceIoControl.OutputBufferLength);
- // 读取目标内存
- void* targetAddress = *(void**)ioBuffer;
- KdPrint(("[yhy]: DispatchControl ioBuffer:%p targetAddress:%p\n", ioBuffer, targetAddress));
- int newValue = 0x12341234;
- RtlCopyMemory(ioBuffer, &newValue, 4);
- Irp->IoStatus.Status = STATUS_SUCCESS;
- Irp->IoStatus.Information = 4;
- }
- IoCompleteRequest(Irp, IO_NO_INCREMENT);
- return status;
-}
-
-NTSTATUS DriverEntry(
- _In_ PDRIVER_OBJECT DriverObject,
- _In_ PUNICODE_STRING RegistryPath
-)
-{
- UNREFERENCED_PARAMETER(RegistryPath);
- // NTSTATUS variable to record success or failure
- NTSTATUS status = STATUS_SUCCESS;
- DriverObject->DriverUnload = onUnload;
- // 1. 绑定IRP 处理Dispatch例程
- DriverObject->MajorFunction[IRP_MJ_CREATE] = DispatchCreate;
- DriverObject->MajorFunction[IRP_MJ_CLOSE] = DispatchClose;
- DriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead;
- DriverObject->MajorFunction[IRP_MJ_WRITE] = DispatchWrite;
- DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchControl;
- // 2. 创建设备对象
- UNICODE_STRING deviceName;
- PDEVICE_OBJECT pDevice = NULL;
- RtlInitUnicodeString(&deviceName, L"\\Device\\" MY_DRVICE_NAME);
- KdPrint(("[yhy] deviceName: %wZ", &deviceName));
- status = IoCreateDevice(DriverObject, 0, &deviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE /*非独占*/,
- &pDevice);
- if (!NT_SUCCESS(status)) {
- KdPrint(("[yhy] DriverEntry IoCreateDevice ErrorCode:%08x\n", status));
- return status;
- }
- // 3. 创建符号
- UNICODE_STRING symbolName;
- // L"\\DosDevices\\MY_DRVICE_NAME"
- RtlInitUnicodeString(&symbolName, SYMBOLIC_LINK);
- status = IoCreateSymbolicLink(&symbolName, &deviceName);
- if (!NT_SUCCESS(status)) {
- KdPrint(("[yhy] DriverEntry IoCreateSymbolicLink ErrorCode:%08x\n", status));
- return status;
- }
- KdPrint(("[yhy] DriverEntry IoCreateSymbolicLink Success! symbolName is :%wZ", &symbolName));
- return status;
-}
\ No newline at end of file
diff --git a/TestDrvice/TestDrvice.cpp b/TestDrvice/TestDrvice.cpp
index 41ba918..f725a1e 100644
--- a/TestDrvice/TestDrvice.cpp
+++ b/TestDrvice/TestDrvice.cpp
@@ -1,11 +1,21 @@
-#include
-#include
-#include
-#include "../KernelCommunication/ioctl.h"
-#include
+#include "TestDrvice.h"
#define TEST_SERVICE_NAME "aaayhytestservice"
+std::thread gWorkThread;
+bool gThreadFlags = false;
+void workThread(HANDLE eventHandle) {
+ while (gThreadFlags) {
+ WaitForSingleObject(eventHandle, INFINITE);
+ // TODO: 处理内核通知
+ printf("Kernel Event!\n");
+ ResetEvent(eventHandle); // 重置事件以便下次触发
+ }
+ // 退出线程时,关闭句柄
+ printf("Exit WorkThread! eventHandle: %08x", eventHandle);
+ if (eventHandle != NULL) { CloseHandle(eventHandle); }
+ return;
+}
void ShowError(const char* szName) {
DWORD dwErrorCode = GetLastError();
@@ -126,32 +136,46 @@ int UnLoadDriver(const char* szServiceName) {
void UseDriver() {
- HANDLE hFile = CreateFileW(L"\\\\.\\" MY_DRVICE_NAME,
+ unique_handle hFile = make_unique_handle(CreateFileW(KERNEL_FILE_NAME,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0,
- NULL);
- printf("CreateFile hFile:%p ErrCode:%08x\n", hFile, GetLastError());
+ NULL));
+ printf("CreateFile hFile:%p ErrCode:%08x\n", hFile.get(), GetLastError());
+ DWORD dwBytes = 0;
+ // 1. 发送让驱动创建事件对象的消息
+ bool result = DeviceIoControl(hFile.get(), IOCTL_KERNEL_CREATE_EVENT_OBJECT, NULL, 0, NULL, 0, &dwBytes, NULL);
+ if (!result) {
+ printf("IOCTL_KERNEL_CREATE_EVENT_OBJECT False!\n");
+ return;
+ }
+
+ // 2. 打开内核驱动的命名同步对象
+ HANDLE eventHandle = OpenEventW(EVENT_ALL_ACCESS, FALSE, KERNEL_TO_USER_EVENT_NAME);
+ printf("eventHandle: %08x\n", eventHandle);
+ gWorkThread = std::thread([=] {
+ gThreadFlags = true;
+ workThread(eventHandle);
+ });
+
+
// 测试ReadFile 功能
char Buffer[MAXBYTE] = { 0 };
- DWORD dwBytes = 0;
- BOOL Result = ReadFile(hFile, Buffer, sizeof(Buffer), &dwBytes, NULL);
+ BOOL Result = ReadFile(hFile.get(), Buffer, 6, &dwBytes, NULL);
printf("ReadFile Result:%d dwBytes:%d Buffer:%s ErrCode:%08x\n", Result, dwBytes, Buffer, GetLastError());
- // 测试WriteFile 功能
- WriteFile(hFile, Buffer, sizeof(Buffer), &dwBytes, NULL);
- printf("WriteFile Result:%d dwBytes:%d Buffer:%s ErrCode:%08x\n", Result, dwBytes, Buffer, GetLastError());
- // 测试DeviceIoControl 功能
- char data[4] = { 0x78, 0x56, 0x34, 0x12 };
- printf("Data value: %p\n", *(int*)data);
- DeviceIoControl(hFile, IOCTL_READ_MEMORY, &data, sizeof(data),
- data, sizeof(data), &dwBytes, NULL);
- printf("DeviceIoControl Result:%d dwBytes:%d Data:%s ErrCode:%08x\n", Result, dwBytes, data, GetLastError());
- printf("Data newValue: %p\n", *(int*)data);
- // 关闭文件
- CloseHandle(hFile);
+ //// 测试WriteFile 功能
+ //WriteFile(hFile, Buffer, sizeof(Buffer), &dwBytes, NULL);
+ //printf("WriteFile Result:%d dwBytes:%d Buffer:%s ErrCode:%08x\n", Result, dwBytes, Buffer, GetLastError());
+
+
+ // 退出
+ gThreadFlags = false;
+ result = DeviceIoControl(hFile.get(), IOCTL_CLOSE_EVENT_OBJECT, NULL, 0, NULL, 0, &dwBytes, NULL);
+ gWorkThread.join();
+
return;
}
@@ -175,7 +199,6 @@ int main(int argc, char* argv[])
// TODO: 做一些事情
UseDriver();
-
if (UnLoadDriver(TEST_SERVICE_NAME) != 0) {
cerr << "[x] UnLoadDriver Faile! " << endl;
system("pause");
diff --git a/TestDrvice/TestDrvice.h b/TestDrvice/TestDrvice.h
new file mode 100644
index 0000000..1aac777
--- /dev/null
+++ b/TestDrvice/TestDrvice.h
@@ -0,0 +1,16 @@
+#pragma once
+#include
+#include
+#include
+#include "../KernelCommunication/ioctl.h"
+#include
+#include
+
+using unique_handle = std::unique_ptr<
+ std::remove_pointer_t, // 类型为 void
+ BOOL(WINAPI*)(HANDLE) // 函数指针类型
+>;
+
+unique_handle make_unique_handle(HANDLE h = INVALID_HANDLE_VALUE) {
+ return unique_handle(h, &CloseHandle);
+}
\ No newline at end of file
diff --git a/TestDrvice/TestDrvice.vcxproj b/TestDrvice/TestDrvice.vcxproj
index 34e3cc2..28fbca3 100644
--- a/TestDrvice/TestDrvice.vcxproj
+++ b/TestDrvice/TestDrvice.vcxproj
@@ -131,6 +131,9 @@
+
+
+
diff --git a/TestDrvice/TestDrvice.vcxproj.filters b/TestDrvice/TestDrvice.vcxproj.filters
index c622f24..a3400f0 100644
--- a/TestDrvice/TestDrvice.vcxproj.filters
+++ b/TestDrvice/TestDrvice.vcxproj.filters
@@ -19,4 +19,9 @@
源文件
+
+
+ 头文件
+
+
\ No newline at end of file