From e3d29b1183ae6182601f9d887bfa7162b738ac15 Mon Sep 17 00:00:00 2001 From: "381848900@qq.com" Date: Fri, 14 Mar 2025 00:11:07 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E5=A2=9E=E5=8A=A0=E4=BA=8B=E4=BB=B6?= =?UTF-8?q?=E9=80=9A=E4=BF=A1=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- KernelCommunication.sln | 2 +- .../KernelCommunication.vcxproj | 6 +- .../KernelCommunication.vcxproj.filters | 4 +- KernelCommunication/ioctl.h | 37 ++- KernelCommunication/kernel.cpp | 228 ++++++++++++++++++ KernelCommunication/{main.h => kernel.h} | 1 + KernelCommunication/main.cpp | 110 --------- TestDrvice/TestDrvice.cpp | 69 ++++-- TestDrvice/TestDrvice.h | 16 ++ TestDrvice/TestDrvice.vcxproj | 3 + TestDrvice/TestDrvice.vcxproj.filters | 5 + 11 files changed, 341 insertions(+), 140 deletions(-) create mode 100644 KernelCommunication/kernel.cpp rename KernelCommunication/{main.h => kernel.h} (90%) delete mode 100644 KernelCommunication/main.cpp create mode 100644 TestDrvice/TestDrvice.h diff --git a/KernelCommunication.sln b/KernelCommunication.sln index fee08ca..c758414 100644 --- a/KernelCommunication.sln +++ b/KernelCommunication.sln @@ -1,7 +1,7 @@  Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio Version 17 -VisualStudioVersion = 17.13.35825.156 d17.13 +VisualStudioVersion = 17.13.35825.156 MinimumVisualStudioVersion = 10.0.40219.1 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KernelCommunication", "KernelCommunication\KernelCommunication.vcxproj", "{B1740CFB-94A0-BAA6-1165-49A4F96703C3}" EndProject diff --git a/KernelCommunication/KernelCommunication.vcxproj b/KernelCommunication/KernelCommunication.vcxproj index 1f6e3cf..6f2a9e3 100644 --- a/KernelCommunication/KernelCommunication.vcxproj +++ b/KernelCommunication/KernelCommunication.vcxproj @@ -48,11 +48,11 @@ Windows10 true - WindowsKernelModeDriver10.0 Driver WDM Desktop Unicode + WindowsKernelModeDriver10.0 Windows10 @@ -132,11 +132,11 @@ - + - + diff --git a/KernelCommunication/KernelCommunication.vcxproj.filters b/KernelCommunication/KernelCommunication.vcxproj.filters index 19d6921..baba3a6 100644 --- a/KernelCommunication/KernelCommunication.vcxproj.filters +++ b/KernelCommunication/KernelCommunication.vcxproj.filters @@ -19,12 +19,12 @@ - + Source Files - + Header Files diff --git a/KernelCommunication/ioctl.h b/KernelCommunication/ioctl.h index c9f7bf1..76626a6 100644 --- a/KernelCommunication/ioctl.h +++ b/KernelCommunication/ioctl.h @@ -1,5 +1,40 @@ #pragma once #define MY_DRVICE_NAME L"YhyDrvice" +#define KERNEL_REG_DRVICE_NAME L"\\Device\\" MY_DRVICE_NAME #define SYMBOLIC_LINK L"\\??\\" MY_DRVICE_NAME +// 内核注册的同步事件对象 +#define NOTIFICATION_OBJECT_NAME L"\\BaseNamedObjects\\YhyDrvice" +#define KERNEL_TO_USER_EVENT_NAME L"Global\\YhyDrvice" +#define KERNEL_FILE_NAME L"\\\\.\\" MY_DRVICE_NAME -#define IOCTL_READ_MEMORY CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) \ No newline at end of file +#define DEFINE_IOCTL(function_code) \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800 + function_code, METHOD_BUFFERED, FILE_ANY_ACCESS) + +// 读取任意内存地址数据 +#define IOCTL_READ_MEMORY DEFINE_IOCTL(1) + +typedef struct ReadMemoryModel { + void* address; + int len; +} ReadMemoryModel; + +// 写入内存地址数据 +#define IOCTL_WRITE_MEMORY DEFINE_IOCTL(2) +typedef struct WriteMemoryModel { + void* address; // 目标地址 + int len; // 写入数据量 + char buffer[1]; // 缓冲区 +} WriteMemoryModel; + +// 枚举进程 +#define IOCTL_ENUMERATION_PROCESS DEFINE_IOCTL(3) + +typedef struct EnumerationProcessModel { + // TODO: ... +} EnumerationProcessModel; + +// 内核驱动创建命名的事件同步对象,用来让应用层接收事件 +#define IOCTL_KERNEL_CREATE_EVENT_OBJECT CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800 + 4, METHOD_NEITHER , FILE_ANY_ACCESS) + +// 通知内核驱动关闭命名的事件对象 +#define IOCTL_CLOSE_EVENT_OBJECT CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800 + 5, METHOD_NEITHER , FILE_ANY_ACCESS) \ No newline at end of file diff --git a/KernelCommunication/kernel.cpp b/KernelCommunication/kernel.cpp new file mode 100644 index 0000000..e637739 --- /dev/null +++ b/KernelCommunication/kernel.cpp @@ -0,0 +1,228 @@ +#include "kernel.h" + +// 接收三环传递来的通讯线程 +HANDLE gThreadHandle = NULL; +bool gWorkThreadFlags = false; +HANDLE gEventHandle = NULL; +PKEVENT gKernelEvent = NULL; + + +VOID onUnload(_In_ struct _DRIVER_OBJECT* DriverObject) { + UNREFERENCED_PARAMETER(DriverObject); + KdPrint(("[yhy]: %s", __FUNCTION__)); + + // 删除驱动符号链接 + UNICODE_STRING symLink; + RtlInitUnicodeString(&symLink, SYMBOLIC_LINK); + NTSTATUS status = IoDeleteSymbolicLink(&symLink); + if (!NT_SUCCESS(status)) { + KdPrint(("[yhy] [Error]: IoDeleteSymbolicLink Error! errorCode:%08x\n", status)); + return; + } + // 删除设备 + if (DriverObject->DeviceObject != NULL) { + IoDeleteDevice(DriverObject->DeviceObject); + } + KdPrint(("[yhy]: onUnload Success!\n")); + KdPrint(("[yhy]: Bye!\n")); +} + +NTSTATUS DispatchCreate(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) { + NTSTATUS status = STATUS_SUCCESS; + KdPrint(("[yhy]: %s\n", __FUNCTION__)); + IoCompleteRequest(Irp, IO_NO_INCREMENT); + UNREFERENCED_PARAMETER(DeviceObject); + return status; +} + +NTSTATUS DispatchClose(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) { + NTSTATUS status = STATUS_SUCCESS; + KdPrint(("[yhy]: %s\n", __FUNCTION__)); + IoCompleteRequest(Irp, IO_NO_INCREMENT); + UNREFERENCED_PARAMETER(DeviceObject); + Irp->IoStatus.Status = STATUS_SUCCESS; + Irp->IoStatus.Information = 0; + return status; +} + +NTSTATUS DispatchRead(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) { + UNREFERENCED_PARAMETER(DeviceObject); + NTSTATUS status = STATUS_SUCCESS; + KdPrint(("[yhy]: %s\n", __FUNCTION__)); + // 需要把数据写入缓冲区 + PIO_STACK_LOCATION pIrpStack = IoGetCurrentIrpStackLocation(Irp); + // 需要缓冲区地址+请求读写的长度 + const char* text = "hello world!"; + //PVOID pBuffer = Irp->AssociatedIrp.SystemBuffer; + PVOID pBuffer = MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority); + + ULONG nBufferSize = pIrpStack->Parameters.Read.Length; + // 拷贝字符串 + ULONG len = min(nBufferSize, (ULONG)strlen(text)); + + KdPrint(("[yhy]: DispatchRead() text: %s pBuffer:%p nBufferSize:%d len:%d", text, pBuffer, nBufferSize, len)); + + RtlCopyMemory(pBuffer, text, len); + + // 发送一个测试 + KeSetEvent(gKernelEvent, IO_NO_INCREMENT, FALSE); + + // 完成请求 + Irp->IoStatus.Status = STATUS_SUCCESS; + Irp->IoStatus.Information = len; + + + IoCompleteRequest(Irp, IO_NO_INCREMENT); + return status; +} +NTSTATUS DispatchWrite(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) { + NTSTATUS status = STATUS_SUCCESS; + KdPrint(("[yhy]: %s\n", __FUNCTION__)); + IoCompleteRequest(Irp, IO_NO_INCREMENT); + UNREFERENCED_PARAMETER(DeviceObject); + KdPrint(("[yhy]: DeviceObject->StackSize: %d\n", DeviceObject->StackSize)); + return status; +} + +NTSTATUS handleOnCtlReadMemory(PIO_STACK_LOCATION pIrpStack, _IRP* Irp) { + NTSTATUS status = STATUS_SUCCESS; + PVOID inBuffer = Irp->AssociatedIrp.SystemBuffer; + PVOID outBuffer = Irp->AssociatedIrp.SystemBuffer; + // 先解 + ReadMemoryModel* readModel = (ReadMemoryModel*)inBuffer; + ULONG bufferLen = max((ULONG)readModel->len, pIrpStack->Parameters.DeviceIoControl.OutputBufferLength); + // 读取目标内存 + KdPrint(("[yhy]: DispatchControl inBuffer:%p targetAddress:%p\n", inBuffer, readModel->address)); + RtlCopyMemory(outBuffer, readModel->address, bufferLen); + Irp->IoStatus.Status = STATUS_SUCCESS; + Irp->IoStatus.Information = bufferLen; + return status; +} + +NTSTATUS handleOnCtlWriteMemory(PIO_STACK_LOCATION pIrpStack, _IRP* Irp) { + NTSTATUS status = STATUS_SUCCESS; + PVOID inBuffer = Irp->AssociatedIrp.SystemBuffer; + //PVOID outBuffer = Irp->AssociatedIrp.SystemBuffer; + UNREFERENCED_PARAMETER(pIrpStack); + WriteMemoryModel* writeModel = (WriteMemoryModel*)inBuffer; + ULONG bufferLen = writeModel->len; + RtlCopyMemory(writeModel->address, writeModel->buffer, bufferLen); + Irp->IoStatus.Status = STATUS_SUCCESS; + Irp->IoStatus.Information = bufferLen; + return status; +} + +NTSTATUS handleOnCtlEnumProc(PIO_STACK_LOCATION pIrpStack, _IRP* Irp) { + NTSTATUS status = STATUS_SUCCESS; + // TODO... + UNREFERENCED_PARAMETER(pIrpStack); + UNREFERENCED_PARAMETER(Irp); + return status; +} + +/* +* 内核驱动创建一个命名的事件对象,用来主动向应用层进行通信 +*/ +NTSTATUS handleCreateNotificationEvent() { + NTSTATUS status = STATUS_SUCCESS; + UNICODE_STRING EventName = { 0 }; + RtlInitUnicodeString(&EventName, NOTIFICATION_OBJECT_NAME); + gKernelEvent = IoCreateNotificationEvent(&EventName, &gEventHandle); + KdPrint(("[yhy] createNotificationEvent! gKernelEvent: %p gEventHandle: %p\n", gKernelEvent, gEventHandle)); + if (gKernelEvent == NULL) { + KdPrint(("[yhy] createNotificationEvent Fail!\n")); + status = STATUS_UNSUCCESSFUL; + } + return status; +} + +NTSTATUS handleCloseNotificationEvent() { + KdPrint(("[yhy]: %s\n", __FUNCTION__)); + NTSTATUS status = STATUS_SUCCESS; + // 关闭事件对象 + // 唤醒事件 + KeSetEvent(gKernelEvent, IO_NO_INCREMENT, FALSE); + KdPrint(("[yhy] [Error]: NtClose! gEventHandle:%p\n", gEventHandle)); + status = NtClose(gEventHandle); + if (!NT_SUCCESS(status)) { + KdPrint(("[yhy] [Error]: NtClose Error! errorCode:%08x\n", status)); + } + return status; +} + +NTSTATUS DispatchControl(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) { + NTSTATUS status = STATUS_SUCCESS; + UNREFERENCED_PARAMETER(DeviceObject); + PIO_STACK_LOCATION pIrpStack = IoGetCurrentIrpStackLocation(Irp); + ULONG ControlCode = pIrpStack->Parameters.DeviceIoControl.IoControlCode; + + switch (ControlCode) { + case IOCTL_READ_MEMORY: { + status = handleOnCtlReadMemory(pIrpStack, Irp); + break; + } + case IOCTL_WRITE_MEMORY: { + status = handleOnCtlWriteMemory(pIrpStack, Irp); + break; + } + case IOCTL_ENUMERATION_PROCESS: { + status = handleOnCtlEnumProc(pIrpStack, Irp); + break; + } + case IOCTL_KERNEL_CREATE_EVENT_OBJECT: { + status = handleCreateNotificationEvent(); + break; + } + case IOCTL_CLOSE_EVENT_OBJECT: { + status = handleCloseNotificationEvent(); + break; + } + } + IoCompleteRequest(Irp, IO_NO_INCREMENT); + return status; +} + +NTSTATUS DriverEntry( + _In_ PDRIVER_OBJECT DriverObject, + _In_ PUNICODE_STRING RegistryPath +) +{ + UNREFERENCED_PARAMETER(RegistryPath); + // NTSTATUS variable to record success or failure + NTSTATUS status = STATUS_SUCCESS; + DriverObject->DriverUnload = onUnload; + // 1. 绑定IRP 处理Dispatch例程 + DriverObject->MajorFunction[IRP_MJ_CREATE] = DispatchCreate; + DriverObject->MajorFunction[IRP_MJ_CLOSE] = DispatchClose; + DriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead; + DriverObject->MajorFunction[IRP_MJ_WRITE] = DispatchWrite; + DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchControl; + + // 2. 创建设备对象 + UNICODE_STRING deviceName; + PDEVICE_OBJECT pDevice = NULL; + RtlInitUnicodeString(&deviceName, KERNEL_REG_DRVICE_NAME); + KdPrint(("[yhy] deviceName: %wZ", &deviceName)); + status = IoCreateDevice(DriverObject, 0, &deviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE /*非独占*/, + &pDevice); + if (!NT_SUCCESS(status)) { + KdPrint(("[yhy] DriverEntry IoCreateDevice ErrorCode:%08x\n", status)); + return status; + } + + // 使用缓冲区IO方式 + //pDevice->Flags |= DO_BUFFERED_IO; + pDevice->Flags |= DO_DIRECT_IO; + + // 3. 创建符号 + UNICODE_STRING symbolName; + RtlInitUnicodeString(&symbolName, SYMBOLIC_LINK); + status = IoCreateSymbolicLink(&symbolName, &deviceName); + if (!NT_SUCCESS(status)) { + KdPrint(("[yhy] DriverEntry IoCreateSymbolicLink ErrorCode:%08x\n", status)); + return status; + } + KdPrint(("[yhy] DriverEntry IoCreateSymbolicLink Success! symbolName is :%wZ", &symbolName)); + + return status; +} \ No newline at end of file diff --git a/KernelCommunication/main.h b/KernelCommunication/kernel.h similarity index 90% rename from KernelCommunication/main.h rename to KernelCommunication/kernel.h index d82598e..20bdd17 100644 --- a/KernelCommunication/main.h +++ b/KernelCommunication/kernel.h @@ -1,4 +1,5 @@ #pragma once +#include #include #include "ioctl.h" diff --git a/KernelCommunication/main.cpp b/KernelCommunication/main.cpp deleted file mode 100644 index b41f525..0000000 --- a/KernelCommunication/main.cpp +++ /dev/null @@ -1,110 +0,0 @@ -#include "main.h" - -VOID onUnload(_In_ struct _DRIVER_OBJECT* DriverObject) { - UNREFERENCED_PARAMETER(DriverObject); - KdPrint(("[yhy]: %s", __FUNCDNAME__)); - UNICODE_STRING symLink; - RtlInitUnicodeString(&symLink, SYMBOLIC_LINK); - NTSTATUS status = IoDeleteSymbolicLink(&symLink); // 删除符号链接 - if (!NT_SUCCESS(status)) { - KdPrint(("[yhy] [Error]: IoDeleteSymbolicLink Error! rrorCode:%08x\n", status)); - return; - } - // 删除设备 - if (DriverObject->DeviceObject != NULL) { - IoDeleteDevice(DriverObject->DeviceObject); - } - KdPrint(("[yhy]: onUnload Success!\n")); - KdPrint(("[yhy]: Bye!\n")); -} - -NTSTATUS DispatchCreate(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) { - NTSTATUS status = STATUS_SUCCESS; - KdPrint(("[yhy]: %s\n", __FUNCDNAME__)); - IoCompleteRequest(Irp, IO_NO_INCREMENT); - UNREFERENCED_PARAMETER(DeviceObject); - return status; -} - -NTSTATUS DispatchClose(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) { - NTSTATUS status = STATUS_SUCCESS; - KdPrint(("[yhy]: %s\n", __FUNCDNAME__)); - IoCompleteRequest(Irp, IO_NO_INCREMENT); - UNREFERENCED_PARAMETER(DeviceObject); - Irp->IoStatus.Status = STATUS_SUCCESS; - Irp->IoStatus.Information = 0; - return status; -} -NTSTATUS DispatchRead(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) { - NTSTATUS status = STATUS_SUCCESS; - KdPrint(("[yhy]: %s\n", __FUNCDNAME__)); - IoCompleteRequest(Irp, IO_NO_INCREMENT); - UNREFERENCED_PARAMETER(DeviceObject); - return status; -} -NTSTATUS DispatchWrite(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) { - NTSTATUS status = STATUS_SUCCESS; - KdPrint(("[yhy]: %s\n", __FUNCDNAME__)); - IoCompleteRequest(Irp, IO_NO_INCREMENT); - UNREFERENCED_PARAMETER(DeviceObject); - return status; -} - -NTSTATUS DispatchControl(_In_ struct _DEVICE_OBJECT* DeviceObject, _Inout_ struct _IRP* Irp) { - NTSTATUS status = STATUS_SUCCESS; - UNREFERENCED_PARAMETER(DeviceObject); - KdPrint(("[yhy]: %s\n", __FUNCDNAME__)); - PIO_STACK_LOCATION pIrpStack = IoGetCurrentIrpStackLocation(Irp); - if (pIrpStack->Parameters.DeviceIoControl.IoControlCode == IOCTL_READ_MEMORY) { - PVOID ioBuffer = Irp->AssociatedIrp.SystemBuffer; - //ULONG bufferLen = max(pIrpStack->Parameters.DeviceIoControl.InputBufferLength, pIrpStack->Parameters.DeviceIoControl.OutputBufferLength); - // 读取目标内存 - void* targetAddress = *(void**)ioBuffer; - KdPrint(("[yhy]: DispatchControl ioBuffer:%p targetAddress:%p\n", ioBuffer, targetAddress)); - int newValue = 0x12341234; - RtlCopyMemory(ioBuffer, &newValue, 4); - Irp->IoStatus.Status = STATUS_SUCCESS; - Irp->IoStatus.Information = 4; - } - IoCompleteRequest(Irp, IO_NO_INCREMENT); - return status; -} - -NTSTATUS DriverEntry( - _In_ PDRIVER_OBJECT DriverObject, - _In_ PUNICODE_STRING RegistryPath -) -{ - UNREFERENCED_PARAMETER(RegistryPath); - // NTSTATUS variable to record success or failure - NTSTATUS status = STATUS_SUCCESS; - DriverObject->DriverUnload = onUnload; - // 1. 绑定IRP 处理Dispatch例程 - DriverObject->MajorFunction[IRP_MJ_CREATE] = DispatchCreate; - DriverObject->MajorFunction[IRP_MJ_CLOSE] = DispatchClose; - DriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead; - DriverObject->MajorFunction[IRP_MJ_WRITE] = DispatchWrite; - DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchControl; - // 2. 创建设备对象 - UNICODE_STRING deviceName; - PDEVICE_OBJECT pDevice = NULL; - RtlInitUnicodeString(&deviceName, L"\\Device\\" MY_DRVICE_NAME); - KdPrint(("[yhy] deviceName: %wZ", &deviceName)); - status = IoCreateDevice(DriverObject, 0, &deviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE /*非独占*/, - &pDevice); - if (!NT_SUCCESS(status)) { - KdPrint(("[yhy] DriverEntry IoCreateDevice ErrorCode:%08x\n", status)); - return status; - } - // 3. 创建符号 - UNICODE_STRING symbolName; - // L"\\DosDevices\\MY_DRVICE_NAME" - RtlInitUnicodeString(&symbolName, SYMBOLIC_LINK); - status = IoCreateSymbolicLink(&symbolName, &deviceName); - if (!NT_SUCCESS(status)) { - KdPrint(("[yhy] DriverEntry IoCreateSymbolicLink ErrorCode:%08x\n", status)); - return status; - } - KdPrint(("[yhy] DriverEntry IoCreateSymbolicLink Success! symbolName is :%wZ", &symbolName)); - return status; -} \ No newline at end of file diff --git a/TestDrvice/TestDrvice.cpp b/TestDrvice/TestDrvice.cpp index 41ba918..f725a1e 100644 --- a/TestDrvice/TestDrvice.cpp +++ b/TestDrvice/TestDrvice.cpp @@ -1,11 +1,21 @@ -#include -#include -#include -#include "../KernelCommunication/ioctl.h" -#include +#include "TestDrvice.h" #define TEST_SERVICE_NAME "aaayhytestservice" +std::thread gWorkThread; +bool gThreadFlags = false; +void workThread(HANDLE eventHandle) { + while (gThreadFlags) { + WaitForSingleObject(eventHandle, INFINITE); + // TODO: 处理内核通知 + printf("Kernel Event!\n"); + ResetEvent(eventHandle); // 重置事件以便下次触发 + } + // 退出线程时,关闭句柄 + printf("Exit WorkThread! eventHandle: %08x", eventHandle); + if (eventHandle != NULL) { CloseHandle(eventHandle); } + return; +} void ShowError(const char* szName) { DWORD dwErrorCode = GetLastError(); @@ -126,32 +136,46 @@ int UnLoadDriver(const char* szServiceName) { void UseDriver() { - HANDLE hFile = CreateFileW(L"\\\\.\\" MY_DRVICE_NAME, + unique_handle hFile = make_unique_handle(CreateFileW(KERNEL_FILE_NAME, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, - NULL); - printf("CreateFile hFile:%p ErrCode:%08x\n", hFile, GetLastError()); + NULL)); + printf("CreateFile hFile:%p ErrCode:%08x\n", hFile.get(), GetLastError()); + DWORD dwBytes = 0; + // 1. 发送让驱动创建事件对象的消息 + bool result = DeviceIoControl(hFile.get(), IOCTL_KERNEL_CREATE_EVENT_OBJECT, NULL, 0, NULL, 0, &dwBytes, NULL); + if (!result) { + printf("IOCTL_KERNEL_CREATE_EVENT_OBJECT False!\n"); + return; + } + + // 2. 打开内核驱动的命名同步对象 + HANDLE eventHandle = OpenEventW(EVENT_ALL_ACCESS, FALSE, KERNEL_TO_USER_EVENT_NAME); + printf("eventHandle: %08x\n", eventHandle); + gWorkThread = std::thread([=] { + gThreadFlags = true; + workThread(eventHandle); + }); + + // 测试ReadFile 功能 char Buffer[MAXBYTE] = { 0 }; - DWORD dwBytes = 0; - BOOL Result = ReadFile(hFile, Buffer, sizeof(Buffer), &dwBytes, NULL); + BOOL Result = ReadFile(hFile.get(), Buffer, 6, &dwBytes, NULL); printf("ReadFile Result:%d dwBytes:%d Buffer:%s ErrCode:%08x\n", Result, dwBytes, Buffer, GetLastError()); - // 测试WriteFile 功能 - WriteFile(hFile, Buffer, sizeof(Buffer), &dwBytes, NULL); - printf("WriteFile Result:%d dwBytes:%d Buffer:%s ErrCode:%08x\n", Result, dwBytes, Buffer, GetLastError()); - // 测试DeviceIoControl 功能 - char data[4] = { 0x78, 0x56, 0x34, 0x12 }; - printf("Data value: %p\n", *(int*)data); - DeviceIoControl(hFile, IOCTL_READ_MEMORY, &data, sizeof(data), - data, sizeof(data), &dwBytes, NULL); - printf("DeviceIoControl Result:%d dwBytes:%d Data:%s ErrCode:%08x\n", Result, dwBytes, data, GetLastError()); - printf("Data newValue: %p\n", *(int*)data); - // 关闭文件 - CloseHandle(hFile); + //// 测试WriteFile 功能 + //WriteFile(hFile, Buffer, sizeof(Buffer), &dwBytes, NULL); + //printf("WriteFile Result:%d dwBytes:%d Buffer:%s ErrCode:%08x\n", Result, dwBytes, Buffer, GetLastError()); + + + // 退出 + gThreadFlags = false; + result = DeviceIoControl(hFile.get(), IOCTL_CLOSE_EVENT_OBJECT, NULL, 0, NULL, 0, &dwBytes, NULL); + gWorkThread.join(); + return; } @@ -175,7 +199,6 @@ int main(int argc, char* argv[]) // TODO: 做一些事情 UseDriver(); - if (UnLoadDriver(TEST_SERVICE_NAME) != 0) { cerr << "[x] UnLoadDriver Faile! " << endl; system("pause"); diff --git a/TestDrvice/TestDrvice.h b/TestDrvice/TestDrvice.h new file mode 100644 index 0000000..1aac777 --- /dev/null +++ b/TestDrvice/TestDrvice.h @@ -0,0 +1,16 @@ +#pragma once +#include +#include +#include +#include "../KernelCommunication/ioctl.h" +#include +#include + +using unique_handle = std::unique_ptr< + std::remove_pointer_t, // 类型为 void + BOOL(WINAPI*)(HANDLE) // 函数指针类型 +>; + +unique_handle make_unique_handle(HANDLE h = INVALID_HANDLE_VALUE) { + return unique_handle(h, &CloseHandle); +} \ No newline at end of file diff --git a/TestDrvice/TestDrvice.vcxproj b/TestDrvice/TestDrvice.vcxproj index 34e3cc2..28fbca3 100644 --- a/TestDrvice/TestDrvice.vcxproj +++ b/TestDrvice/TestDrvice.vcxproj @@ -131,6 +131,9 @@ + + + diff --git a/TestDrvice/TestDrvice.vcxproj.filters b/TestDrvice/TestDrvice.vcxproj.filters index c622f24..a3400f0 100644 --- a/TestDrvice/TestDrvice.vcxproj.filters +++ b/TestDrvice/TestDrvice.vcxproj.filters @@ -19,4 +19,9 @@ 源文件 + + + 头文件 + + \ No newline at end of file