asahi/KernelCommunication
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e3d29b1183
KernelCommunication/TestDrvice/TestDrvice.cpp

217 lines
6.6 KiB
C++
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#include "TestDrvice.h"
#define TEST_SERVICE_NAME "aaayhytestservice"
std::thread gWorkThread;
bool gThreadFlags = false;
void workThread(HANDLE eventHandle) {
while (gThreadFlags) {
WaitForSingleObject(eventHandle, INFINITE);
// TODO: 处理内核通知
printf("Kernel Event!\n");
ResetEvent(eventHandle); // 重置事件以便下次触发
}
// 退出线程时,关闭句柄
printf("Exit WorkThread! eventHandle: %08x", eventHandle);
if (eventHandle != NULL) { CloseHandle(eventHandle); }
return;
}
void ShowError(const char* szName) {
DWORD dwErrorCode = GetLastError();
LPVOID lpMsgBuf;
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
dwErrorCode,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR)&lpMsgBuf,
0,
NULL
);
printf("[%-15s] ErrorCode:%08x ErrorMsg:%s", szName, dwErrorCode, (char*)lpMsgBuf);
LocalFree(lpMsgBuf);
}
int LoadDriver(const char* szBinPath) {
using namespace std;
int Result = -1;
SC_HANDLE schSCManager = OpenSCManager(
NULL, // local computer
NULL, // ServicesActive database
SC_MANAGER_ALL_ACCESS); // full access rights
if (NULL == schSCManager) {
ShowError("OpenSCManager");
return Result;
}
cout << "[+] OpenSCManager Success!" << endl;
//创建服务
SC_HANDLE schService = CreateService(
schSCManager, // SCM database
TEST_SERVICE_NAME, // name of service
TEST_SERVICE_NAME, // service name to display
SERVICE_ALL_ACCESS, // desired access
SERVICE_KERNEL_DRIVER, // service type
SERVICE_DEMAND_START, // start type
SERVICE_ERROR_NORMAL, // error control type
szBinPath, // path to service's binary
NULL, // no load ordering group
NULL, // no tag identifier
NULL, // no dependencies
NULL, // LocalSystem account
NULL); // no password
if (schService == NULL) {
if (GetLastError() != ERROR_SERVICE_EXISTS) {
ShowError("CreateService");
CloseServiceHandle(schSCManager);
return Result;
}
schService = OpenService(schSCManager, TEST_SERVICE_NAME, SERVICE_ALL_ACCESS);
if (schService == NULL) {
ShowError("OpenService");
CloseServiceHandle(schSCManager);
return Result;
}
}
cout << "[+] CreateService Success!" << endl;
SERVICE_STATUS Status;
ControlService(schService, SERVICE_CONTROL_STOP, &Status);
//启动服务
if (!StartService(schService, NULL, NULL)) {
ShowError("StartService");
}
else {
cout << "[+] StartService Success!" << endl;
Result = 0;
}
CloseServiceHandle(schService);
CloseServiceHandle(schSCManager);
return Result;
}
// 停止并卸载服务
int UnLoadDriver(const char* szServiceName) {
int Result = -1;
SC_HANDLE schSCManager = OpenSCManager(
NULL, // local computer
NULL, // ServicesActive database
SC_MANAGER_ALL_ACCESS); // full access rights
if (NULL == schSCManager) {
ShowError("OpenSCManager");
return Result;
}
//打开服务
SC_HANDLE schService = OpenService(schSCManager, szServiceName, SERVICE_ALL_ACCESS);
if (schService == NULL) {
ShowError("OpenService");
CloseServiceHandle(schSCManager);
return Result;
}
//停止服务
SERVICE_STATUS Status;
ControlService(schService, SERVICE_CONTROL_STOP, &Status);
//删除服务
if (!DeleteService(schService)) {
ShowError("DeleteService");
}
else {
Result = 0;
}
CloseServiceHandle(schService);
CloseServiceHandle(schSCManager);
return Result;
}
void UseDriver() {
unique_handle hFile = make_unique_handle(CreateFileW(KERNEL_FILE_NAME,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0,
NULL));
printf("CreateFile hFile:%p ErrCode:%08x\n", hFile.get(), GetLastError());
DWORD dwBytes = 0;
// 1. 发送让驱动创建事件对象的消息
bool result = DeviceIoControl(hFile.get(), IOCTL_KERNEL_CREATE_EVENT_OBJECT, NULL, 0, NULL, 0, &dwBytes, NULL);
if (!result) {
printf("IOCTL_KERNEL_CREATE_EVENT_OBJECT False!\n");
return;
}
// 2. 打开内核驱动的命名同步对象
HANDLE eventHandle = OpenEventW(EVENT_ALL_ACCESS, FALSE, KERNEL_TO_USER_EVENT_NAME);
printf("eventHandle: %08x\n", eventHandle);
gWorkThread = std::thread([=] {
gThreadFlags = true;
workThread(eventHandle);
});
// 测试ReadFile 功能
char Buffer[MAXBYTE] = { 0 };
BOOL Result = ReadFile(hFile.get(), Buffer, 6, &dwBytes, NULL);
printf("ReadFile Result:%d dwBytes:%d Buffer:%s ErrCode:%08x\n", Result, dwBytes, Buffer, GetLastError());
//// 测试WriteFile 功能
//WriteFile(hFile, Buffer, sizeof(Buffer), &dwBytes, NULL);
//printf("WriteFile Result:%d dwBytes:%d Buffer:%s ErrCode:%08x\n", Result, dwBytes, Buffer, GetLastError());
// 退出
gThreadFlags = false;
result = DeviceIoControl(hFile.get(), IOCTL_CLOSE_EVENT_OBJECT, NULL, 0, NULL, 0, &dwBytes, NULL);
gWorkThread.join();
return;
}
int main(int argc, char* argv[])
{
using namespace std;
if (argc < 2) {
std::cerr << "Please drag the driver onto this program icon to test the installation!" << std::endl;
system("pause");
return -1;
}
const char* driverPath = argv[1];
cout << "[+] Loading the test driver" << driverPath << endl;
if (LoadDriver(driverPath) != 0) {
cerr << "[x] LoadDriver Error!" << endl;
system("pause");
return -1;
}
cout << "======== LoadDriver done! ===========" << endl;
// TODO: 做一些事情
UseDriver();
if (UnLoadDriver(TEST_SERVICE_NAME) != 0) {
cerr << "[x] UnLoadDriver Faile! " << endl;
system("pause");
return -1;
}
cout << "======== UnLoadDriver done! ===========" << endl;
cout << "======== Bye! ===========" << endl;
system("pause");
return 0;
}
//int main() {
// char data[] = { 0x12, 0x34, 0x56, 0x78 };
// printf("%p", *(int*)data);
//}
Reference in New Issue View Git Blame Copy Permalink