FSD键盘钩子框架参考爱写驱动的女装大佬
生活随笔
收集整理的這篇文章主要介紹了
FSD键盘钩子框架参考爱写驱动的女装大佬
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
環(huán)境:vs2013+wdk8.1
#include <ntddk.h>extern POBJECT_TYPE *IoDriverObjectType; PDRIVER_OBJECT kbdriver = NULL; typedef NTSTATUS(*pBeforeRead)(PDEVICE_OBJECT pDevice, PIRP pIrp);pBeforeRead BeforeRead = NULL;NTSTATUS ObReferenceObjectByName( __in PUNICODE_STRING ObjectName, __in ULONG Attributes, __in_opt PACCESS_STATE AccessState, __in_opt ACCESS_MASK DesiredAccess, __in POBJECT_TYPE ObjectType, __in KPROCESSOR_MODE AccessMode, __inout_opt PVOID ParseContext, __out PVOID *Object );NTSTATUS Unload(PDRIVER_OBJECT driver) {DbgPrint("Unload me");return STATUS_SUCCESS; }NTSTATUS MyRead(PDEVICE_OBJECT pDevice, PIRP pIrp) {DbgPrint("====Read====");/*do something you like*/return BeforeRead(pDevice, pIrp); } NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING regpath) {UNICODE_STRING kbdname = RTL_CONSTANT_STRING(L"\\Driver\\Kbdclass");NTSTATUS status = ObReferenceObjectByName(&kbdname, OBJ_CASE_INSENSITIVE, NULL, 0, *IoDriverObjectType, KernelMode, NULL, &kbdriver);if (!NT_SUCCESS(status)){DbgPrint("Open Kbdclass Failed");return STATUS_SUCCESS;}else{ObDereferenceObject(kbdriver);}BeforeRead = kbdriver->MajorFunction[IRP_MJ_READ];kbdriver->MajorFunction[IRP_MJ_READ] = MyRead;return STATUS_SUCCESS; }總結(jié)
以上是生活随笔為你收集整理的FSD键盘钩子框架参考爱写驱动的女装大佬的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 驱动层和r3程序通讯的列子参考爱写驱动的
- 下一篇: 内核线程创建列子