當(dāng)前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

Visual Studio 2013开发 mini-filter driver step by step (2) - 编译，部署，运行

發(fā)布時(shí)間：2025/3/21 编程问答 20 豆豆

生活随笔收集整理的這篇文章主要介紹了 Visual Studio 2013开发 mini-filter driver step by step (2) - 编译，部署，运行小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.

編譯driver

一個(gè)基本的mini filter項(xiàng)目創(chuàng)建好了以后，就可以編譯，部署和運(yùn)行了，在部署之前，我們要先確定在什么樣的系統(tǒng)上運(yùn)行，我有一臺windows 2008 r2擬機(jī)，所以我的運(yùn)行的目標(biāo)系統(tǒng)就是windows 2008 r2。

這個(gè)工程默認(rèn)已經(jīng)配置了好幾個(gè)build選項(xiàng)，注意的是，選擇的配置選項(xiàng)一定要與目標(biāo)機(jī)器匹配，否則，不能在目標(biāo)機(jī)器上正常運(yùn)行，由于我的目標(biāo)機(jī)器是windows 2008 r2，所以我選擇“Win7 Debug-X64”配置選項(xiàng)。

直接build，由于我們還沒有寫任何自己的代碼，所以build沒有任何問題，我的項(xiàng)目的名稱叫SSMF，所以在Win7Debug目錄下面生成了SSMF.sys和SSMF.inf文件，SSMF.inf文件我們要必須進(jìn)行修改才能使用，修改后的結(jié)果如下：

————————————————————————————————————————————————————————————————————————————————————

;;;
;;; SSMF
;;;

[Version]
Signature?? = "$Windows NT$"
; TODO - Change the Class and ClassGuid to match the Load Order Group value, see http://msdn.microsoft.com/en-us/windows/hardware/gg462963
Class?????? = "ActivityMonitor"???????????????????????? ;This is determined by the work this filter driver does
ClassGuid?? = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}??? ;This value is determined by the Load Order Group value
Provider??? = %ManufacturerName%
DriverVer=08/10/2014,15.12.25.950
CatalogFile = SSMF.cat

[DestinationDirs]
DefaultDestDir????????? = 12
SSMF.DriverFiles? = 12??????????? ;%windir%\system32\drivers

;;
;; Default install sections
;;

[DefaultInstall]
OptionDesc????????? = %ServiceDescription%
CopyFiles?????????? = SSMF.DriverFiles

[DefaultInstall.Services]
AddService????????? = %ServiceName%,,SSMF.Service

;;
;; Default uninstall sections
;;

[DefaultUninstall]
DelFiles?? = SSMF.DriverFiles

[DefaultUninstall.Services]
DelService = %ServiceName%,0x200????? ;Ensure service is stopped before deleting

;
; Services Section
;

[SSMF.Service]
DisplayName????? = %ServiceName%
Description????? = %ServiceDescription%
ServiceBinary??? = %12%\%DriverName%.sys??????? ;%windir%\system32\drivers\
Dependencies???? = "FltMgr"
ServiceType????? = 2??????????????????????????? ;SERVICE_FILE_SYSTEM_DRIVER
StartType??????? = 3??????????????????????????? ;SERVICE_DEMAND_START
ErrorControl???? = 1??????????????????????????? ;SERVICE_ERROR_NORMAL
; TODO - Change the Load Order Group value, see http://connect.microsoft.com/site221/content/content.aspx?ContentID=2512
LoadOrderGroup = "FSFilter Activity Monitor"
;LoadOrderGroup = "_TODO_Change_LoadOrderGroup_appropriately_"
AddReg?????????? = SSMF.AddRegistry

;
; Registry Modifications
;

[SSMF.AddRegistry]
HKR,,"DebugFlags",0x00010001 ,0x0
HKR,,"SupportedFeatures",0x00010001,0x3
HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%

;
; Copy Files
;

[SSMF.DriverFiles]
%DriverName%.sys

[SourceDisksFiles]
SSMF.sys = 1,,

[SourceDisksNames]
1 = %DiskId1%,,,

;;
;; String Section
;;

[Strings]
; TODO - Add your manufacturer
ManufacturerName??????? = "Template"
ServiceDescription????? = "SSMF Mini-Filter Driver"
ServiceName???????????? = "SSMF"
DriverName????????????? = "SSMF"
DiskId1???????????????? = "SSMF Device Installation Disk"

;Instances specific information.
DefaultInstance???????? = "SSMF Instance"
Instance1.Name????????? = "SSMF Instance"
; TODO - Change the altitude value, see http://connect.microsoft.com/site221/content/content.aspx?ContentID=2512
Instance1.Altitude????? = "370030"
;Instance.Altitude?????? = "_TODO_Change_Altitude_appropriately_"
Instance1.Flags???????? = 0x0????????????? ; Allow all attachments

————————————————————————————————————————————————————————————————————————————————

具體的每一項(xiàng)的含義可以查看相關(guān)的文檔和msdn等。

部署driver

將SSMF.sys和SSMF.inf拷貝到目標(biāo)系統(tǒng)，在SSMF.inf文件上點(diǎn)擊右鍵菜單，選擇“Install”，就將SSMF driver部署到了系統(tǒng)中。

如果要卸載driver，可以用下面的這個(gè)命令：

RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultUninstall 132 c:\ssmf\ssmf.inf

啟動driver

檢驗(yàn)SSMF驅(qū)動是否安裝成功，在命令行里面執(zhí)行下面的命令：

sc start ssmf

看一下啟動的狀態(tài)會發(fā)現(xiàn)時(shí)running，就表示已經(jīng)啟動成功了，如下所示：

C:\Users\Administrator>sc start ssmf

SERVICE_NAME: ssmf
??????? TYPE?????????????? : 2? FILE_SYSTEM_DRIVER
??????? STATE????????????? : 4? RUNNING
??????????????????????????????? (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
??????? WIN32_EXIT_CODE??? : 0? (0x0)
??????? SERVICE_EXIT_CODE? : 0? (0x0)
??????? CHECKPOINT???????? : 0x0
??????? WAIT_HINT????????? : 0x0
??????? PID??????????????? : 0
??????? FLAGS????????????? :

也可以通過命令 fltmc instances去查看里面是否有SSMF。

停止driver

可以執(zhí)行sc stop ssmf

其他注意事項(xiàng)

1.如果選擇的配置選項(xiàng)與對應(yīng)的目標(biāo)機(jī)器不匹配，driver將不能正確啟動，可能會出現(xiàn)如下的這個(gè)錯(cuò)誤：

C:\Users\Administrator>sc start ssmf
[SC] StartService FAILED 1275:

This driver has been blocked from loading

也有可能是編譯的32位driver放到了64位系統(tǒng)上運(yùn)行的結(jié)果。

2.由于是我們自己編寫的driver，還沒有進(jìn)行簽名，所以在windows 2008 等系統(tǒng)上不能直接啟動，所以，要在系統(tǒng)啟動的時(shí)候按F8，選擇“ Dlsable Driver Signature Enforcement ”。

總結(jié)

以上是生活随笔為你收集整理的Visual Studio 2013开发 mini-filter driver step by step (2) - 编译，部署，运行的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。

上一篇： Visual Studio 2013开发
下一篇： Visual Studio 2013开发