頭文件 Instdrv.h

#ifndef _INSTDRV_H_ #define _INSTDRV_H_BOOL LoadDeviceDriver( IN const TCHAR * Name, IN const TCHAR * Path, OUT HANDLE * lphDevice, OUT PDWORD Error );BOOL UnloadDeviceDriver( IN const TCHAR * Name);BOOL LoadNTDriver(PWCHAR lpszDriverName, PWCHAR lpszDriverPath, BOOL bForceReload);BOOL UnloadNTDriver(PWCHAR wszSvrName);#endif // _INSTDRV_H_

源文件 Instdrv.cpp

/****************************************************************************** * * FileMon - File System Monitor for Windows NT/9x * * Copyright (c) 1996 Mark Russinovich and Bryce Cogswell * * See readme.txt for terms and conditions. * * PROGRAM: Instdrv.c * * PURPOSE: Loads and unloads the Filemon device driver. This code * is taken from the instdrv example in the NT DDK. * ******************************************************************************/#include <windows.h>#include <stdlib.h>#include <string.h>//#include "..\CommonHelper\helper.h"/**************************************************************************** * * FUNCTION: InstallDriver( IN SC_HANDLE, IN LPCTSTR, IN LPCTSTR) * * PURPOSE: Creates a driver service. * ****************************************************************************/ BOOL InstallDriver(IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName, IN LPCTSTR ServiceExe) {SC_HANDLE schService;//// NOTE: This creates an entry for a standalone driver. If this// is modified for use with a driver that requires a Tag,// Group, and/or Dependencies, it may be necessary to// query the registry for existing driver information// (in order to determine a unique Tag, etc.).//schService = CreateService( SchSCManager, // SCManager databaseDriverName, // name of serviceDriverName, // name to displaySERVICE_ALL_ACCESS, // desired accessSERVICE_KERNEL_DRIVER, // service typeSERVICE_AUTO_START, // start typeSERVICE_ERROR_NORMAL, // error control typeServiceExe, // service's binaryNULL, // no load ordering groupNULL, // no tag identifierNULL, // no dependenciesNULL, // LocalSystem accountNULL // no password);if (schService == NULL)return FALSE;CloseServiceHandle(schService);return TRUE; }/**************************************************************************** * * FUNCTION: StartDriver( IN SC_HANDLE, IN LPCTSTR) * * PURPOSE: Starts the driver service. * ****************************************************************************/ BOOL StartDriver(IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName) {SC_HANDLE schService;BOOL ret;schService = OpenService( SchSCManager,DriverName,SERVICE_ALL_ACCESS);if (schService == NULL)return FALSE;ret = StartService(schService, 0, NULL)|| GetLastError() == ERROR_SERVICE_ALREADY_RUNNING || GetLastError() == ERROR_SERVICE_DISABLED;CloseServiceHandle(schService);return ret; }/**************************************************************************** * * FUNCTION: OpenDevice( IN LPCTSTR, HANDLE *) * * PURPOSE: Opens the device and returns a handle if desired. * ****************************************************************************/ BOOL OpenDevice( IN LPCTSTR DriverName, OUT HANDLE * lphDevice ) {TCHAR completeDeviceName[64];HANDLE hDevice;//// Create a \\.\XXX device name that CreateFile can use//// NOTE: We're making an assumption here that the driver// has created a symbolic link using it's own name// (i.e. if the driver has the name "XXX" we assume// that it used IoCreateSymbolicLink to create a// symbolic link "\DosDevices\XXX". Usually, there// is this understanding between related apps/drivers.//// An application might also peruse the DEVICEMAP// section of the registry, or use the QueryDosDevice// API to enumerate the existing symbolic links in the// system.//if((GetVersion() & 0xFF) >= 5) {//// We reference the global name so that the application can// be executed in Terminal Services sessions on Win2K//wsprintf(completeDeviceName, TEXT("\\\\.\\Global\\%s"), DriverName);} else {wsprintf(completeDeviceName, TEXT("\\\\.\\%s"), DriverName);}hDevice = CreateFile( completeDeviceName,GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);if (hDevice == ((HANDLE)-1))return FALSE;// If user wants handle, give it to them. Otherwise, just close it.if (lphDevice)*lphDevice = hDevice;elseCloseHandle(hDevice);return TRUE; }/**************************************************************************** * * FUNCTION: StopDriver( IN SC_HANDLE, IN LPCTSTR) * * PURPOSE: Has the configuration manager stop the driver (unload it) * ****************************************************************************/ BOOL StopDriver(IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName) {SC_HANDLE schService;BOOL ret;SERVICE_STATUS serviceStatus;schService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS);if (schService == NULL)return FALSE;ret = ControlService(schService, SERVICE_CONTROL_STOP, &serviceStatus);CloseServiceHandle(schService);return ret; }/**************************************************************************** * * FUNCTION: RemoveDriver( IN SC_HANDLE, IN LPCTSTR) * * PURPOSE: Deletes the driver service. * ****************************************************************************/ BOOL RemoveDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName ) {SC_HANDLE schService;BOOL ret;schService = OpenService( SchSCManager,DriverName,SERVICE_ALL_ACCESS);if (schService == NULL){return FALSE;}ret = DeleteService(schService);CloseServiceHandle(schService);return ret; }/**************************************************************************** * * FUNCTION: UnloadDeviceDriver( const TCHAR *) * * PURPOSE: Stops the driver and has the configuration manager unload it. * ****************************************************************************/ BOOL UnloadDeviceDriver( IN const TCHAR * Name) {BOOL bRet = FALSE;SC_HANDLE schSCManager = NULL;do {schSCManager = OpenSCManager( NULL, // machine (NULL == local)NULL, // database (NULL == default)SC_MANAGER_ALL_ACCESS // access required);if (schSCManager == NULL){break;}bRet = StopDriver(schSCManager, Name);if (!bRet){break;}bRet = RemoveDriver(schSCManager, Name);} while(FALSE);if (schSCManager){CloseServiceHandle(schSCManager);}return bRet; }/**************************************************************************** * * FUNCTION: LoadDeviceDriver( const TCHAR, const TCHAR, HANDLE *) * * PURPOSE: Registers a driver with the system configuration manager * and then loads it. * ****************************************************************************/ BOOL LoadDeviceDriver( IN const TCHAR * Name, IN const TCHAR * Path, OUT HANDLE * lphDevice, OUT PDWORD Error ) {SC_HANDLE schSCManager;BOOL okay;schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);// Remove previous instanceRemoveDriver(schSCManager, Name);// Ignore success of installation: it may already be installed.okay = InstallDriver(schSCManager, Name, Path);if (!okay){RemoveDriver(schSCManager, Name);*Error = GetLastError();return okay;}// Ignore success of start: it may already be started.okay = StartDriver(schSCManager, Name);if (!okay){RemoveDriver(schSCManager, Name);*Error = GetLastError();return okay;}// Do make sure we can open it.okay = OpenDevice(Name, lphDevice);if (!okay){BOOL bStop = FALSE;bStop = StopDriver(schSCManager, Name);if (!bStop){return okay;}RemoveDriver(schSCManager, Name);*Error = GetLastError();return okay;}CloseServiceHandle(schSCManager);return okay; }//卸載驅(qū)動程序 BOOL UnloadNTDriver(PWCHAR wszSvrName) {BOOL bRet = FALSE;SC_HANDLE hServiceMgr = NULL;//SCM管理器的句柄SC_HANDLE hServiceDDK = NULL;//NT驅(qū)動程序的服務句柄SERVICE_STATUS SvrStatus;//打開SCM管理器hServiceMgr = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);if(NULL == hServiceMgr){//打開SCM管理器失敗bRet = FALSE;goto BeforeLeave;}//打開驅(qū)動所對應的服務hServiceDDK = OpenServiceW(hServiceMgr, wszSvrName, SERVICE_ALL_ACCESS);if(NULL == hServiceDDK){//打開驅(qū)動所對應的服務失敗bRet = FALSE;goto BeforeLeave;}//停止驅(qū)動程序，如果停止失敗，只有重新啟動才能，再動態(tài)加載。 ControlService(hServiceDDK, SERVICE_CONTROL_STOP , &SvrStatus);//動態(tài)卸載驅(qū)動程序。 DeleteService(hServiceDDK);bRet = TRUE;BeforeLeave://離開前關閉打開的句柄if(hServiceDDK){CloseServiceHandle(hServiceDDK);}if(hServiceMgr){CloseServiceHandle(hServiceMgr);}return bRet; }//加載驅(qū)動程序 BOOL LoadNTDriver(PWCHAR lpszDriverName, PWCHAR lpszDriverPath, BOOL bForceReload) {WCHAR szDriverImagePath[MAX_PATH] = {0};DWORD dwRtn = 0;//得到完整的驅(qū)動路徑, 該調(diào)用可以確定lpszDriverPath中的文件確實已經(jīng)存在了GetFullPathNameW(lpszDriverPath, MAX_PATH, szDriverImagePath, NULL);BOOL bRet = FALSE;SC_HANDLE hServiceMgr = NULL;//SCM管理器的句柄SC_HANDLE hServiceDDK = NULL;//NT驅(qū)動程序的服務句柄//如果強制重新加載, 先卸載刪除服務, 再重新加載if (bForceReload){UnloadNTDriver(lpszDriverName);}//打開服務控制管理器hServiceMgr = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);if(NULL == hServiceMgr) {//OpenSCManager失敗bRet = FALSE;goto BeforeLeave;}//創(chuàng)建驅(qū)動所對應的服務hServiceDDK = CreateServiceW(hServiceMgr,lpszDriverName, //驅(qū)動程序的在注冊表中的名字lpszDriverName, // 注冊表驅(qū)動程序的 DisplayName 值SERVICE_ALL_ACCESS, // 加載驅(qū)動程序的訪問權(quán)限SERVICE_KERNEL_DRIVER, // 表示加載的服務是驅(qū)動程序SERVICE_DEMAND_START, // 注冊表驅(qū)動程序的 Start 值SERVICE_ERROR_IGNORE, // 注冊表驅(qū)動程序的 ErrorControl 值szDriverImagePath, // 注冊表驅(qū)動程序的 ImagePath 值NULL, NULL, NULL, NULL, NULL); //判斷服務是否失敗if(NULL == hServiceDDK){dwRtn = GetLastError();if(ERROR_IO_PENDING != dwRtn && ERROR_SERVICE_EXISTS != dwRtn){//由于其他原因創(chuàng)建服務失敗bRet = FALSE;goto BeforeLeave;}// 驅(qū)動程序已經(jīng)加載，只需要打開 hServiceDDK = OpenServiceW(hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS);if(NULL == hServiceDDK){//如果打開服務也失敗，則意味錯誤dwRtn = GetLastError();bRet = FALSE;goto BeforeLeave;}}//開啟此項服務bRet= StartServiceW(hServiceDDK, NULL, NULL);if(!bRet){DWORD dwRtn = GetLastError();if(ERROR_IO_PENDING != dwRtn && ERROR_SERVICE_ALREADY_RUNNING != dwRtn){ //DBG_TRACE_PRINT(TRACE_CHECK, ("%s StartService failed Error: %x.\n", __FUNCTION__, dwRtn));bRet = FALSE;goto BeforeLeave;} else { if(ERROR_IO_PENDING == dwRtn) { // DBG_TRACE_PRINT(TRACE_CHECK, ("%s StartService failed Error: %x.\n", __FUNCTION__, dwRtn));//設備被掛住bRet = FALSE;goto BeforeLeave;} else { // DBG_TRACE_PRINT(TRACE_CHECK, ("%s StartService succeed.\n", __FUNCTION__));//服務已經(jīng)開啟bRet = TRUE;goto BeforeLeave;} } }bRet = TRUE;//離開前關閉句柄 BeforeLeave:if(hServiceDDK){CloseServiceHandle(hServiceDDK);}if(hServiceMgr){CloseServiceHandle(hServiceMgr);}//DBG_TRACE_PRINT(TRACE_CHECK, ("%s leave.\n", __FUNCTION__));return bRet; }

總結(jié)

以上是生活随笔為你收集整理的Ring3加载驱动源码的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。