jiurldriver.cpp

关于win2000核心编程的文章

#include "JiurlDriver.h"

void DriverUnload(IN PDRIVER_OBJECT DriverObject);

NTSTATUS DriverDispatch (IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp);

BOOLEAN JiurlMmIsAddressValid (PVOID Va);

BOOLEAN JiurlMmIsBlockValid (PVOID StartVa,ULONG nBytes);

BOOLEAN JiurlReadMemory(
			PVOID  StartVa,
			ULONG  nBytes,
			PVOID  lpBuffer);

NTSTATUS 
DriverEntry(IN PDRIVER_OBJECT DriverObject,
			IN PUNICODE_STRING RegistryPath)
{
	DbgPrint("Hello, from DriverEntry\n");

	DriverObject->MajorFunction[IRP_MJ_CREATE]         =
	DriverObject->MajorFunction[IRP_MJ_CLOSE]          =
	DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DriverDispatch;

	DriverObject->DriverUnload=DriverUnload;

	/////////////////////////////////////////////////////

	NTSTATUS ret;

	PDEVICE_OBJECT deviceObject= NULL;

	WCHAR deviceNameBuffer[]= L"\\Device\\JiurlDriver";
	UNICODE_STRING deviceNameUnicodeString;
	RtlInitUnicodeString (&deviceNameUnicodeString, deviceNameBuffer);

	ret=IoCreateDevice(DriverObject,0,&deviceNameUnicodeString,
		FILE_DEVICE_UNKNOWN,0,FALSE,&deviceObject);


	WCHAR deviceLinkBuffer[]= L"\\??\\JiurlSymbolicLink";
	UNICODE_STRING deviceLinkUnicodeString;
	RtlInitUnicodeString (&deviceLinkUnicodeString, deviceLinkBuffer);

	ret=IoCreateSymbolicLink(&deviceLinkUnicodeString,
		&deviceNameUnicodeString);

	return STATUS_SUCCESS;
}

// -----------------------------------------------------------------

void DriverUnload(IN PDRIVER_OBJECT DriverObject)
{
	DbgPrint("Bye, from DriverUnload\n");

	WCHAR deviceLinkBuffer[]= L"\\??\\JiurlSymbolicLink";
	UNICODE_STRING deviceLinkUnicodeString;
	RtlInitUnicodeString (&deviceLinkUnicodeString, deviceLinkBuffer);

    IoDeleteSymbolicLink (&deviceLinkUnicodeString);
	IoDeleteDevice( DriverObject->DeviceObject );
}

// -----------------------------------------------------------------

NTSTATUS
DriverDispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
    PIO_STACK_LOCATION  irpStack;

    PVOID               ioBuffer;
    ULONG               inputBufferLength;
    ULONG               outputBufferLength;
    ULONG               ioControlCode;
    NTSTATUS            ntStatus;

    Irp->IoStatus.Status      = STATUS_SUCCESS;
    Irp->IoStatus.Information = 0;

    irpStack = IoGetCurrentIrpStackLocation (Irp);

    ioBuffer           = Irp->AssociatedIrp.SystemBuffer;
    inputBufferLength  = irpStack->Parameters.DeviceIoControl.InputBufferLength;
    outputBufferLength = irpStack->Parameters.DeviceIoControl.OutputBufferLength;

	int ret;

    switch (irpStack->MajorFunction)
    {
    case IRP_MJ_DEVICE_CONTROL:
		{
			DbgPrint("IRP_MJ_DEVICE_CONTROL\n");

			ioControlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;

			switch (ioControlCode)
			{
			case JIURL_MEM_OUTPUT:
				{
					DbgPrint("JIURL_MEM_OUTPUT\n");

					PMEMORY_INFO pMemInfo;
					pMemInfo=(PMEMORY_INFO)ioBuffer;

					PVOID StartVa=(PVOID)pMemInfo->StartVa;
					ULONG nBytes=pMemInfo->nBytes;

					ret=JiurlReadMemory(StartVa,nBytes,ioBuffer);
					if(ret==1)
					{
						DbgPrint("nBytes 0x%08x\n",nBytes);
						Irp->IoStatus.Information=nBytes;
					}
					
					break;
				}

			default:
				{
					DbgPrint("unknown IRP_MJ_DEVICE_CONTROL\n");
					Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;

					break;
				}
			}

			break;
		}

	case IRP_MJ_CREATE:
		{
			DbgPrint("DispatchCreate\n");
			break;
		}

	case IRP_MJ_CLOSE:
		{
			DbgPrint("DispatchClose\n");
			break;
		}
    }

    ntStatus = Irp->IoStatus.Status;
    IoCompleteRequest (Irp,IO_NO_INCREMENT);

    return ntStatus;
}

// -----------------------------------------------------------------

BOOLEAN JiurlMmIsAddressValid (PVOID Va)
{
	#define X86_PTE_ARRAY ((ULONG*)0xC0000000)
	#define X86_PDE_ARRAY ((ULONG*)0xC0300000)

	ULONG pde,pte;

	pde=X86_PDE_ARRAY [(ULONG)Va>>22];

	int ret=0;

	if(pde&0x1)
	{
		if(pde&0x80)
		{
			ret=1;
		}
		else
		{
			pte=X86_PTE_ARRAY [(ULONG)Va>>12];

			if(pte!=0)
			{
				ret =1;
			}
		}
	}

	return ret;
}

// -----------------------------------------------------------------

BOOLEAN JiurlMmIsBlockValid (PVOID StartVa,ULONG nBytes)
{
	PCHAR pData;
	ULONG nData;
		
	BOOLEAN ret;

	ret=TRUE;

	if(nBytes!=0)
	{
		pData=(char*)((unsigned int)StartVa & 0xFFFFF000);
		nData=(((nBytes+ (((unsigned int)StartVa)&0x00000FFF) -1)/PAGE_SIZE)+1)*PAGE_SIZE;

		do
		{
			ret=JiurlMmIsAddressValid(pData);

			nData -= PAGE_SIZE;

			pData += PAGE_SIZE;
		}
		while(ret && nData);
	}

	return ret;
}

// -----------------------------------------------------------------

BOOLEAN JiurlReadMemory(
			PVOID  StartVa,
			ULONG  nBytes,
			PVOID  lpBuffer)
{
	BOOLEAN ret;

	ret=JiurlMmIsBlockValid( StartVa, nBytes );

	if(ret==1) 
	{
		DbgPrint("Mem Valid\n");

		RtlCopyMemory (lpBuffer, StartVa, nBytes);
	}
	else 
	{
		DbgPrint("Mem Not Valid\n");
	}

	return ret;
}