callmsgring0.c

在Ring0层中调用Ring3层的功能 需要安装DDK

    Irp->IoStatus.Information = 0;
    Irp->IoStatus.Status = status;
    IoCompleteRequest(Irp, IO_NO_INCREMENT);

    CallMsgRing0DebugPrint(DBG_CREATECLOSE, DBG_TRACE, __FUNCTION__"--. IRP %p, STATUS %x", Irp, status);

    return status;
}

///////////////////////////////////////////////////////////////////////////////////////////////////
//  CallMsgRing0CloseDispatch
//      Dispatch routine for IRP_MJ_CLOSE requests.
//
//  Arguments:
//      IN  DeviceObject
//              pointer to the device object for our device
//
//      IN  Irp
//              the close IRP
//
//  Return Value:
//      NT status code.
//
NTSTATUS CallMsgRing0CloseDispatch(
    IN  PDEVICE_OBJECT  DeviceObject,
    IN  PIRP            Irp
    )
{
    PCALLMSGRING0_DEVICE_EXTENSION    deviceExtension;
    NTSTATUS                        status;

    CallMsgRing0DebugPrint(DBG_CREATECLOSE, DBG_TRACE, __FUNCTION__"++. IRP %p", Irp);

    deviceExtension = (PCALLMSGRING0_DEVICE_EXTENSION)DeviceObject->DeviceExtension;

    status = STATUS_SUCCESS;

    Irp->IoStatus.Information = 0;
    Irp->IoStatus.Status = status;
    IoCompleteRequest (Irp, IO_NO_INCREMENT);

    InterlockedDecrement(&deviceExtension->OpenHandleCount);

    CallMsgRing0DebugPrint(DBG_CREATECLOSE, DBG_TRACE, __FUNCTION__"--. IRP %p, STATUS %x", Irp, status);

    return status;
}

///////////////////////////////////////////////////////////////////////////////////////////////////
//  CallMsgRing0CleanupDispatch
//      Dispatch routine for IRP_MJ_CLEANUP requests.
//
//  Arguments:
//      IN  DeviceObject
//              pointer to the device object for our device
//
//      IN  Irp
//              the create IRP
//
//  Return Value:
//      NT status code.
//
NTSTATUS CallMsgRing0CleanupDispatch(
    IN  PDEVICE_OBJECT  DeviceObject,
    IN  PIRP            Irp
    )
{
    PCALLMSGRING0_DEVICE_EXTENSION    deviceExtension;
    NTSTATUS                status;
    PIO_STACK_LOCATION      irpStack;

    CallMsgRing0DebugPrint(DBG_CREATECLOSE, DBG_TRACE, __FUNCTION__"++. IRP %p", Irp);

    deviceExtension = (PCALLMSGRING0_DEVICE_EXTENSION)DeviceObject->DeviceExtension;

    irpStack = IoGetCurrentIrpStackLocation(Irp);
    CallMsgRing0FlushQueues(deviceExtension, irpStack->FileObject);

    status = STATUS_SUCCESS;

    Irp->IoStatus.Information = 0;
    Irp->IoStatus.Status = status;
    IoCompleteRequest(Irp, IO_NO_INCREMENT);

    CallMsgRing0DebugPrint(DBG_CREATECLOSE, DBG_TRACE, __FUNCTION__"--. IRP %p STATUS %x", Irp, status);

    return status;
}

///////////////////////////////////////////////////////////////////////////////////////////////////
//  CallMsgRing0Unload
//      Driver unload callback.
//
//  Arguments:
//      IN  DriverObject
//              pointer to the driver object
//
//  Return Value:
//      none
//
VOID CallMsgRing0Unload(
    IN  PDRIVER_OBJECT  DriverObject
    )
{
    UNICODE_STRING  win32Name;

    CallMsgRing0DebugPrint(DBG_UNLOAD, DBG_TRACE, __FUNCTION__"++");

    RtlInitUnicodeString(&win32Name, L"\\??\\CallMsgRing0Device");
    IoDeleteSymbolicLink(&win32Name);

    IoUnregisterShutdownNotification(DriverObject->DeviceObject);

    IoDeleteDevice(DriverObject->DeviceObject);

    // The device object(s) should be NULL now
    // (since we unload, all the devices objects associated with this
    // driver must be deleted.
    ASSERT(DriverObject->DeviceObject == NULL);

    // We should not be unloaded until all the devices we control
    // have been removed from our queue.

    // release memory block allocated for registry path
    if (g_Data.RegistryPath.Buffer != NULL)
    {
        ExFreePool(g_Data.RegistryPath.Buffer);
        g_Data.RegistryPath.Buffer = NULL;
    }

    CallMsgRing0DebugPrint(DBG_UNLOAD, DBG_TRACE, __FUNCTION__"--");

#ifdef CALLMSGRING0_WMI_TRACE
    WPP_CLEANUP(DriverObject);
#endif

    return;
}

///////////////////////////////////////////////////////////////////////////////////////////////////
//  CallMsgRing0DeviceIoControlDispatch
//      Dispatch routine for IRP_MJ_DEVICE_CONTROL requests.
//
//  Arguments:
//      IN  DeviceObject
//              pointer to the device object for our device
//
//      IN  Irp
//              the device i/o control IRP
//
//  Return Value:
//      NT status code.
//
NTSTATUS CallMsgRing0DeviceIoControlDispatch(
    IN  PDEVICE_OBJECT  DeviceObject,
    IN  PIRP            Irp
    )
{
    PIO_STACK_LOCATION              irpStack;
    NTSTATUS                        status;
    PCALLMSGRING0_DEVICE_EXTENSION    deviceExtension;
    PVOID                           inputBuffer;
    ULONG                           inputLength;
    PVOID                           outputBuffer;
    ULONG                           outputLength;
    
	PVOID addr,stack;

    CallMsgRing0DebugPrint(DBG_IO, DBG_TRACE, __FUNCTION__"++. IRP %p", Irp);

    deviceExtension = (PCALLMSGRING0_DEVICE_EXTENSION)DeviceObject->DeviceExtension;

    // Get our IRP stack location
    irpStack = IoGetCurrentIrpStackLocation(Irp);

    // Get the buffer lengths
    inputLength = irpStack->Parameters.DeviceIoControl.InputBufferLength;
    outputLength = irpStack->Parameters.DeviceIoControl.OutputBufferLength;

    switch (irpStack->Parameters.DeviceIoControl.IoControlCode) 
    {

	case IOCTL_CALL_RING3:
		CallMsgRing0DebugPrint(DBG_IO, DBG_INFO, __FUNCTION__": IOCTL_CALL_RING3");

		// buffered ioctl
		inputBuffer = Irp->AssociatedIrp.SystemBuffer;
		outputBuffer = Irp->AssociatedIrp.SystemBuffer;

		addr = *(PVOID*)(inputBuffer); //ring3函数地址
		stack = *((PVOID*)(inputBuffer)+1);//ring3栈地址
		cfunc(addr,stack);


		status = STATUS_SUCCESS;
		Irp->IoStatus.Information = 0;
		Irp->IoStatus.Status = status;
		IoCompleteRequest (Irp, IO_NO_INCREMENT);

		break;

    default:
        status = STATUS_INVALID_DEVICE_REQUEST;
        Irp->IoStatus.Status = status;
        IoCompleteRequest (Irp, IO_NO_INCREMENT);
        break;
    }

    CallMsgRing0DebugPrint(DBG_IO, DBG_TRACE, __FUNCTION__"--. IRP %p STATUS %x", Irp, status);

    return status;
}

///////////////////////////////////////////////////////////////////////////////////////////////////
//  CallMsgRing0ShutdownDispatch
//      Dispatch routine for IRP_MJ_SHUTDOWN requests.
//
//  Arguments:
//      IN  DeviceObject
//              pointer to the device object for our device
//
//      IN  Irp
//              the shutdown IRP
//
//  Return Value:
//      NT status code.
//
NTSTATUS CallMsgRing0ShutdownDispatch(
    IN  PDEVICE_OBJECT  DeviceObject,
    IN  PIRP            Irp
    )
{
    NTSTATUS                        status;
    PCALLMSGRING0_DEVICE_EXTENSION    deviceExtension;

    CallMsgRing0DebugPrint(DBG_GENERAL, DBG_TRACE, __FUNCTION__"++. IRP %p", Irp);

    deviceExtension = (PCALLMSGRING0_DEVICE_EXTENSION)DeviceObject->DeviceExtension;

    status = STATUS_NOT_IMPLEMENTED;

    Irp->IoStatus.Status = status;
    Irp->IoStatus.Information = 0;
    IoCompleteRequest (Irp, IO_NO_INCREMENT);

    CallMsgRing0DebugPrint(DBG_GENERAL, DBG_TRACE, __FUNCTION__"--. IRP %p STATUS %x", Irp, status);

    return status;
}

///////////////////////////////////////////////////////////////////////////////////////////////////
//  CallMsgRing0FlushQueues
//      Flush oustanding IRPs for closed file object.
//
//  Arguments:
//      IN  DeviceExtension
//              our device extension
//
//      IN  FileObject
//              about to be closed file object
//
//  Return Value:
//      none
//
VOID CallMsgRing0FlushQueues(
    IN  PCALLMSGRING0_DEVICE_EXTENSION   DeviceExtension,
    IN  PFILE_OBJECT            FileObject
    )
{
    ULONG   index;

    CallMsgRing0DebugPrint(DBG_IO, DBG_TRACE, __FUNCTION__"++");

    CallMsgRing0DebugPrint(DBG_IO, DBG_TRACE, __FUNCTION__"--");

    return;
}