📄 cgatedll.cpp
字号:
#include <windows.h>
#include <winioctl.h>
#include "gatedll.h"
#define SYS_FILE TEXT("CallGate.SYS")
#define SYS_NAME TEXT("CallGate")
HANDLE hCallgateDriver=INVALID_HANDLE_VALUE;
WORD CodeSelectorArray[8192];
TCHAR msgbuf[ 257 ];
BOOL DriverConnect( void );
BOOL StartDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName );
BOOL OpenDevice( IN LPCTSTR DriverName, HANDLE * lphDevice );
BOOL RemoveDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName );
BOOL DriverDisconnect( void );
BOOL StopDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName );
BOOL InstallDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName, IN LPCTSTR ServiceExe );
int WINAPI CreateCallGate(void *FunctionAddress,
int NumberOfParameters,
PUSHORT pSelector)
{
CallGateInfo_t CallGateInfo;
DWORD BytesReturned;
if (hCallgateDriver==INVALID_HANDLE_VALUE) {
return ERROR_DRIVER_NOT_FOUND;
}
if (!pSelector)
return ERROR_BAD_PARAMETER;
memset(&CallGateInfo, 0, sizeof(CallGateInfo));
CallGateInfo.FunctionLinearAddress=FunctionAddress;
CallGateInfo.NumberOfParameters=NumberOfParameters;
if (!DeviceIoControl(hCallgateDriver,
(DWORD)IOCTL_CALLGATE_CREATE,
&CallGateInfo,
sizeof(CallGateInfo),
&CallGateInfo,
sizeof(CallGateInfo),
&BytesReturned,
NULL)) {
return ERROR_IOCONTROL_FAILED;
}
*pSelector=CallGateInfo.CallGateSelector;
CodeSelectorArray[CallGateInfo.CallGateSelector]=CallGateInfo.CodeSelector;
return SUCCESS;
}
int WINAPI FreeCallGate(USHORT CallGateSelector)
{
CallGateInfo_t CallGateInfo;
DWORD BytesReturned;
if (hCallgateDriver==INVALID_HANDLE_VALUE) {
return ERROR_DRIVER_NOT_FOUND;
}
if (CallGateSelector>=sizeof(CodeSelectorArray)/sizeof(CodeSelectorArray[0])) {
return ERROR_BAD_PARAMETER;
}
memset(&CallGateInfo, 0, sizeof(CallGateInfo));
CallGateInfo.CallGateSelector=CallGateSelector;
CallGateInfo.CodeSelector=CodeSelectorArray[CallGateSelector];
if (!DeviceIoControl(hCallgateDriver,
(DWORD)IOCTL_CALLGATE_RELEASE,
&CallGateInfo,
sizeof(CallGateInfo),
&CallGateInfo,
sizeof(CallGateInfo),
&BytesReturned,
NULL)) {
return ERROR_IOCONTROL_FAILED;
}
// DriverDisconnect();
return SUCCESS;
}
BOOL APIENTRY DllMain(HANDLE hModule, DWORD Reason, LPVOID lpReserved)
{
switch (Reason) {
case DLL_PROCESS_ATTACH:
DriverConnect();
break;
case DLL_PROCESS_DETACH:
break;
default:
break;
}
return TRUE;
}
/****************************************************************************
*
* FUNCTION: LoadDeviceDriver( const TCHAR, const TCHAR, HANDLE *)
*
* PURPOSE: Registers a driver with the system configuration manager
* and then loads it.
*
****************************************************************************/
BOOL LoadDeviceDriver( const TCHAR * Name, const TCHAR * Path, HANDLE * lphDevice )
{
SC_HANDLE schSCManager;
BOOL okay;
schSCManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
// Ignore success of installation: it may already be installed.
InstallDriver( schSCManager, Name, Path );
// Ignore success of start: it may already be started.
StartDriver( schSCManager, Name );
// Do make sure we can open it.
okay = OpenDevice( Name, lphDevice );
CloseServiceHandle( schSCManager );
return okay;
}
/****************************************************************************
*
* FUNCTION: InstallDriver( IN SC_HANDLE, IN LPCTSTR, IN LPCTSTR)
*
* PURPOSE: Creates a driver service.
*
****************************************************************************/
BOOL InstallDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName, IN LPCTSTR ServiceExe )
{
SC_HANDLE schService;
//
// NOTE: This creates an entry for a standalone driver. If this
// is modified for use with a driver that requires a Tag,
// Group, and/or Dependencies, it may be necessary to
// query the registry for existing driver information
// (in order to determine a unique Tag, etc.).
//
schService = CreateService( SchSCManager, // SCManager database
DriverName, // name of service
DriverName, // name to display
SERVICE_ALL_ACCESS, // desired access
SERVICE_KERNEL_DRIVER, // service type
SERVICE_DEMAND_START, // start type
SERVICE_ERROR_NORMAL, // error control type
ServiceExe, // service's binary
NULL, // no load ordering group
NULL, // no tag identifier
NULL, // no dependencies
NULL, // LocalSystem account
NULL // no password
);
if ( schService == NULL)
return FALSE;
CloseServiceHandle(schService);
return TRUE;
}
/****************************************************************************
*
* FUNCTION: StartDriver( IN SC_HANDLE, IN LPCTSTR)
*
* PURPOSE: Starts the driver service.
*
****************************************************************************/
BOOL StartDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName )
{
SC_HANDLE schService;
BOOL ret;
schService = OpenService( SchSCManager,
DriverName,
SERVICE_ALL_ACCESS
);
if ( schService == NULL )
return FALSE;
ret = StartService( schService, 0, NULL )
|| GetLastError() == ERROR_SERVICE_ALREADY_RUNNING;
CloseServiceHandle( schService );
return ret;
}
/****************************************************************************
*
* FUNCTION: OpenDevice( IN LPCTSTR, HANDLE *)
*
* PURPOSE: Opens the device and returns a handle if desired.
*
****************************************************************************/
BOOL OpenDevice( IN LPCTSTR DriverName, HANDLE * lphDevice )
{
TCHAR completeDeviceName[64];
HANDLE hDevice;
//
// Create a \\.\XXX device name that CreateFile can use
//
// NOTE: We're making an assumption here that the driver
// has created a symbolic link using it's own name
// (i.e. if the driver has the name "XXX" we assume
// that it used IoCreateSymbolicLink to create a
// symbolic link "\DosDevices\XXX". Usually, there
// is this understanding between related apps/drivers.
//
// An application might also peruse the DEVICEMAP
// section of the registry, or use the QueryDosDevice
// API to enumerate the existing symbolic links in the
// system.
//
wsprintf( completeDeviceName, TEXT("\\\\.\\%s"), DriverName );
hDevice = CreateFile( completeDeviceName,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
);
if ( hDevice == ((HANDLE)-1) )
{TCHAR Path[256];
PVOID lpMsgBuf;
// open the handle to the device
GetCurrentDirectory( sizeof Path, Path );
wsprintf( Path+lstrlen(Path), TEXT("\\%s"), SYS_FILE );
wsprintf( msgbuf, TEXT("Error opening %s (%s):"), SYS_NAME, Path );
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL, GetLastError(),
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR) &lpMsgBuf, 0, NULL );
MessageBox(NULL, msgbuf,(LPCTSTR) lpMsgBuf, MB_OK );
LocalFree( lpMsgBuf );
return FALSE;
}
// If user wants handle, give it to them. Otherwise, just close it.
if ( lphDevice )
*lphDevice = hDevice;
else
CloseHandle( hDevice );
return TRUE;
}
/****************************************************************************
*
* FUNCTION: UnloadDeviceDriver( const TCHAR *)
*
* PURPOSE: Stops the driver and has the configuration manager unload it.
*
****************************************************************************/
BOOL UnloadDeviceDriver( const TCHAR * Name )
{
SC_HANDLE schSCManager;
schSCManager = OpenSCManager( NULL, // machine (NULL == local)
NULL, // database (NULL == default)
SC_MANAGER_ALL_ACCESS // access required
);
StopDriver( schSCManager, Name );
RemoveDriver( schSCManager, Name );
CloseServiceHandle( schSCManager );
return TRUE;
}
/****************************************************************************
*
* FUNCTION: StopDriver( IN SC_HANDLE, IN LPCTSTR)
*
* PURPOSE: Has the configuration manager stop the driver (unload it)
*
****************************************************************************/
BOOL StopDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName )
{
SC_HANDLE schService;
BOOL ret;
SERVICE_STATUS serviceStatus;
schService = OpenService( SchSCManager, DriverName, SERVICE_ALL_ACCESS );
if ( schService == NULL )
return FALSE;
ret = ControlService( schService, SERVICE_CONTROL_STOP, &serviceStatus );
CloseServiceHandle( schService );
return ret;
}
/****************************************************************************
*
* FUNCTION: RemoveDriver( IN SC_HANDLE, IN LPCTSTR)
*
* PURPOSE: Deletes the driver service.
*
****************************************************************************/
BOOL RemoveDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName )
{
SC_HANDLE schService;
BOOL ret;
schService = OpenService( SchSCManager,
DriverName,
SERVICE_ALL_ACCESS
);
if ( schService == NULL )
return FALSE;
ret = DeleteService( schService );
CloseServiceHandle( schService );
return ret;
}
//======================================================================
//
// DRIVER ROUTINES
//
//======================================================================
//----------------------------------------------------------------------
//
// DriverConnect
//
// Load the driver.
//
//----------------------------------------------------------------------
BOOL DriverConnect( void )
{
TCHAR Path[256];
PVOID lpMsgBuf;
// open the handle to the device
GetCurrentDirectory( sizeof Path, Path );
wsprintf( Path+lstrlen(Path), TEXT("\\%s"), SYS_FILE );
if ( ! LoadDeviceDriver( SYS_NAME, Path, &hCallgateDriver ) ) {
wsprintf( msgbuf, TEXT("Error opening %s (%s):"), SYS_NAME, Path );
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL, GetLastError(),
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR) &lpMsgBuf, 0, NULL );
MessageBox(NULL, msgbuf,(LPCTSTR) lpMsgBuf, MB_OK );
LocalFree( lpMsgBuf );
DriverDisconnect();
return FALSE;
}
return TRUE;
}
//----------------------------------------------------------------------
//
// DriverDisconnect
//
// If under NT 4.0, we need to establish system call hooking in order
// to make the changeover.
//
//----------------------------------------------------------------------
BOOL DriverDisconnect( void )
{
UnloadDeviceDriver( SYS_NAME );
return TRUE;
}
//----------------------------------------------------------------------
//
// CallDriver
//
// Sends a DevIoControl to the driver along with some data,
// if necessary. Don't pop up message box if we're just getting stats
// from the driver and the device isn't ready - otherwise we get
// a message box every second!
//
//----------------------------------------------------------------------
BOOL CallDriver( int Msg, PBYTE inData, int inDataLen,
PBYTE outData, int outDataLen )
{
PVOID lpMsgBuf;
ULONG nb;
int error;
if ( ! (error = DeviceIoControl( hCallgateDriver, Msg,
inData, inDataLen, outData, outDataLen, &nb, NULL )) )
{
// if not being called from stats and error isn't device ready, print message
wsprintf( msgbuf, TEXT("PORT IO driver error:"));
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL, GetLastError(),
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR) &lpMsgBuf, 0, NULL );
MessageBox( NULL, msgbuf, (LPCTSTR)lpMsgBuf,MB_OK );
LocalFree( lpMsgBuf );
return FALSE;
}
return TRUE;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -