📄 kbfiltr.h
字号:
/*--
模块名称:
kbfilter.h
代码模版:
Windows XP DDK 2600 - KbFilter
作者:
Advance(LOVEHINA-AVC)
环境:
仅运行于内核模式
--*/
#ifndef KBFILTER_H
#define KBFILTER_H
#include "wdm.h"
#include <ntddkbd.h>
#define KBFILTER_POOL_TAG (ULONG) 'hmbK'
#undef ExAllocatePool
#define ExAllocatePool(type, size) \
ExAllocatePoolWithTag (type, size, KBFILTER_POOL_TAG)
#if DBG
#define TRAP() DbgBreakPoint()
#define DbgRaiseIrql(_x_,_y_) KeRaiseIrql(_x_,_y_)
#define DbgLowerIrql(_x_) KeLowerIrql(_x_)
#define DebugPrint(_x_) DbgPrint _x_
#else // DBG
#define TRAP()
#define DbgRaiseIrql(_x_,_y_)
#define DbgLowerIrql(_x_)
#define DebugPrint(_x_)
#endif
#define MIN(_A_,_B_) (((_A_) < (_B_)) ? (_A_) : (_B_))
#define IOCTL_KBMHOOK_QUERY_VERSION CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0400, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_KBMHOOK_HOOK_SWITCH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0401, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_KBMHOOK_MAPPING_KEYS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0402, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_KBMHOOK_QUERY_KEYDOWN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0403, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_KBMHOOK_QUERY_DEVICE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0404, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define VER_MAJOR 0x0001
#define VER_MINOR 0x0000
typedef struct _KEYDOWN_DATA
{
UCHAR DeviceIndex;
UCHAR DeviceID;
UCHAR KeyPressed;
UCHAR Flags;
} KEYDOWN_DATA, *PKEYDOWN_DATA;
typedef struct _KEYMAP_DATA
{
UCHAR KeySource;
UCHAR KeySourceFlags;
UCHAR KeyMappingTo;
UCHAR KeyMappingToFlags;
} KEYMAP_DATA, *PKEYMAP_DATA;
typedef struct _FILTER_DEVICE_EXTENSION
{
//
// 两个不同的设备扩展所具有的公共域,用以区分FILTER和KBMHOOK。
//
BOOLEAN IsFilterDevice;
//
// 位于驱动栈顶层的设备,即Kbdclass的设备对象指针,用于IoCallDriver的IRP传递。
//
PDEVICE_OBJECT LowerDeviceObject;
//
// KBMHOOK设备扩展指针
//
PVOID KbmDevExtPointer;
//
// 键盘标识
//
UCHAR DeviceID;
//
// 存储将要被置换且屏蔽掉的键位
//
UCHAR KeyStore[3][128];
UCHAR KeyIndex[3][128];
} FILTER_DEVICE_EXTENSION, *PFILTER_DEVICE_EXTENSION;
typedef struct _KBMHOOK_DEVICE_EXTENSION
{
BOOLEAN IsFilterDevice;
//
// FILTER设备扩展指针
//
PVOID FltDevExtPointer[16];
//
// KbdClass驱动与设备对象指针(枚举用)
//
PDRIVER_OBJECT KbdClassDriver;
PDEVICE_OBJECT KbdClassDevice[16];
UCHAR DeviceCounter;
KEYDOWN_DATA KeyDown;
//
// 存储将要被屏蔽的键位
//
BOOLEAN HookSwitch;
UCHAR KeyStore[3][128];
} KBMHOOK_DEVICE_EXTENSION, *PKBMHOOK_DEVICE_EXTENSION;
typedef struct _PUBLIC_DEVICE_EXTENSION
{
BOOLEAN IsFilterDevice;
} PUBLIC_DEVICE_EXTENSION, *PPUBLIC_DEVICE_EXTENSION;
typedef struct _VERSION_DATA
{
USHORT MajorVersion;
USHORT MinorVersion;
} VERSION_DATA, *PVERSION_DATA;
typedef struct _HOOK_SWITCH_DATA
{
BOOLEAN HookSwitch;
} HOOK_SWITCH_DATA, *PHOOK_SWITCH_DATA;
typedef struct _DEVICE_COUNTER_DATA
{
UCHAR DeviceCounter;
} DEVICE_COUNTER_DATA, *PDEVICE_COUNTER_DATA;
//
// 协议类型
//
NTSTATUS
KbFilter_CreateClose (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
KbFilter_DispatchPassThrough(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
KbFilter_Complete (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
);
NTSTATUS
KbFilter_IoCtl (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
KbFilter_Read (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
KbFilter_PnP (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
NTSTATUS
KbFilter_HookDevice(
IN PDEVICE_OBJECT DeviceObject,
IN PKBMHOOK_DEVICE_EXTENSION KbmDevExt
);
VOID
KbFilter_Unload (
IN PDRIVER_OBJECT DriverObject
);
#endif // KBFILTER_H
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -