📄 callkerneldll.cpp
字号:
goto done;
}
DeviceLinkUniString.Length = 0; // Show current length.
DeviceLinkUniString.MaximumLength = // Show maximum length.
sizeof(constDeviceLink) -
sizeof(WCHAR) + // Don't need size of first terminator (that is, terminator of constDeviceLink).
DriverName.MaximumLength;
RtlAppendUnicodeToString( // Initialize by appending L"\\DosDevices\\" to empty string.
&DeviceLinkUniString,
constDeviceLink
);
RtlAppendUnicodeStringToString( // Append driver name.
&DeviceLinkUniString,
&DriverName
);
status = IoCreateSymbolicLink(
&DeviceLinkUniString,
&DeviceNameUniString
);
if (FALSE==NT_SUCCESS(status)) // A problem?
{
DbgPrint(("%s DriverEntry: IoCreateSymbolicLink failed, rc = 0x%08X\n", LclDrvName.Buffer, status));
goto done;
}
bHaveSymLink = TRUE;
pDevExt->JAUniSymLinkName = DeviceLinkUniString; // Copy descriptor.
// Copy the registry path.
pDevExt->JARegPath.MaximumLength = pRegistryPath->Length + sizeof(UNICODE_NULL);
pDevExt->JARegPath.Length = pRegistryPath->Length;
pDevExt->JARegPath.Buffer = (PWSTR)ExAllocatePoolWithTag(PagedPool, pDevExt->JARegPath.MaximumLength, 'xxJA');
if (NULL==pDevExt->JARegPath.Buffer) // A problem?
{
DbgPrint(("%s DriverEntry: Unable to allocate %d bytes for copy of registry key name\n",
LclDrvName.Buffer,
pRegistryPath->Length + sizeof(WCHAR)
)
);
status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
bHaveRegPath = TRUE; // Remember storage allocated.
RtlCopyUnicodeString(&pDevExt->JARegPath, pRegistryPath);
// Minimally support all types of IRP (taken from Walter Oney's "Programming the Microsoft Windows Driver Model,"
// p 402).
for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
pDriverObject->MajorFunction[i] = CallKernelDLLDispatchAny;
pDriverObject->DriverUnload = CallKernelDLLUnload;
// DbgPrint(("%s DriverEntry: Initialization complete\n", LclDrvName.Buffer));
done:
if (NT_SUCCESS(status)) // No problem?
{
pKernelDLLDrvObj = pDriverObject;
pKernelDLLDevObj = pDevObj;
}
else
{
if (TRUE==bHaveRegPath) // Copied registry path?
ExFreePool(pDevExt->JARegPath.Buffer);
if (TRUE==bHaveSymLink) // Symbolic link established?
IoDeleteSymbolicLink(&DeviceLinkUniString);
if (NULL!=DeviceLinkUniString.Buffer) // Free working storage for symbolic link name.
ExFreePool(DeviceLinkUniString.Buffer);
if (NULL!=DeviceNameUniString.Buffer) // Free working storage for device name.
ExFreePool(DeviceNameUniString.Buffer);
if (NULL!=LclDrvName.Buffer) // Free working storage for ansi driver name.
RtlFreeAnsiString(&LclDrvName);
if (NULL!=pDevObj) // Was a device object created?
{
pPermDevObj = NULL; // Be neat.
IoDeleteDevice(pDevObj);
}
}
return status;
}
/**************************************************************************************************/
/* */
/* Notes: */
/* 1) The routine KernelDLLRtnsTest(), located in the kernel DLL KernelDLLRtn.sys, is */
/* invoked here. */
/* */
/**************************************************************************************************/
NTSTATUS
CallKernelDLLDispatchAny(
PDEVICE_OBJECT pDevObj,
PIRP pIrp
)
{
PCHAR static pType[] =
{
"IRP_MJ_CREATE",
"IRP_MJ_CREATE_NAMED_PIPE",
"IRP_MJ_CLOSE",
"IRP_MJ_READ",
"IRP_MJ_WRITE",
"IRP_MJ_QUERY_INFORMATION",
"IRP_MJ_SET_INFORMATION",
"IRP_MJ_QUERY_EA",
"IRP_MJ_SET_EA",
"IRP_MJ_FLUSH_BUFFERS",
"IRP_MJ_QUERY_VOLUME_INFORMATION",
"IRP_MJ_SET_VOLUME_INFORMATION",
"IRP_MJ_DIRECTORY_CONTROL",
"IRP_MJ_FILE_SYSTEM_CONTROL",
"IRP_MJ_DEVICE_CONTROL",
"IRP_MJ_INTERNAL_DEVICE_CONTROL",
"IRP_MJ_SHUTDOWN",
"IRP_MJ_LOCK_CONTROL",
"IRP_MJ_CLEANUP",
"IRP_MJ_CREATE_MAILSLOT",
"IRP_MJ_QUERY_SECURITY",
"IRP_MJ_SET_SECURITY",
"IRP_MJ_POWER",
"IRP_MJ_SYSTEM_CONTROL",
"IRP_MJ_DEVICE_CHANGE",
"IRP_MJ_QUERY_QUOTA",
"IRP_MJ_SET_QUOTA",
"IRP_MJ_PNP",
"IRP_MJ_PNP_POWER",
"IRP_MJ_MAXIMUM_FUNCTION"
};
NTSTATUS status = STATUS_SUCCESS,
lclStatus = STATUS_SUCCESS;
PIO_STACK_LOCATION pIrpStack;
pKernelDLLExt pDevExt = // Address of device object extension.
(pKernelDLLExt)pDevObj->DeviceExtension;
PVOID pOutBuffer;
ULONG lenOutBuffer,
IoControlCode;
pIrp->IoStatus.Status = STATUS_SUCCESS;
pIrp->IoStatus.Information = 0;
pIrpStack = IoGetCurrentIrpStackLocation(pIrp);
pKernelDLLTestStr pInTestStr = (pKernelDLLTestStr)pIrp->AssociatedIrp.SystemBuffer;
if (pIrpStack->MajorFunction<=IRP_MJ_MAXIMUM_FUNCTION)
{
DbgPrint(("%s CallKernelDLLDispatchAny: IRP type = %s.\n", pDevExt->JADriverName.Buffer, pType[pIrpStack->MajorFunction]));
}
else
{
DbgPrint(("%s CallKernelDLLDispatchAny: Unknown Irp type = %0X02x.\n", pDevExt->JADriverName.Buffer, pIrpStack->MajorFunction));
}
//pInBuffer = pIrp->AssociatedIrp.SystemBuffer; // Point to input buffer.
//lenInBuffer = // Length of input buffer.
// pIrpStack->Parameters.DeviceIoControl.InputBufferLength;
//pOutBuffer = pIrp->AssociatedIrp.SystemBuffer; // Point to output buffer.
lenOutBuffer = // Length of output buffer.
pIrpStack->Parameters.DeviceIoControl.OutputBufferLength;
IoControlCode = // Get IOCTL internal code.
pIrpStack->Parameters.DeviceIoControl.IoControlCode;
switch(pIrpStack->MajorFunction)
{
case IRP_MJ_DEVICE_CONTROL:
switch(IoControlCode)
{
case KernelDLL_TEST:
status = KernelDLLRtnsTest(pDevObj); // Invoke a routine in the kernel DLL.
pIrp->IoStatus.Information = // Set size to be copied back to caller.
sizeof(KernelDLLTestStr);
pInTestStr->rc = lclStatus; // Set return code for caller.
break;
default:
DbgPrint(("%s CallKernelDLLDispatchAny: Unknown internal IOCTL type = 0x%08x\n", pDevExt->JADriverName.Buffer, IoControlCode));
}
default:
;
}
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
return status;
}
/**************************************************************************************************/
/* */
/**************************************************************************************************/
VOID
CallKernelDLLUnload(PDRIVER_OBJECT pDrvObj)
{
NTSTATUS status;
pKernelDLLExt pDevExt = // Address of device object extension.
(pKernelDLLExt)pPermDevObj->DeviceExtension;
DbgPrint(("%s CallKernelDLLUnload: Unloading\n", pDevExt->JADriverName.Buffer));
ExFreePool(pDevExt->JARegPath.Buffer);
IoDeleteSymbolicLink(&pDevExt->JAUniSymLinkName); // Delete symbolic link.
ExFreePool(pDevExt->JAUniSymLinkName.Buffer);
ExFreePool(pDevExt->JAUniDeviceName.Buffer);
RtlFreeAnsiString(&pDevExt->JADriverName);
IoDeleteDevice(pDrvObj->DeviceObject); // Delete device object.
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -