📄 mapmem.c
字号:
/*++
Copyright (c) 1993 Microsoft Corporation
Module Name:
mapmem.c
Abstract:
A simple driver sample which shows how to map physical memory
into a user-mode process's adrress space using the
Zw*MapViewOfSection APIs.
Environment:
kernel mode only
Notes:
For the sake of simplicity this sample does not attempt to
recognize resource conflicts with other drivers/devices. A
real-world driver would call IoReportResource usage to
determine whether or not the resource is available, and if
so, register the resource under it's name.
Revision History:
--*/
#include <ntddk.h>
#include "mapmem.h"
#include <stdarg.h>
NTSTATUS
MapMemDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);
VOID
MapMemUnload(
IN PDRIVER_OBJECT DriverObject
);
NTSTATUS
MapMemMapTheMemory(
IN PDEVICE_OBJECT DeviceObject,
IN OUT PVOID ioBuffer,
IN ULONG inputBufferLength,
IN ULONG outputBufferLength
);
#if DBG
#define MapMemKdPrint(arg) DbgPrint arg
#else
#define MapMemKdPrint(arg)
#endif
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
/*++
Routine Description:
Installable driver initialization entry point.
This entry point is called directly by the I/O system.
Arguments:
DriverObject - pointer to the driver object
RegistryPath - pointer to a unicode string representing the path
to driver-specific key in the registry
Return Value:
STATUS_SUCCESS if successful,
STATUS_UNSUCCESSFUL otherwise
--*/
{
PDEVICE_OBJECT deviceObject = NULL;
NTSTATUS ntStatus;
WCHAR deviceNameBuffer[] = L"\\Device\\MapMem";
UNICODE_STRING deviceNameUnicodeString;
WCHAR deviceLinkBuffer[] = L"\\DosDevices\\MAPMEM";
UNICODE_STRING deviceLinkUnicodeString;
MapMemKdPrint (("MAPMEM.SYS: entering DriverEntry\n"));
//
// Create an EXCLUSIVE device object (only 1 thread at a time
// can make requests to this device)
//
RtlInitUnicodeString (&deviceNameUnicodeString,
deviceNameBuffer);
ntStatus = IoCreateDevice (DriverObject,
0,
&deviceNameUnicodeString,
FILE_DEVICE_MAPMEM,
0,
TRUE,
&deviceObject
);
if (NT_SUCCESS(ntStatus))
{
//
// Create dispatch points for device control, create, close.
//
DriverObject->MajorFunction[IRP_MJ_CREATE] =
DriverObject->MajorFunction[IRP_MJ_CLOSE] =
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = MapMemDispatch;
DriverObject->DriverUnload = MapMemUnload;
//
// Create a symbolic link, e.g. a name that a Win32 app can specify
// to open the device
//
RtlInitUnicodeString(&deviceLinkUnicodeString,
deviceLinkBuffer);
ntStatus = IoCreateSymbolicLink (&deviceLinkUnicodeString,
&deviceNameUnicodeString);
if (!NT_SUCCESS(ntStatus)) {
//
// Symbolic link creation failed- note this & then delete the
// device object (it's useless if a Win32 app can't get at it).
//
MapMemKdPrint (("MAPMEM.SYS: IoCreateSymbolicLink failed\n"));
IoDeleteDevice (deviceObject);
}
} else {
MapMemKdPrint (("MAPMEM.SYS: IoCreateDevice failed\n"));
}
return ntStatus;
}
NTSTATUS
MapMemDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
/*++
Routine Description:
Process the IRPs sent to this device.
Arguments:
DeviceObject - pointer to a device object
Irp - pointer to an I/O Request Packet
Return Value:
NTSTATUS
--*/
{
PIO_STACK_LOCATION irpStack;
PVOID ioBuffer;
ULONG inputBufferLength;
ULONG outputBufferLength;
ULONG ioControlCode;
NTSTATUS ntStatus;
//
// Init to default settings- we only expect 1 type of
// IOCTL to roll through here, all others an error.
//
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
//
// Get a pointer to the current location in the Irp. This is where
// the function codes and parameters are located.
//
irpStack = IoGetCurrentIrpStackLocation(Irp);
//
// Get the pointer to the input/output buffer and it's length
//
ioBuffer = Irp->AssociatedIrp.SystemBuffer;
inputBufferLength = irpStack->Parameters.DeviceIoControl.InputBufferLength;
outputBufferLength = irpStack->Parameters.DeviceIoControl.OutputBufferLength;
switch (irpStack->MajorFunction) {
case IRP_MJ_CREATE:
MapMemKdPrint (("MAPMEM.SYS: IRP_MJ_CREATE\n"));
break;
case IRP_MJ_CLOSE:
MapMemKdPrint (("MAPMEM.SYS: IRP_MJ_CLOSE\n"));
break;
case IRP_MJ_DEVICE_CONTROL:
ioControlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;
switch (ioControlCode)
{
case IOCTL_MAPMEM_MAP_USER_PHYSICAL_MEMORY:
Irp->IoStatus.Status = MapMemMapTheMemory (DeviceObject,
ioBuffer,
inputBufferLength,
outputBufferLength
);
if (NT_SUCCESS(Irp->IoStatus.Status))
{
//
// Success! Set the following to sizeof(PVOID) to
// indicate we're passing valid data back.
//
Irp->IoStatus.Information = sizeof(PVOID);
MapMemKdPrint (("MAPMEM.SYS: memory successfully mapped\n"));
}
else
{
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
MapMemKdPrint (("MAPMEM.SYS: memory map failed :(\n"));
}
break;
case IOCTL_MAPMEM_UNMAP_USER_PHYSICAL_MEMORY:
if (inputBufferLength >= sizeof(PVOID))
{
Irp->IoStatus.Status = ZwUnmapViewOfSection ((HANDLE) -1,
*((PVOID *) ioBuffer)
);
MapMemKdPrint (("MAPMEM.SYS: memory successfully unmapped\n"));
}
else
{
Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
MapMemKdPrint (("MAPMEM.SYS: ZwUnmapViewOfSection failed\n"));
}
break;
default:
MapMemKdPrint (("MAPMEM.SYS: unknown IRP_MJ_DEVICE_CONTROL\n"));
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
}
break;
}
//
// DON'T get cute and try to use the status field of
// the irp in the return status. That IRP IS GONE as
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -