驱动学习笔记2-用程序加载NT驱动程序

NT 驱动 程序 的加载: 1:为NT 驱动 创建新的服务. 2:开启此项服务 3:关闭此项服务 4:删除NT 驱动 创建的服务 (1)打开SCM管理器 SC_HANDLE WINAPI OpenSCManager( __in LPCTSTR lpMachineName,//计算机名称.NULL或者空表示本机 __in LPCTSTR lpDatabaseName,/

NT驱动程序的加载:
1:为NT驱动创建新的服务.
2:开启此项服务
3:关闭此项服务
4:删除NT驱动创建的服务
(1)打开SCM管理器
SC_HANDLE WINAPI OpenSCManager(
__in LPCTSTR lpMachineName,//计算机名称.NULL或者空表示本机
__in LPCTSTR lpDatabaseName,//SCM数据库名称.NULL表示使用缺省数据库
__in DWORD dwDesiredAccess //使用权限.一般为SC_MANAGER_ALL_ACCESS
);
成功返回SCM管理器句柄.否则返回NULL
(2)创建服务
SC_HANDLE WINAPI CreateService(
__in SC_HANDLE hSCManager,//OpenSCManager打开的句柄
__in LPCTSTR lpServiceName,//服务名称.SCM管理器中看到的服务名称
__in LPCTSTR lpDisplayName,
__in DWORD dwDesiredAccess,//打开权限.一般为SERVICE_ALL_ACCESS
__in DWORD dwServiceType, //服务类型(文件系统驱动/普通驱动程序/驱动自加载/)
__in DWORD dwStartType, //启动类型
__in DWORD dwErrorControl, //错误控制码
__in LPCTSTR lpBinaryPathName,//服务程序或者驱动程序的路径
__in LPCTSTR lpLoadOrderGroup,//服务属于哪个用户组
__out LPDWORD lpdwTagId,
__in LPCTSTR lpDependencies, //所依赖的服务的名称
__in LPCTSTR lpServiceStartName, //用户帐户名称
__in LPCTSTR lpPassword //用户口令
);
(3)打开服务
SC_HANDLE WINAPI OpenService(
__in SC_HANDLE hSCManager, //SCM管理器句柄
__in LPCTSTR lpServiceName, //服务名称
__in DWORD dwDesiredAccess //访问权限.一般为SC_MANAGER_ALL_ACCESS
);
(4)控制服务
BOOL WINAPI ControlService(
__in SC_HANDLE hService, //服务句柄
__in DWORD dwControl, //控制码
__out LPSERVICE_STATUS lpServiceStatus //指向一个SERVICE_STATUS 结构体,来接收最后的服务信息
);
(5)关闭SCM管理器
BOOL WINAPI CloseServiceHandle(
__in SC_HANDLE hSCObject
);
完整例程
#include <windows.h> #include <winsvc.h> #include <conio.h> #include <stdio.h> #define DRIVER_NAME "HelloDDK" #define DRIVER_PATH "..//MyDriver//MyDriver_Check//HelloDDK.sys" //装载NT<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong> BOOL LoadNTDriver(char* lpszDriverName,char* lpszDriverPath) { char szDriverImagePath[256]; //得到完整的<strong><strong><strong>驱动</strong></strong></strong>路径 GetFullPathName(lpszDriverPath, 256, szDriverImagePath, NULL); BOOL bRet = FALSE; SC_HANDLE hServiceMgr=NULL;//SCM管理器的句柄 SC_HANDLE hServiceDDK=NULL;//NT<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong>的服务句柄 //打开服务控制管理器 hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS ); if( hServiceMgr == NULL ) { //OpenSCManager失败 printf( "OpenSCManager() Faild %d ! /n", GetLastError() ); bRet = FALSE; goto BeforeLeave; } else { ////OpenSCManager成功 printf( "OpenSCManager() ok ! /n" ); } //创建<strong><strong><strong>驱动</strong></strong></strong>所对应的服务 hServiceDDK = CreateService( hServiceMgr, lpszDriverName, //<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong>的在注册表中的名字 lpszDriverName, // 注册表<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong>的 DisplayName 值 SERVICE_ALL_ACCESS, // 加载<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong>的访问权限 SERVICE_KERNEL_DRIVER,// 表示加载的服务是<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong> SERVICE_DEMAND_START, // 注册表<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong>的 Start 值 SERVICE_ERROR_IGNORE, // 注册表<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong>的 ErrorControl 值 szDriverImagePath, // 注册表<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong>的 ImagePath 值 NULL, NULL, NULL, NULL, NULL); DWORD dwRtn; //判断服务是否失败 if( hServiceDDK == NULL ) { dwRtn = GetLastError(); if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_EXISTS ) { //由于其他原因创建服务失败 printf( "CrateService() Faild %d ! /n", dwRtn ); bRet = FALSE; goto BeforeLeave; } else { //服务创建失败，是由于服务已经创立过 printf( "CrateService() Faild Service is ERROR_IO_PENDING or ERROR_SERVICE_EXISTS! /n" ); } // <strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong>已经加载，只需要打开 hServiceDDK = OpenService( hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS ); if( hServiceDDK == NULL ) { //如果打开服务也失败，则意味错误 dwRtn = GetLastError(); printf( "OpenService() Faild %d ! /n", dwRtn ); bRet = FALSE; goto BeforeLeave; } else { printf( "OpenService() ok ! /n" ); } } else { printf( "CrateService() ok ! /n" ); } //开启此项服务 bRet= StartService( hServiceDDK, NULL, NULL ); if( !bRet ) { DWORD dwRtn = GetLastError(); if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_ALREADY_RUNNING ) { printf( "StartService() Faild %d ! /n", dwRtn ); bRet = FALSE; goto BeforeLeave; } else { if( dwRtn == ERROR_IO_PENDING ) { //设备被挂住 printf( "StartService() Faild ERROR_IO_PENDING ! /n"); bRet = FALSE; goto BeforeLeave; } else { //服务已经开启 printf( "StartService() Faild ERROR_SERVICE_ALREADY_RUNNING ! /n"); bRet = TRUE; goto BeforeLeave; } } } bRet = TRUE; //离开前关闭句柄 BeforeLeave: if(hServiceDDK) { CloseServiceHandle(hServiceDDK); } if(hServiceMgr) { CloseServiceHandle(hServiceMgr); } return bRet; } //卸载<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong> BOOL UnloadNTDriver( char * szSvrName ) { BOOL bRet = FALSE; SC_HANDLE hServiceMgr=NULL;//SCM管理器的句柄 SC_HANDLE hServiceDDK=NULL;//NT<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong>的服务句柄 SERVICE_STATUS SvrSta; //打开SCM管理器 hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS ); if( hServiceMgr == NULL ) { //带开SCM管理器失败 printf( "OpenSCManager() Faild %d ! /n", GetLastError() ); bRet = FALSE; goto BeforeLeave; } else { //带开SCM管理器失败成功 printf( "OpenSCManager() ok ! /n" ); } //打开<strong><strong><strong>驱动</strong></strong></strong>所对应的服务 hServiceDDK = OpenService( hServiceMgr, szSvrName, SERVICE_ALL_ACCESS ); if( hServiceDDK == NULL ) { //打开<strong><strong><strong>驱动</strong></strong></strong>所对应的服务失败 printf( "OpenService() Faild %d ! /n", GetLastError() ); bRet = FALSE; goto BeforeLeave; } else { printf( "OpenService() ok ! /n" ); } //停止<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong>，如果停止失败，只有重新启动才能，再动态加载。 if( !ControlService( hServiceDDK, SERVICE_CONTROL_STOP , &SvrSta ) ) { printf( "ControlService() Faild %d !/n", GetLastError() ); } else { //打开<strong><strong><strong>驱动</strong></strong></strong>所对应的失败 printf( "ControlService() ok !/n" ); } //动态卸载<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong>。 if( !DeleteService( hServiceDDK ) ) { //卸载失败 printf( "DeleteSrevice() Faild %d !/n", GetLastError() ); } else { //卸载成功 printf( "DelServer:eleteSrevice() ok !/n" ); } bRet = TRUE; BeforeLeave: //离开前关闭打开的句柄 if(hServiceDDK) { CloseServiceHandle(hServiceDDK); } if(hServiceMgr) { CloseServiceHandle(hServiceMgr); } return bRet; } void TestDriver() { //测试<strong><strong><strong>驱动</strong></strong></strong><strong><strong>程序</strong></strong> HANDLE hDevice = CreateFile("////.//HelloDDK", GENERIC_WRITE | GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL); if( hDevice != INVALID_HANDLE_VALUE ) { printf( "Create Device ok ! /n" ); } else { printf( "Create Device faild %d ! /n", GetLastError() ); } CloseHandle( hDevice ); } int main(int argc, char* argv[]) { //加载<strong><strong><strong>驱动</strong></strong></strong> BOOL bRet = LoadNTDriver(DRIVER_NAME,DRIVER_PATH); if (!bRet) { printf("LoadNTDriver error/n"); return 0; } //加载成功 printf( "press any to create device!/n" ); getch(); TestDriver(); //这时候你可以通过注册表，或其他查看符号连接的软件验证。 printf( "press any to unload the driver!/n" ); getch(); //卸载<strong><strong><strong>驱动</strong></strong></strong> UnloadNTDriver(DRIVER_NAME); if (!bRet) { printf("UnloadNTDriver error/n"); return 0; } return 0; } </stdio.h></conio.h></winsvc.h></windows.h>