应用层加载NT驱动代码
2009-07-30 19:40
585 查看
//
// load NT driver
//
BOOL LoadNTDriver(LPTSTR lpszDriverName, LPTSTR lpszDriverPath)
{
TCHAR szDriverImagePath[256] = {0};
//
// get complete driver path
//
GetFullPathName(lpszDriverPath, 256, szDriverImagePath, NULL);
BOOL bRet = FALSE;
SC_HANDLE hServiceMgr = NULL; // SCM handle(SCM-->Service Control Manager)
SC_HANDLE hServiceDDK = NULL; // NT driver service handle
CComMonitorApp *ptheApp = (CComMonitorApp *)AfxGetApp();
//
// open SCM
//
hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
if( hServiceMgr == NULL )
{
// OpenSCManager fail
DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "OpenSCManager() failed");
bRet = FALSE;
goto BeforeLeave;
}
// else
// {
// // OpenSCManager successfully
// printf( "OpenSCManager() ok! /n" );
// }
//
// create service for the driver
//
hServiceDDK = CreateService( hServiceMgr,
lpszDriverName, // 驱动程序的在注册表中的名字
lpszDriverName, // 注册表驱动程序的DisplayName 值
SERVICE_ALL_ACCESS, // 加载驱动程序的访问权限
SERVICE_KERNEL_DRIVER,// 表示加载的服务是驱动程序
SERVICE_DEMAND_START, // 注册表驱动程序的 Start 值
SERVICE_ERROR_IGNORE, // 注册表驱动程序的 ErrorControl 值
szDriverImagePath, // 注册表驱动程序的 ImagePath 值
NULL,
NULL,
NULL,
NULL,
NULL);
DWORD dwRtn;
//
// judge whether service is created.
//
if( hServiceDDK == NULL )
{
dwRtn = GetLastError();
if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_EXISTS )
{
//
// an error occurs
//
DisplayError( ptheApp->m_pMainWnd->GetSafeHwnd(), "CreateService() failed");
bRet = FALSE;
goto BeforeLeave;
}
//
// just open the service as the service is already set up.
//
hServiceDDK = OpenService( hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS );
if( hServiceDDK == NULL )
{
//
// if open the service failed, an error occured.
//
DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "OpenService() failed");
bRet = FALSE;
goto BeforeLeave;
}
}
// AdjustServicePrevelidge(hServiceDDK); // 提权
//
// start the service
//
bRet = StartService( hServiceDDK, NULL, NULL );
if( !bRet )
{
DWORD dwRtn = GetLastError();
if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_ALREADY_RUNNING )
{
DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "StartService() failed");
bRet = FALSE;
goto BeforeLeave;
}
else
{
if( dwRtn == ERROR_IO_PENDING )
{
//
// device is pending
//
bRet = FALSE;
goto BeforeLeave;
}
else
{
//
// service is already running
//
bRet = TRUE;
goto BeforeLeave;
}
}
}
bRet = TRUE;
//
// close all handles before return.
//
BeforeLeave:
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
//
// unload a driver
//
BOOL UnloadNTDriver(LPTSTR szSvrName)
{
BOOL bRet = TRUE;
SC_HANDLE hServiceMgr = NULL; // SCM handle
SC_HANDLE hServiceDDK = NULL; // NT driver's service handle
SERVICE_STATUS SvrSta;
CComMonitorApp *ptheApp = (CComMonitorApp *)AfxGetApp();
//
// open SCM---service control manager.
//
hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
if( hServiceMgr == NULL )
{
DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "OpenSCManager() failed");
bRet = FALSE;
goto BeforeLeave;
}
//
// open the service for the driver.
//
hServiceDDK = OpenService( hServiceMgr, szSvrName, SERVICE_ALL_ACCESS );
if( hServiceDDK == NULL )
{
// open service failed.
DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "OpenService() failed");
bRet = FALSE;
goto BeforeLeave;
}
//
// stop the driver, if failed, restart the system and reload it.
//
if( !ControlService(hServiceDDK, SERVICE_CONTROL_STOP, &SvrSta) )
{
DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "ControlService() failed");
bRet = FALSE;
}
// delete the service of the driver, here don't delete the , just stop the service.
// if( !DeleteService(hServiceDDK) )
// {
// DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "DeleteService() failed");
// bRet = FALSE;
// }
BeforeLeave:
//离开前关闭打开的句柄
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
应该叫“手动加载”驱动程序。驱动程序也属于服务,应用程序可以用CreateService来安装,用StartService来加载;驱动程序可以用ZwLoadDriver来加载另一个驱动程序。
另注:驱动程序安装后,其注册表键中有一个Start键值,该值含义为:
0——系统启动时加载;
1——内核初始化完成后加载;
2——系统启动后加载;
3——手动加载;
4——不加载。
// load NT driver
//
BOOL LoadNTDriver(LPTSTR lpszDriverName, LPTSTR lpszDriverPath)
{
TCHAR szDriverImagePath[256] = {0};
//
// get complete driver path
//
GetFullPathName(lpszDriverPath, 256, szDriverImagePath, NULL);
BOOL bRet = FALSE;
SC_HANDLE hServiceMgr = NULL; // SCM handle(SCM-->Service Control Manager)
SC_HANDLE hServiceDDK = NULL; // NT driver service handle
CComMonitorApp *ptheApp = (CComMonitorApp *)AfxGetApp();
//
// open SCM
//
hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
if( hServiceMgr == NULL )
{
// OpenSCManager fail
DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "OpenSCManager() failed");
bRet = FALSE;
goto BeforeLeave;
}
// else
// {
// // OpenSCManager successfully
// printf( "OpenSCManager() ok! /n" );
// }
//
// create service for the driver
//
hServiceDDK = CreateService( hServiceMgr,
lpszDriverName, // 驱动程序的在注册表中的名字
lpszDriverName, // 注册表驱动程序的DisplayName 值
SERVICE_ALL_ACCESS, // 加载驱动程序的访问权限
SERVICE_KERNEL_DRIVER,// 表示加载的服务是驱动程序
SERVICE_DEMAND_START, // 注册表驱动程序的 Start 值
SERVICE_ERROR_IGNORE, // 注册表驱动程序的 ErrorControl 值
szDriverImagePath, // 注册表驱动程序的 ImagePath 值
NULL,
NULL,
NULL,
NULL,
NULL);
DWORD dwRtn;
//
// judge whether service is created.
//
if( hServiceDDK == NULL )
{
dwRtn = GetLastError();
if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_EXISTS )
{
//
// an error occurs
//
DisplayError( ptheApp->m_pMainWnd->GetSafeHwnd(), "CreateService() failed");
bRet = FALSE;
goto BeforeLeave;
}
//
// just open the service as the service is already set up.
//
hServiceDDK = OpenService( hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS );
if( hServiceDDK == NULL )
{
//
// if open the service failed, an error occured.
//
DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "OpenService() failed");
bRet = FALSE;
goto BeforeLeave;
}
}
// AdjustServicePrevelidge(hServiceDDK); // 提权
//
// start the service
//
bRet = StartService( hServiceDDK, NULL, NULL );
if( !bRet )
{
DWORD dwRtn = GetLastError();
if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_ALREADY_RUNNING )
{
DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "StartService() failed");
bRet = FALSE;
goto BeforeLeave;
}
else
{
if( dwRtn == ERROR_IO_PENDING )
{
//
// device is pending
//
bRet = FALSE;
goto BeforeLeave;
}
else
{
//
// service is already running
//
bRet = TRUE;
goto BeforeLeave;
}
}
}
bRet = TRUE;
//
// close all handles before return.
//
BeforeLeave:
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
//
// unload a driver
//
BOOL UnloadNTDriver(LPTSTR szSvrName)
{
BOOL bRet = TRUE;
SC_HANDLE hServiceMgr = NULL; // SCM handle
SC_HANDLE hServiceDDK = NULL; // NT driver's service handle
SERVICE_STATUS SvrSta;
CComMonitorApp *ptheApp = (CComMonitorApp *)AfxGetApp();
//
// open SCM---service control manager.
//
hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
if( hServiceMgr == NULL )
{
DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "OpenSCManager() failed");
bRet = FALSE;
goto BeforeLeave;
}
//
// open the service for the driver.
//
hServiceDDK = OpenService( hServiceMgr, szSvrName, SERVICE_ALL_ACCESS );
if( hServiceDDK == NULL )
{
// open service failed.
DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "OpenService() failed");
bRet = FALSE;
goto BeforeLeave;
}
//
// stop the driver, if failed, restart the system and reload it.
//
if( !ControlService(hServiceDDK, SERVICE_CONTROL_STOP, &SvrSta) )
{
DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "ControlService() failed");
bRet = FALSE;
}
// delete the service of the driver, here don't delete the , just stop the service.
// if( !DeleteService(hServiceDDK) )
// {
// DisplayError(ptheApp->m_pMainWnd->GetSafeHwnd(), "DeleteService() failed");
// bRet = FALSE;
// }
BeforeLeave:
//离开前关闭打开的句柄
if (hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if (hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
应该叫“手动加载”驱动程序。驱动程序也属于服务,应用程序可以用CreateService来安装,用StartService来加载;驱动程序可以用ZwLoadDriver来加载另一个驱动程序。
另注:驱动程序安装后,其注册表键中有一个Start键值,该值含义为:
0——系统启动时加载;
1——内核初始化完成后加载;
2——系统启动后加载;
3——手动加载;
4——不加载。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 使用WDM驱动实现在NT下读取物理端口,特殊寄存器,物理内存的代码(C++驱动加载代码) .
- 应用层 加载驱动 和 卸载驱动代码
- 应用层 加载驱动 和 卸载驱动代码
- 使用WDM驱动实现在NT下读取物理端口,特殊寄存器,物理内存的代码(C++驱动加载代码)
- 驱动学习笔记2-用程序加载NT驱动程序
- 64位Win8添加Oracle ODBC驱动时提示"无法加载ORACLE In OraDb11g_Home1 ODBC驱动程序的安装例程,因为存在系统错误代码193"?
- NT驱动的加载及简单通讯
- NTModel框架与通信(含使用服务加载驱动)
- 使用WDM驱动实现在NT下读取物理端口,特殊寄存器,物理内存的代码(C++测试代码)
- 编写驱动拦截NT的API实现隐藏文件目录(代码)
- NT驱动加载与卸载
- 释放-加载-删除驱动的代码
- 使用WDM驱动实现在NT下读取物理端口,特殊寄存器,物理内存的代码(Win32汇编源代码)
- 驱动开发(3)使用SCM加载NT驱动(用应用程序加载驱动)
- 配置----Hibernate可配置的编程方式,驱动、URL、数据库访问岁用户名、密码等用使用Java代码手动加载!
- delphi加载驱动的代码演示
- Windows NT/2000下不用驱动的Ring0代码实现
- 64位Win8添加Oracle ODBC驱动时提示"无法加载ORACLE In OraDb11g_Home1 ODBC驱动程序的安装例程,因为存在系统错误代码193"?
- 动态加载NT驱动(源码)
- 加载windows驱动代码