EXE和SYS通信(ReadFile WriteFile) 其他方式
EXE部分
- #include <stdio.h>
- #include <Windows.h>
- int main (void)
- {
- char linkname[]="\\\\.\\HelloDDK";
- HANDLE hDevice = CreateFileA(linkname,GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
- if (hDevice == INVALID_HANDLE_VALUE)
- {
- printf("Win32 error code: %d\n",GetLastError());
- return 1;
- }
- UCHAR buffer[10]={0};
- ULONG ulRead=0;
- if (ReadFile(hDevice,buffer,10,&ulRead,NULL))
- {
- printf("Read %d bytes:",ulRead);
- for (int i=0;i<(int)ulRead;i++)
- {
- printf("%02X ",buffer[i]);
- }
- printf("\n");
- }
- getchar();
- getchar();
- ulRead=0;
- if (WriteFile(hDevice,buffer,10,&ulRead,NULL))
- {
- printf("write %d bytes\n",ulRead);
- for (int i=0;i<(int)ulRead;i++)
- {
- printf("%02X ",buffer[i]);
- }
- printf("\n");
- }
- CloseHandle(hDevice);
- getchar();
- getchar();
- return 0;
- }
SYS部分
- #pragma once
- #include <ntddk.h>
- #define CountArray(Array) ( sizeof(Array) / sizeof(Array[0]) )
- #define MAX_FILE_LENGTH 1024
- typedef struct _DEVICE_EXTENSION
- {
- PDEVICE_OBJECT pDevice; //设备对象
- UNICODE_STRING ustrDeviceName; //设备名称
- UNICODE_STRING ustrSymLinkName; //符号名称
- PUCHAR buffer; //缓冲区指针
- ULONG file_length; //缓冲区长度
- }DEVICE_EXTENSION,*PDEVICE_EXTENSION;
- #ifdef __cplusplus
- extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath);
- #endif
- void HelloUnload(IN PDRIVER_OBJECT DriverObject); //卸载函数
- NTSTATUS CreateDevice(PDRIVER_OBJECT PDevObj); //创建设备
- NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp); //派遣函数
- NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP); //读请求派遣函数
- NTSTATUS HelloDDKWrite(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP); //写请求派遣函数
- #include "hello.h"
- NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
- {
- DbgPrint("Hello from!\n");
- DriverObject->DriverUnload = HelloUnload;
- for (int i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)
- {
- DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;
- }
- DriverObject->MajorFunction[IRP_MJ_READ]=HelloDDKRead; //设置读派遣函数
- DriverObject->MajorFunction[IRP_MJ_WRITE]=HelloDDKWrite; //设置写派遣函数
- //#if DBG
- // _asm int 3
- //#endif
- //创建设备
- CreateDevice(DriverObject);
- return STATUS_SUCCESS;
- }
- //读派遣函数
- NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP)
- {
- //#if DBG
- // _asm int 3
- //#endif
- PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
- NTSTATUS status=STATUS_SUCCESS;
- PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrP); //获取当前堆栈
- ULONG ulReadLength=stack->Parameters.Read.Length; //获取读的长度
- ULONG ulReadOffset=(ULONG)stack->Parameters.Read.ByteOffset.QuadPart; //获取读的偏移
- PVOID user_address=pIrP->UserBuffer; //获取用户模式地址
- if (user_address==NULL)
- {
- ASSERT(FALSE);
- //完成IRP
- pIrP->IoStatus.Status=STATUS_UNSUCCESSFUL; //设置完成状态
- pIrP->IoStatus.Information=0; //设置读取长度
- IoCompleteRequest(pIrP,IO_NO_INCREMENT); //完成IRP
- return status;
- }
- DbgPrint("0X%0X\n",user_address);
- __try
- {
- //判断指针是否可写
- ProbeForWrite(user_address,ulReadLength,4);
- memset(user_address,0XAA,ulReadLength);
- DbgPrint("测试下");
- }
- __except(EXCEPTION_EXECUTE_HANDLER)
- {
- DbgPrint("打我PG我不乖\n");
- status=STATUS_UNSUCCESSFUL;
- }
- //完成IRP
- pIrP->IoStatus.Status=status; //设置完成状态
- pIrP->IoStatus.Information=ulReadLength; //设置读取长度
- IoCompleteRequest(pIrP,IO_NO_INCREMENT); //完成IRP
- return status;
- }
- //写派遣函数
- NTSTATUS HelloDDKWrite(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP)
- {
- //#if DBG
- // _asm int 3
- //#endif
- PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
- NTSTATUS status=STATUS_SUCCESS;
- PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrP);
- ULONG ulWriteLength=stack->Parameters.Read.Length; //获取写的长度
- ULONG ulReadOffset=(ULONG)stack->Parameters.Read.ByteOffset.QuadPart; //获取写的偏移
- PVOID user_address=pIrP->UserBuffer; //获取用户模式地址
- if (user_address==NULL)
- {
- ASSERT(FALSE);
- //完成IRP
- pIrP->IoStatus.Status=STATUS_UNSUCCESSFUL; //设置完成状态
- pIrP->IoStatus.Information=0; //设置读取长度
- IoCompleteRequest(pIrP,IO_NO_INCREMENT); //完成IRP
- return status;
- }
- DbgPrint("0X%0X\n",user_address);
- __try
- {
- //判断指针是否可写
- ProbeForWrite(user_address,ulWriteLength,4);
- UCHAR buffer[10]={0};
- memcpy(buffer,user_address,ulWriteLength);
- for (int i=0;i<(int)ulWriteLength;i++)
- {
- DbgPrint("%02x\n",buffer[i]);
- }
- memset(user_address,0XAA,ulWriteLength);
- DbgPrint("测试下");
- }
- __except(EXCEPTION_EXECUTE_HANDLER)
- {
- DbgPrint("打我PG我不乖\n");
- status=STATUS_UNSUCCESSFUL;
- }
- //完成IRP
- pIrP->IoStatus.Status=status; //设置完成状态
- pIrP->IoStatus.Information=ulWriteLength; //设置写取长度
- IoCompleteRequest(pIrP,IO_NO_INCREMENT); //完成IRP
- return status;
- }
- //卸载函数
- void HelloUnload(IN PDRIVER_OBJECT DriverObject)
- {
- DbgPrint("Goodbye from!\n");
- PDEVICE_OBJECT pNextObj=NULL;
- pNextObj=DriverObject->DeviceObject;
- while (pNextObj)
- {
- PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;
- //释放内存
- if (pDevExt->buffer)
- {
- ExFreePool(pDevExt->buffer);
- pDevExt->buffer=NULL;
- }
- //删除符号连接
- IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);
- //删除设备
- IoDeleteDevice(pDevExt->pDevice);
- pNextObj=pNextObj->NextDevice;
- }
- }
- //创建设备
- NTSTATUS CreateDevice(PDRIVER_OBJECT pDriver_Object)
- {
- //定义变量
- NTSTATUS status=STATUS_SUCCESS;
- PDEVICE_OBJECT pDevObje=NULL;
- PDEVICE_EXTENSION pDevExt=NULL;
- //初始化字符串
- UNICODE_STRING devname;
- UNICODE_STRING symLinkName;
- RtlInitUnicodeString(&devname,L"\\device\\hello");
- RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");
- //创建设备
- if (IoCreateDevice(pDriver_Object,sizeof(PDEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObje)!=STATUS_SUCCESS )
- {
- DbgPrint("创建设备失败\n");
- return status;
- }
- pDevExt=(PDEVICE_EXTENSION)pDevObje->DeviceExtension;
- pDevExt->pDevice=pDevObje;
- pDevExt->ustrDeviceName=devname;
- pDevExt->ustrSymLinkName=symLinkName;
- //申请模拟文件的缓冲区
- pDevExt->buffer=(PUCHAR)ExAllocatePool(PagedPool,MAX_FILE_LENGTH);
- pDevExt->file_length=0;
- if (pDevExt->buffer==NULL)
- {
- DbgPrint("内存分配失败\n");
- }
- //创建符号连接
- if (IoCreateSymbolicLink(&symLinkName,&devname)!=STATUS_SUCCESS )
- {
- DbgPrint("创建符号连接失败\n");
- IoDeleteDevice(pDevObje);
- return status;
- }
- return STATUS_SUCCESS;
- }
- //派遣函数
- NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP)
- {
- //#if DBG
- // _asm int 3
- //#endif
- PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrP);
- //建立一个字符串数组与IRP类型对应起来
- static char* irpname[] =
- {
- "IRP_MJ_CREATE",
- "IRP_MJ_CREATE_NAMED_PIPE",
- "IRP_MJ_CLOSE",
- "IRP_MJ_READ",
- "IRP_MJ_WRITE",
- "IRP_MJ_QUERY_INFORMATION",
- "IRP_MJ_SET_INFORMATION",
- "IRP_MJ_QUERY_EA",
- "IRP_MJ_SET_EA",
- "IRP_MJ_FLUSH_BUFFERS",
- "IRP_MJ_QUERY_VOLUME_INFORMATION",
- "IRP_MJ_SET_VOLUME_INFORMATION",
- "IRP_MJ_DIRECTORY_CONTROL",
- "IRP_MJ_FILE_SYSTEM_CONTROL",
- "IRP_MJ_DEVICE_CONTROL",
- "IRP_MJ_INTERNAL_DEVICE_CONTROL",
- "IRP_MJ_SHUTDOWN",
- "IRP_MJ_LOCK_CONTROL",
- "IRP_MJ_CLEANUP",
- "IRP_MJ_CREATE_MAILSLOT",
- "IRP_MJ_QUERY_SECURITY",
- "IRP_MJ_SET_SECURITY",
- "IRP_MJ_POWER",
- "IRP_MJ_SYSTEM_CONTROL",
- "IRP_MJ_DEVICE_CHANGE",
- "IRP_MJ_QUERY_QUOTA",
- "IRP_MJ_SET_QUOTA",
- "IRP_MJ_PNP",
- };
- UCHAR type = stack->MajorFunction;
- if (type >= CountArray(irpname))
- KdPrint(("无效的IRP类型 %X\n", type));
- else
- KdPrint(("%s\n", irpname[type]));
- pIrP->IoStatus.Status=STATUS_SUCCESS; //设置完成状态
- pIrP->IoStatus.Information=0; //设置操作字节为0
- IoCompleteRequest(pIrP,IO_NO_INCREMENT); //结束IRP派遣函数,第二个参数表示不增加优先级
- return STATUS_SUCCESS;
- }
EXE和SYS通信(ReadFile WriteFile) 其他方式相关推荐
- EXE和SYS通信(ReadFile WriteFile DO_DIRECT_IO) 直接方式
EXE部分 [cpp] view plaincopy #include <stdio.h> #include <Windows.h> int main (void) { cha ...
- EXE和SYS通信(ReadFile WriteFile DO_BUFFERED_IO) 缓冲区方式
EXE部分 [cpp] view plaincopy #include <stdio.h> #include <Windows.h> int main (void) { cha ...
- EXE和SYS通信IOCTL方式
EXE部分 [cpp] view plaincopy #ifndef IOCTLS_H #define IOCTLS_H #ifndef CTL_CODE #pragma message(&qu ...
- EXE与SYS通信(直接访问模式)
CTL_CODE(DeviceType,Function,Method,Acess); Method是指定数据传递的模式 有这几个值: METHOD_BUFFERED //使用缓冲区方式操作 0 ME ...
- EXE与SYS通信(缓冲模式)
EXE部分 head.h [cpp] view plaincopy #include<winioctl.h> //CTL_CODE #define add_code CTL_CODE(FI ...
- EXE与SYS通信(其他模式)
EXE部分 head.h [cpp] view plaincopy #ifndef CTL_CODE #pragma message("\n \n-----------EXE . Inc ...
- Linux进程通信的四种方式——共享内存、信号量、无名管道、消息队列|实验、代码、分析、总结
Linux进程通信的四种方式--共享内存.信号量.无名管道.消息队列|实验.代码.分析.总结 每个进程各自有不同的用户地址空间,任何一个进程的全局变量在另一个进程中都看不到,所以进程之间要交换数据必须 ...
- 遭遇svchoct.exe,vonine.exe,HBKernel32.sys,ssdtti.sys,System.exe,ublhbztl.sys等2
遭遇svchoct.exe,vonine.exe,HBKernel32.sys,ssdtti.sys,System.exe,ublhbztl.sys等2 endurer 原创 2008-10-23 第 ...
- (转)GPS导航芯片中串口通信同步I/O方式的程序设计
GPS导航芯片中串口通信同步I/O方式的程序设计 时间:2011-01-25 11:38 作者: 来源: Windows CE 是一个开放的.可裁剪的.32位实时嵌入式窗口操作系统,具有可 ...
最新文章
- 2018/8/28-29 Some metaheuristics should be simplified
- Lvs 负载均衡之nat模式配置
- VS.net下编写makefile文件--NMAKE用法
- spring源码分析第五天------springAOP核心原理及源码分析
- Nginx——配置文件
- 依图做语音了!识别精度创中文语音识别新高点
- CDA Day1-3 Excel公式常用函数跟课学习
- 三边定位的最小二乘法运用
- Xcode打包IPA包
- 技术人员的等级划分和资质要求
- 聚沙成塔--爬虫系列(四)(爬取糗事百科段子)
- git和github使用
- 【解决方案】网络异常流量突发分析
- 计算机毕业设计ssm文档资料管理系统
- Axure谷歌浏览器Chrome扩展程序安装方法
- Linux的下Ip计算器
- 小米9私密相册怎么找_小米手机私密相册怎么用?怎么打开查看?
- 自定义View进阶-手绘地图(二)
- 小程序云开发学习笔记(二)
- 脚手架的这个好搭档 今天要重点来介绍下!