EXE和SYS通信(ReadFile WriteFile) 其他方式

EXE部分

[cpp] view plaincopy

#include <stdio.h>
#include <Windows.h>
int main (void)
{
char linkname[]="\\\\.\\HelloDDK";
HANDLE hDevice = CreateFileA(linkname,GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if (hDevice == INVALID_HANDLE_VALUE)
{
printf("Win32 error code: %d\n",GetLastError());
return 1;
}
UCHAR buffer[10]={0};
ULONG ulRead=0;
if (ReadFile(hDevice,buffer,10,&ulRead,NULL))
{
printf("Read %d bytes:",ulRead);
for (int i=0;i<(int)ulRead;i++)
{
printf("%02X ",buffer[i]);
}
printf("\n");
}
getchar();
getchar();
ulRead=0;
if (WriteFile(hDevice,buffer,10,&ulRead,NULL))
{
printf("write %d bytes\n",ulRead);
for (int i=0;i<(int)ulRead;i++)
{
printf("%02X ",buffer[i]);
}
printf("\n");
}
CloseHandle(hDevice);
getchar();
getchar();
return 0;
}

SYS部分

[cpp] view plaincopy

#pragma once
#include <ntddk.h>
#define CountArray(Array) ( sizeof(Array) / sizeof(Array[0]) )
#define MAX_FILE_LENGTH 1024
typedef struct _DEVICE_EXTENSION
{
PDEVICE_OBJECT pDevice; //设备对象
UNICODE_STRING ustrDeviceName; //设备名称
UNICODE_STRING ustrSymLinkName; //符号名称
PUCHAR buffer; //缓冲区指针
ULONG file_length; //缓冲区长度
}DEVICE_EXTENSION,*PDEVICE_EXTENSION;
#ifdef __cplusplus
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath);
#endif
void HelloUnload(IN PDRIVER_OBJECT DriverObject); //卸载函数
NTSTATUS CreateDevice(PDRIVER_OBJECT PDevObj); //创建设备
NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp); //派遣函数
NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP); //读请求派遣函数
NTSTATUS HelloDDKWrite(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP); //写请求派遣函数

[cpp] view plaincopy

#include "hello.h"
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
DbgPrint("Hello from!\n");
DriverObject->DriverUnload = HelloUnload;
for (int i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)
{
DriverObject->MajorFunction[i]=HelloDDKDispatchRoutine;
}
DriverObject->MajorFunction[IRP_MJ_READ]=HelloDDKRead; //设置读派遣函数
DriverObject->MajorFunction[IRP_MJ_WRITE]=HelloDDKWrite; //设置写派遣函数
//#if DBG
// _asm int 3
//#endif
//创建设备
CreateDevice(DriverObject);
return STATUS_SUCCESS;
}
//读派遣函数
NTSTATUS HelloDDKRead(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP)
{
//#if DBG
// _asm int 3
//#endif
PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
NTSTATUS status=STATUS_SUCCESS;
PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrP); //获取当前堆栈
ULONG ulReadLength=stack->Parameters.Read.Length; //获取读的长度
ULONG ulReadOffset=(ULONG)stack->Parameters.Read.ByteOffset.QuadPart; //获取读的偏移
PVOID user_address=pIrP->UserBuffer; //获取用户模式地址
if (user_address==NULL)
{
ASSERT(FALSE);
//完成IRP
pIrP->IoStatus.Status=STATUS_UNSUCCESSFUL; //设置完成状态
pIrP->IoStatus.Information=0; //设置读取长度
IoCompleteRequest(pIrP,IO_NO_INCREMENT); //完成IRP
return status;
}
DbgPrint("0X%0X\n",user_address);
__try
{
//判断指针是否可写
ProbeForWrite(user_address,ulReadLength,4);
memset(user_address,0XAA,ulReadLength);
DbgPrint("测试下");
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
DbgPrint("打我PG我不乖\n");
status=STATUS_UNSUCCESSFUL;
}
//完成IRP
pIrP->IoStatus.Status=status; //设置完成状态
pIrP->IoStatus.Information=ulReadLength; //设置读取长度
IoCompleteRequest(pIrP,IO_NO_INCREMENT); //完成IRP
return status;
}
//写派遣函数
NTSTATUS HelloDDKWrite(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP)
{
//#if DBG
// _asm int 3
//#endif
PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
NTSTATUS status=STATUS_SUCCESS;
PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrP);
ULONG ulWriteLength=stack->Parameters.Read.Length; //获取写的长度
ULONG ulReadOffset=(ULONG)stack->Parameters.Read.ByteOffset.QuadPart; //获取写的偏移
PVOID user_address=pIrP->UserBuffer; //获取用户模式地址
if (user_address==NULL)
{
ASSERT(FALSE);
//完成IRP
pIrP->IoStatus.Status=STATUS_UNSUCCESSFUL; //设置完成状态
pIrP->IoStatus.Information=0; //设置读取长度
IoCompleteRequest(pIrP,IO_NO_INCREMENT); //完成IRP
return status;
}
DbgPrint("0X%0X\n",user_address);
__try
{
//判断指针是否可写
ProbeForWrite(user_address,ulWriteLength,4);
UCHAR buffer[10]={0};
memcpy(buffer,user_address,ulWriteLength);
for (int i=0;i<(int)ulWriteLength;i++)
{
DbgPrint("%02x\n",buffer[i]);
}
memset(user_address,0XAA,ulWriteLength);
DbgPrint("测试下");
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
DbgPrint("打我PG我不乖\n");
status=STATUS_UNSUCCESSFUL;
}
//完成IRP
pIrP->IoStatus.Status=status; //设置完成状态
pIrP->IoStatus.Information=ulWriteLength; //设置写取长度
IoCompleteRequest(pIrP,IO_NO_INCREMENT); //完成IRP
return status;
}
//卸载函数
void HelloUnload(IN PDRIVER_OBJECT DriverObject)
{
DbgPrint("Goodbye from!\n");
PDEVICE_OBJECT pNextObj=NULL;
pNextObj=DriverObject->DeviceObject;
while (pNextObj)
{
PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pNextObj->DeviceExtension;
//释放内存
if (pDevExt->buffer)
{
ExFreePool(pDevExt->buffer);
pDevExt->buffer=NULL;
}
//删除符号连接
IoDeleteSymbolicLink(&pDevExt->ustrSymLinkName);
//删除设备
IoDeleteDevice(pDevExt->pDevice);
pNextObj=pNextObj->NextDevice;
}
}
//创建设备
NTSTATUS CreateDevice(PDRIVER_OBJECT pDriver_Object)
{
//定义变量
NTSTATUS status=STATUS_SUCCESS;
PDEVICE_OBJECT pDevObje=NULL;
PDEVICE_EXTENSION pDevExt=NULL;
//初始化字符串
UNICODE_STRING devname;
UNICODE_STRING symLinkName;
RtlInitUnicodeString(&devname,L"\\device\\hello");
RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");
//创建设备
if (IoCreateDevice(pDriver_Object,sizeof(PDEVICE_EXTENSION),&devname,FILE_DEVICE_UNKNOWN,NULL,TRUE,&pDevObje)!=STATUS_SUCCESS )
{
DbgPrint("创建设备失败\n");
return status;
}
pDevExt=(PDEVICE_EXTENSION)pDevObje->DeviceExtension;
pDevExt->pDevice=pDevObje;
pDevExt->ustrDeviceName=devname;
pDevExt->ustrSymLinkName=symLinkName;
//申请模拟文件的缓冲区
pDevExt->buffer=(PUCHAR)ExAllocatePool(PagedPool,MAX_FILE_LENGTH);
pDevExt->file_length=0;
if (pDevExt->buffer==NULL)
{
DbgPrint("内存分配失败\n");
}
//创建符号连接
if (IoCreateSymbolicLink(&symLinkName,&devname)!=STATUS_SUCCESS )
{
DbgPrint("创建符号连接失败\n");
IoDeleteDevice(pDevObje);
return status;
}
return STATUS_SUCCESS;
}
//派遣函数
NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrP)
{
//#if DBG
// _asm int 3
//#endif
PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrP);
//建立一个字符串数组与IRP类型对应起来
static char* irpname[] =
{
"IRP_MJ_CREATE",
"IRP_MJ_CREATE_NAMED_PIPE",
"IRP_MJ_CLOSE",
"IRP_MJ_READ",
"IRP_MJ_WRITE",
"IRP_MJ_QUERY_INFORMATION",
"IRP_MJ_SET_INFORMATION",
"IRP_MJ_QUERY_EA",
"IRP_MJ_SET_EA",
"IRP_MJ_FLUSH_BUFFERS",
"IRP_MJ_QUERY_VOLUME_INFORMATION",
"IRP_MJ_SET_VOLUME_INFORMATION",
"IRP_MJ_DIRECTORY_CONTROL",
"IRP_MJ_FILE_SYSTEM_CONTROL",
"IRP_MJ_DEVICE_CONTROL",
"IRP_MJ_INTERNAL_DEVICE_CONTROL",
"IRP_MJ_SHUTDOWN",
"IRP_MJ_LOCK_CONTROL",
"IRP_MJ_CLEANUP",
"IRP_MJ_CREATE_MAILSLOT",
"IRP_MJ_QUERY_SECURITY",
"IRP_MJ_SET_SECURITY",
"IRP_MJ_POWER",
"IRP_MJ_SYSTEM_CONTROL",
"IRP_MJ_DEVICE_CHANGE",
"IRP_MJ_QUERY_QUOTA",
"IRP_MJ_SET_QUOTA",
"IRP_MJ_PNP",
};
UCHAR type = stack->MajorFunction;
if (type >= CountArray(irpname))
KdPrint(("无效的IRP类型 %X\n", type));
else
KdPrint(("%s\n", irpname[type]));
pIrP->IoStatus.Status=STATUS_SUCCESS; //设置完成状态
pIrP->IoStatus.Information=0; //设置操作字节为0
IoCompleteRequest(pIrP,IO_NO_INCREMENT); //结束IRP派遣函数，第二个参数表示不增加优先级
return STATUS_SUCCESS;
}

EXE和SYS通信(ReadFile WriteFile) 其他方式相关推荐

EXE和SYS通信(ReadFile WriteFile DO_DIRECT_IO) 直接方式
EXE部分 [cpp] view plaincopy #include <stdio.h> #include <Windows.h> int main (void) { cha ...
EXE和SYS通信(ReadFile WriteFile DO_BUFFERED_IO) 缓冲区方式
EXE部分 [cpp] view plaincopy #include <stdio.h> #include <Windows.h> int main (void) { cha ...
EXE和SYS通信IOCTL方式
EXE部分 [cpp] view plaincopy #ifndef IOCTLS_H #define IOCTLS_H #ifndef CTL_CODE #pragma message(&qu ...
EXE与SYS通信(直接访问模式)
CTL_CODE(DeviceType,Function,Method,Acess); Method是指定数据传递的模式有这几个值: METHOD_BUFFERED //使用缓冲区方式操作 0 ME ...
EXE与SYS通信(缓冲模式)
EXE部分 head.h [cpp] view plaincopy #include<winioctl.h> //CTL_CODE #define add_code CTL_CODE(FI ...
EXE与SYS通信(其他模式)
EXE部分 head.h [cpp] view plaincopy #ifndef CTL_CODE #pragma message("\n \n-----------EXE . Inc ...
Linux进程通信的四种方式——共享内存、信号量、无名管道、消息队列｜实验、代码、分析、总结
Linux进程通信的四种方式--共享内存.信号量.无名管道.消息队列|实验.代码.分析.总结每个进程各自有不同的用户地址空间,任何一个进程的全局变量在另一个进程中都看不到,所以进程之间要交换数据必须 ...
遭遇svchoct.exe,vonine.exe,HBKernel32.sys,ssdtti.sys,System.exe,ublhbztl.sys等2
遭遇svchoct.exe,vonine.exe,HBKernel32.sys,ssdtti.sys,System.exe,ublhbztl.sys等2 endurer 原创 2008-10-23 第 ...
（转）GPS导航芯片中串口通信同步I/O方式的程序设计
GPS导航芯片中串口通信同步I/O方式的程序设计时间:2011-01-25 11:38 作者: 来源: Windows CE 是一个开放的.可裁剪的.32位实时嵌入式窗口操作系统,具有可 ...

EXE和SYS通信(ReadFile WriteFile) 其他方式

EXE和SYS通信(ReadFile WriteFile) 其他方式相关推荐

最新文章

热门文章