《寒江独钓-Windows内核安全编程》学习笔记1-串口过滤

View Code
 1 #pragma once
2
3 #ifdef __cplusplus
4 extern "C"
5 {
6 #endif
7 #include <NTDDK.h>
8 #include <ntstrsafe.h>
9 #ifdef __cplusplus
10 }
11 #endif
12
13 #define PAGEDCODE code_seg("PAGE")
14 #define LOCKEDCODE code_seg()
15 #define INITCODE code_seg("INIT")
16
17 #define PAGEDDATA data_seg("PAGE")
18 #define LOCKEDDATA data_seg()
19 #define INITDATA data_seg("INIT")
20
21 #define arraysize(p) (sizeof(p)/sizeof((p)[0]))
22
23 typedef struct _DEVICE_EXTENSION {
24 PDEVICE_OBJECT pDevice;
25 PDEVICE_OBJECT pNextDeviceObj;
26 UNICODE_STRING ustrDeviceName; //设备名称
27 UNICODE_STRING ustrSymLinkName; //符号链接名
28 } DEVICE_EXTENSION, *PDEVICE_EXTENSION;
29
30 //默认分发函数
31 NTSTATUS ccpGeneralDispath(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);
32 //写请求
33 NTSTATUS ccpDispatchWrite(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);
34
35 //卸载函数
36 VOID ccpUnload(IN PDRIVER_OBJECT pDriverObject);
37
38 void ccpAttachAllComs( PDRIVER_OBJECT pDriverObject );
39
40 //打开一个串口
41 PDEVICE_OBJECT ccpOpenCom( int i, NTSTATUS* status );
42
43 //绑定设备
44 NTSTATUS ccpAttachDevice(PDRIVER_OBJECT pDriverObject,PDEVICE_OBJECT com_ob);

 

cpp代码

View Code
  1 #include "comcapex.h"
2
3 #define CCP_MAX_COM_ID 32
4
5 //入口函数
6 #pragma INITCODE
7 extern "C" NTSTATUS DriverEntry (IN PDRIVER_OBJECT pDriverObject,IN PUNICODE_STRING pRegistryPath)
8 {
9 KdPrint(("Enter DriverEntry\n"));
10
11 for (int i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)
12 {
13 pDriverObject->MajorFunction[i]=ccpGeneralDispath;
14 }
15
16 //只处理写请求
17 pDriverObject->MajorFunction[IRP_MJ_WRITE]=ccpDispatchWrite;
18
19 //动态卸载
20 pDriverObject->DriverUnload=ccpUnload;
21
22 ccpAttachAllComs(pDriverObject);
23
24 KdPrint(("DriverEntry end\n"));
25
26 return STATUS_SUCCESS;
27 }
28
29 NTSTATUS ccpGeneralDispath( IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp )
30 {
31 KdPrint(("Enter GeneralDispatchRoutin\n"));
32
33 PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);
34
35 //建立一个字符串数组与IRP类型对应起来
36 static char* irpname[] =
37 {
38 "IRP_MJ_CREATE",
39 "IRP_MJ_CREATE_NAMED_PIPE",
40 "IRP_MJ_CLOSE",
41 "IRP_MJ_READ",
42 "IRP_MJ_WRITE",
43 "IRP_MJ_QUERY_INFORMATION",
44 "IRP_MJ_SET_INFORMATION",
45 "IRP_MJ_QUERY_EA",
46 "IRP_MJ_SET_EA",
47 "IRP_MJ_FLUSH_BUFFERS",
48 "IRP_MJ_QUERY_VOLUME_INFORMATION",
49 "IRP_MJ_SET_VOLUME_INFORMATION",
50 "IRP_MJ_DIRECTORY_CONTROL",
51 "IRP_MJ_FILE_SYSTEM_CONTROL",
52 "IRP_MJ_DEVICE_CONTROL",
53 "IRP_MJ_INTERNAL_DEVICE_CONTROL",
54 "IRP_MJ_SHUTDOWN",
55 "IRP_MJ_LOCK_CONTROL",
56 "IRP_MJ_CLEANUP",
57 "IRP_MJ_CREATE_MAILSLOT",
58 "IRP_MJ_QUERY_SECURITY",
59 "IRP_MJ_SET_SECURITY",
60 "IRP_MJ_POWER",
61 "IRP_MJ_SYSTEM_CONTROL",
62 "IRP_MJ_DEVICE_CHANGE",
63 "IRP_MJ_QUERY_QUOTA",
64 "IRP_MJ_SET_QUOTA",
65 "IRP_MJ_PNP",
66 };
67
68 UCHAR type = stack->MajorFunction;
69 if (type >= arraysize(irpname))
70 KdPrint((" - Unknown IRP, major type %X\n", type));
71 else
72 KdPrint(("\t%s\n", irpname[type]));
73
74
75 //对一般IRP的简单操作,后面会介绍对IRP更复杂的操作
76 NTSTATUS status = STATUS_SUCCESS;
77 // 完成IRP
78 //pIrp->IoStatus.Status = status;
79 //pIrp->IoStatus.Information = 0; // bytes xfered
80 //IoCompleteRequest( pIrp, IO_NO_INCREMENT );
81
82 if (type==IRP_MJ_POWER)
83 {
84 PoStartNextPowerIrp(pIrp);
85 }
86 IoSkipCurrentIrpStackLocation(pIrp);
87
88 //获取设备拓展
89 PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
90
91 KdPrint(("Leave GeneralDispatchRoutin\n"));
92
93
94 return PoCallDriver(pDevExt->pNextDeviceObj,pIrp);
95 }
96
97 NTSTATUS ccpDispatchWrite( IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp )
98 {
99 KdPrint(("Enter write dispatch\n"));
100
101 PIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrp);
102
103 if (pDevObj==NULL)
104 {
105 KdPrint(("device is null\n"));
106
107
108 return STATUS_UNSUCCESSFUL;
109 }
110 else
111 {
112 //如果写 先获得长度
113 ULONG len=stack->Parameters.Write.Length;
114 //然后获得缓冲区
115 PUCHAR buf=NULL;
116 if (pIrp->MdlAddress!=NULL)
117 {
118 buf=(PUCHAR)MmGetSystemAddressForMdlSafe(pIrp->MdlAddress,NormalPagePriority);
119 }
120 else
121 {
122 buf=(PUCHAR)pIrp->UserBuffer;
123 }
124 if (buf==NULL)
125 {
126 buf=(PUCHAR)pIrp->AssociatedIrp.SystemBuffer;
127 }
128 //打印内容
129 for (ULONG j=0;j<len;j++)
130 {
131 KdPrint(("comcap: send data:%2x\r\n",buf[j]));
132 }
133 }
134
135 //将请求 直接下发执行
136 IoSkipCurrentIrpStackLocation(pIrp);
137
138
139 //获取设备拓展
140 PDEVICE_EXTENSION pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
141
142
143 return IoCallDriver(pDevExt->pNextDeviceObj,pIrp);
144 }
145
146
147 #define DELAY_ONE_MICROSECOND (-10)
148 #define DELAY_ONE_MILLISECOND (DELAY_ONE_MICROSECOND*1000)
149 #define DELAY_ONE_SECOND (DELAY_ONE_MILLISECOND*1000)
150 //卸载函数
151 VOID ccpUnload( IN PDRIVER_OBJECT pDriverObject )
152 {
153 LARGE_INTEGER interval;
154 //解除绑定
155 PDEVICE_OBJECT pDevObj=pDriverObject->DeviceObject;
156
157 PDEVICE_OBJECT pNextDevObj=NULL;
158
159 PDEVICE_EXTENSION pDevExt=NULL;
160
161 while (pDevObj!=NULL)
162 {
163 pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension;
164
165 if (pDevExt->pNextDeviceObj!=NULL)
166 {
167 KdPrint(("detach\n"));
168
169 IoDetachDevice(pDevExt->pNextDeviceObj);
170 }
171 pDevObj=pDevObj->NextDevice;
172 }
173
174 //睡眠5秒 等待所有IRP处理结束
175 interval.QuadPart=(5*1000*DELAY_ONE_MILLISECOND);
176 KeDelayExecutionThread(KernelMode,FALSE,&interval);
177
178 //删除设备
179 pDevObj=pDriverObject->DeviceObject;
180 while (pDevObj!=NULL)
181 {
182 pNextDevObj=pDevObj->NextDevice;
183
184 KdPrint(("delete device\n"));
185
186 IoDeleteDevice(pDevObj);
187
188 pDevObj=pNextDevObj;
189 }
190 }
191
192 void ccpAttachAllComs( PDRIVER_OBJECT pDriverObject )
193 {
194 PDEVICE_OBJECT pDevObj=NULL;
195 NTSTATUS status=STATUS_SUCCESS;
196
197 //绑定所有设备对象
198 for (int i=0;i<CCP_MAX_COM_ID;i++)
199 {
200 pDevObj=ccpOpenCom(i,&status);
201 if (pDevObj==NULL)
202 {
203 continue;
204 }
205 //绑定
206 ccpAttachDevice(pDriverObject,pDevObj);
207 }
208 }
209
210 PDEVICE_OBJECT ccpOpenCom( int i, NTSTATUS* status )
211 {
212 UNICODE_STRING name_str;
213 static WCHAR name[32]={0};
214 PFILE_OBJECT fileobj=NULL;
215 PDEVICE_OBJECT devobj=NULL;
216
217 //输入字符串
218 memset(name,0,sizeof(WCHAR)*32);
219 RtlStringCchPrintfW(name,32,L"\\Device\\Serial%d",i);
220
221 RtlInitUnicodeString(&name_str,name);
222
223 //打开设备对象
224 *status=IoGetDeviceObjectPointer(&name_str,FILE_ALL_ACCESS,&fileobj,&devobj);
225 if (*status==STATUS_SUCCESS)
226 {
227 ObDereferenceObject(fileobj);
228 }
229 return devobj;
230 }
231
232 //com_ob 底层设备指针
233 NTSTATUS ccpAttachDevice( PDRIVER_OBJECT pDriverObject,PDEVICE_OBJECT com_ob )
234 {
235 NTSTATUS status;
236
237 PDEVICE_OBJECT topDev=NULL;
238 PDEVICE_OBJECT pDevObjCreate=NULL;
239 PDEVICE_EXTENSION pDevExt=NULL;
240
241 //生成设备 然后绑定
242
243 status=IoCreateDevice(pDriverObject,sizeof(DEVICE_EXTENSION),NULL,com_ob->DeviceType,0,FALSE,&pDevObjCreate);
244 if (status!=STATUS_SUCCESS)
245 {
246 return status;
247 }
248 //拷贝重要标志位
249 if (com_ob->Flags&DO_BUFFERED_IO)
250 {
251 pDevObjCreate->Flags|=DO_BUFFERED_IO;
252 }
253 if (com_ob->Flags&DO_DIRECT_IO)
254 {
255 pDevObjCreate->Flags|=DO_DIRECT_IO;
256 }
257 if (com_ob->Characteristics&FILE_DEVICE_SECURE_OPEN)
258 {
259 pDevObjCreate->Characteristics|=FILE_DEVICE_SECURE_OPEN;
260 }
261 pDevObjCreate->Flags|=DO_POWER_PAGABLE;
262 //设置扩展信息
263 pDevExt=(PDEVICE_EXTENSION)pDevObjCreate->DeviceExtension;
264 pDevExt->pDevice=pDevObjCreate;
265
266 //绑定到另一设备上
267 topDev=IoAttachDeviceToDeviceStack(pDevObjCreate,com_ob);
268 if (topDev==NULL)
269 {
270 //绑定失败 销毁设备
271 IoDeleteDevice(pDevObjCreate);
272 pDevObjCreate=NULL;
273 status=STATUS_UNSUCCESSFUL;
274 return status;
275 }
276 KdPrint(("attach successfully\n"));
277
278 pDevExt->pNextDeviceObj=topDev;
279
280 //设置这个设备已经启动
281 pDevObjCreate->Flags=pDevObjCreate->Flags&~DO_DEVICE_INITIALIZING;
282
283 return STATUS_SUCCESS;
284 }



posted @ 2012-02-23 21:44  ljinshuan  阅读(891)  评论(0编辑  收藏  举报