(十一)、IRP与派遣函数
IRP
1、IRP结构
MdlAddress : 内存描述符
UserBuffer : 用户缓冲区
Tail:IRP的尾部,保存了一个联合体
Paramters:从应用层传递来的参数
2、IRP类型
IRP一共有28种
3、编写派遣函数
我们需要在每个派遣函数里面都要调用函数 IoCompleteRequest,我们一般设置为优先级不改变,即IO_NO_INCREMENT
代码
0环代码:
#include <ntddk.h> VOID Unload(PDRIVER_OBJECT driver) { UNICODE_STRING SymbolicLinkName = RTL_CONSTANT_STRING(L"\\??\\DDK"); IoDeleteSymbolicLink(&SymbolicLinkName); IoDeleteDevice(driver->DeviceObject); DbgPrint("Driver Unload\n"); } NTSTATUS DispatchRoution(IN PDEVICE_OBJECT DeciceObject, IN PIRP Irp) { static CHAR* irpname[] = { " IRP_MJ_CREATE " , " IRP_MJ_CREATE_NAMED_PIPE " , " IRP_MJ_CLOSE " , " IRP_MJ_READ " , " IRP_MJ_WRITE " , " IRP_MJ_QUERY_INFORMATION " , " IRP_MJ_SET_INFORMATION " , " IRP_MJ_QUERY_EA " , " IRP_MJ_SET_EA " , " IRP_MJ_FLUSH_BUFFERS " , " IRP_MJ_QUERY_VOLUME_INFORMATI " , " IRP_MJ_SET_VOLUME_INFORMATION " , " IRP_MJ_DIRECTORY_CONTROL " , " IRP_MJ_FILE_SYSTEM_CONTROL " , " IRP_MJ_DEVICE_CONTROL " , " IRP_MJ_INTERNAL_DEVICE_CONTRO " , " IRP_MJ_SHUTDOWN " , " IRP_MJ_LOCK_CONTROL " , " IRP_MJ_CLEANUP " , " IRP_MJ_CREATE_MAILSLOT " , " IRP_MJ_QUERY_SECURITY " , " IRP_MJ_SET_SECURITY " , " IRP_MJ_POWER " , " IRP_MJ_SYSTEM_CONTROL " , " IRP_MJ_DEVICE_CHANGE " , " IRP_MJ_QUERY_QUOTA " , " IRP_MJ_SET_QUOTA " , " IRP_MJ_PNP " }; PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);//IRP栈单元// DbgPrint("%s\n", irpname[stack->MajorFunction]); Irp->IoStatus.Information = 0; //返回状态// Irp->IoStatus.Status = STATUS_SUCCESS; IoCompleteRequest(Irp, IO_NO_INCREMENT);//优先级不改变// return STATUS_SUCCESS; } NTSTATUS DriverEntry(PDRIVER_OBJECT driver) { DbgPrint("Driver Load\n"); //PCHAR buff = NULL; NTSTATUS status; UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(L"\\Device\\MyDDK"); UNICODE_STRING SymbolName = RTL_CONSTANT_STRING(L"\\??\\DDK"); PDEVICE_OBJECT DeviceObject; for (int i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++) { driver->MajorFunction[i] = DispatchRoution; } status = IoCreateDevice(driver,0,&DeviceName,FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN,FALSE,&DeviceObject);//创建设备// if (!NT_SUCCESS(status)) { DbgPrint("创建设备成功\n"); return status; } status = IoCreateSymbolicLink(&SymbolName, &DeviceName); //创建符号链接// if (!NT_SUCCESS(status)) { DbgPrint("符号链接创建失败\n"); IoDeleteDevice(DeviceObject); return status; } driver->Flags |= DO_BUFFERED_IO; driver->Flags &= ~DO_DEVICE_INITIALIZING; driver->DriverUnload = Unload; return STATUS_SUCCESS; }
三环代码:
// 三环代码.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。 // #include <iostream> #include <stdio.h> #include <Windows.h> using namespace std; #define IOTEST CTL_CODE(FILE_DEVICE_UNKNOWN,0x800,METHOD_BUFFERED,FILE_ANY_ACCESS) int main() { // \\\\.\\ 相当于 \\?\\ // HANDLE hDevice = CreateFile(TEXT("\\\\.\\DDK"), GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hDevice == INVALID_HANDLE_VALUE) { cout << "打开设备失败" <<GetLastError(); getchar(); return -1; } DWORD dwRet; ReadFile(hDevice, NULL, 0, &dwRet, NULL); WriteFile(hDevice, NULL, 0, &dwRet, NULL); GetFileSize(hDevice, NULL); DeviceIoControl(hDevice, IOTEST, NULL, 0, NULL, 0, &dwRet, NULL); CloseHandle(hDevice); getchar(); return 0; }
其中 Create内部把\\\\.\\ 替换成 \\?\\
