IRP 续二
在第一篇中ring3的调用程序设置了DeviceIoControl 但是在驱动中未设置IRP_MJ_DEVICE_CONTROL现在补上代码
#define IOCODE CTL_CODE(FILE_DEVICE_UNKNOWN,0x800,METHOD_BUFFERED,FILE_ANY_ACCESS ) //0x0000-0x7FFF:微软保留 0x800-0xFFF 由用户自定义(因为我在ring3用800) #pragma code_seg( "PAGE" ) NTSTATUS DeviceControl(PDEVICE_OBJECT pDevice, PIRP irp) { PCHAR buffer=NULL; ULONG InBufferLenth=0; ULONG OutBufferLenth=0; ULONG code=0; PDEVICE_EXT pDExt; PIO_STACK_LOCATION pStack = NULL; pDExt=(PDEVICE_EXT)pDevice->DeviceExtension; pStack = IoGetCurrentIrpStackLocation( irp ); InBufferLenth=pStack->Parameters.DeviceIoControl.InputBufferLength; OutBufferLenth=pStack->Parameters.DeviceIoControl.OutputBufferLength; code=pStack->Parameters.DeviceIoControl.IoControlCode; switch(code) { case IOCODE: KdPrint(("DeviceControl In ox800 \r\n")); buffer=(PCHAR)irp->AssociatedIrp.SystemBuffer;//读取ring3 下DeviceIoControl的输入缓冲区数据 if(buffer!=NULL) KdPrint(("buffer form DeviceIoControl :%s\r\n",buffer)); //设置输出缓冲区数据 ring3 下DeviceIoControl的输出缓冲区数据 RtlFillMemory(buffer,OutBufferLenth,'A'); break; default: OutBufferLenth=0; break; } irp->IoStatus.Information = OutBufferLenth; irp->IoStatus.Status = STATUS_SUCCESS; IoCompleteRequest( irp, IO_NO_INCREMENT ); KdPrint(( "Irp_DispatchRoutine 执行完毕" )); return STATUS_SUCCESS; }
入口处为其指定派遣函数
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=DeviceControl;
ring3中 DeviceIoControl
BOOL WINAPI DeviceIoControl( __in HANDLE hDevice,//已经打开的设备 __in DWORD dwIoControlCode,//控制码 __in_bcount_opt(nInBufferSize) LPVOID lpInBuffer,//输入缓冲区 __in DWORD nInBufferSize,//输入缓存区大小 __out_bcount_part_opt(nOutBufferSize, *lpBytesReturned) LPVOID lpOutBuffer,//输出缓冲区 __in DWORD nOutBufferSize,//输出缓冲区大小 __out_opt LPDWORD lpBytesReturned,//实际返回字节数 就是驱动程序中对应的派遣函数中IRP->IoStatus.Information __inout_opt LPOVERLAPPED lpOverlapped//是否Overlap操作 );
DWORD dwIoControlCode =CTL_CODE(DeviceType,Funtion,Method,Accsee)
DeviceType:对应的时驱动程序中创建设备时的类型 查看IRP 续一的CreateDevice 是FILE_DEVICE_UNKNOWN
Funtion :驱动程序定义的IOCTL码0x0000-0x7FFF:微软保留 0x800-0xFFF 由用户自定义 我这边是0x800
Method :操作模式 包含
METHOD_BUFFERED 缓冲区模式操作
METHOD_IN_DIRECT 直接写方式操作
METHOD_OUT_DIRECT 直接读方式操作
METHOD_NEITHER 其他操作
Accsee :访问权限 如果无特殊要求一般是FILE_ANY_ACCESS
运行结果