实现驱动文件加载
前言:代码实现驱动文件加载,后面在实现绕过写拷贝实现全局HOOK的时候会用到
这里就直接给代码了,就是通过相关的服务API来实现驱动的加载。
注意:代码基于MFC框架写的
功能实现
四个功能实现:
安装驱动
LONG Cmfc_driver_loaderDlg::loadDriver(CString driverPath, CString driverName) { // TODO: 加载驱动模块 if (driverPath.IsEmpty() || driverName.IsEmpty()) { MessageBox(L"检查驱动路径或者名称是否为空", L"提示:"); return FALSE; } this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (this->scMageger == NULL) { MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:"); return FALSE; } SC_HANDLE serviceHandle = CreateService(this->scMageger, driverName, driverName, SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, driverPath, NULL, NULL, NULL, NULL, NULL); if (serviceHandle == NULL) { DWORD error = GetLastError(); if (error == ERROR_SERVICE_EXISTS) { MessageBox(L"服务已经存在", L"提示:"); } else { CString str; str.Format(L"CreateService 错误号为:%d", error); MessageBox(str, L"提示:"); OutputDebugString(str); } CloseServiceHandle(this->scMageger); return FALSE; } CloseServiceHandle(serviceHandle); CloseServiceHandle(this->scMageger); this->scMageger = NULL; return TRUE; }
运行驱动
LONG Cmfc_driver_loaderDlg::runDriver(CString driverPath, CString driverName) { SC_HANDLE serviceHandle; this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (this->scMageger == NULL) { MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:"); return FALSE; } serviceHandle = OpenService(this->scMageger, driverName, SERVICE_ALL_ACCESS); if (serviceHandle == NULL) { DWORD error = GetLastError(); if (error == ERROR_SERVICE_DOES_NOT_EXIST) { MessageBox(L"服务已经不存在", L"提示:"); } else { CString str("OpenService 错误号为:" + error); MessageBox(str, L"提示:"); } return FALSE; } int result = StartService(serviceHandle, 0, NULL); if (result == 0) { DWORD error = GetLastError(); if (error == ERROR_SERVICE_ALREADY_RUNNING) { MessageBox(L"服务已经运行", L"提示:"); return FALSE; } } CloseServiceHandle(serviceHandle); CloseServiceHandle(this->scMageger); this->scMageger = NULL; return TRUE; }
停止启动
LONG Cmfc_driver_loaderDlg::stopDriver(CString driverPath, CString driverName) { SC_HANDLE serviceHandle; SERVICE_STATUS error = { 0 }; this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (this->scMageger == NULL) { MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:"); return FALSE; } serviceHandle = OpenService(this->scMageger, driverName, SERVICE_ALL_ACCESS); if (serviceHandle == NULL) { DWORD error = GetLastError(); if (error == ERROR_SERVICE_DOES_NOT_EXIST) { MessageBox(L"服务已经不存在", L"提示:"); } else { CString str("OpenService 错误号为:" + error); MessageBox(str, L"提示:"); } CloseServiceHandle(serviceHandle); CloseServiceHandle(this->scMageger); return FALSE; } if (ControlService(serviceHandle, SERVICE_CONTROL_STOP, &error)) { CloseServiceHandle(serviceHandle); CloseServiceHandle(this->scMageger); MessageBox(L"停止驱动成功", L"提示:"); return TRUE; } return FALSE; }
卸载驱动
LONG Cmfc_driver_loaderDlg::unloadDriver(CString driverPath, CString driverName) { if (driverPath.IsEmpty() || driverName.IsEmpty()) { MessageBox(L"检查驱动路径或者名称是否为空", L"提示:"); return FALSE; } this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (this->scMageger == NULL) { MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:"); return FALSE; } SC_HANDLE serviceHandle = OpenService(this->scMageger, driverName, SERVICE_ALL_ACCESS); if (serviceHandle == NULL) { DWORD error = GetLastError(); if (error == ERROR_SERVICE_DOES_NOT_EXIST) { MessageBox(L"服务已经不存在", L"提示:"); } else { CString str("OpenService 错误号为:" + error); MessageBox(str, L"提示:"); } return FALSE; } if (!DeleteService(serviceHandle)) { DWORD error = GetLastError(); CString str; str.Format(L"DeleteService 错误号为:%d", error); MessageBox(str, L"提示"); CloseServiceHandle(serviceHandle); CloseServiceHandle(this->scMageger); return FALSE; } CloseServiceHandle(serviceHandle); CloseServiceHandle(this->scMageger); this->scMageger = NULL; return TRUE; }
完整代码
// mfc_driver_loaderDlg.cpp : 实现文件 // #include "stdafx.h" #include "mfc_driver_loader.h" #include "mfc_driver_loaderDlg.h" #include "afxdialogex.h" #ifdef _DEBUG #define new DEBUG_NEW #endif #define DRIVER_PATH L"C:\\WinDriver_getDriverObjectModules.sys" #define DRIVER_NAME L"ThisIsDriver" // 用于应用程序“关于”菜单项的 CAboutDlg 对话框 class CAboutDlg : public CDialogEx { public: CAboutDlg(); // 对话框数据 enum { IDD = IDD_ABOUTBOX }; protected: virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持 // 实现 protected: DECLARE_MESSAGE_MAP() }; CAboutDlg::CAboutDlg() : CDialogEx(CAboutDlg::IDD) { } void CAboutDlg::DoDataExchange(CDataExchange* pDX) { CDialogEx::DoDataExchange(pDX); } BEGIN_MESSAGE_MAP(CAboutDlg, CDialogEx) END_MESSAGE_MAP() // Cmfc_driver_loaderDlg 对话框 Cmfc_driver_loaderDlg::Cmfc_driver_loaderDlg(CWnd* pParent /*=NULL*/) : CDialogEx(Cmfc_driver_loaderDlg::IDD, pParent) { m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); } void Cmfc_driver_loaderDlg::DoDataExchange(CDataExchange* pDX) { CDialogEx::DoDataExchange(pDX); } BEGIN_MESSAGE_MAP(Cmfc_driver_loaderDlg, CDialogEx) ON_WM_SYSCOMMAND() ON_WM_PAINT() ON_WM_QUERYDRAGICON() ON_BN_CLICKED(IDC_BUTTON1, &Cmfc_driver_loaderDlg::OnBnClickedButton1) ON_BN_CLICKED(IDC_BUTTON2, &Cmfc_driver_loaderDlg::OnBnClickedButton2) ON_BN_CLICKED(IDC_BUTTON3, &Cmfc_driver_loaderDlg::OnBnClickedButton3) ON_BN_CLICKED(IDC_BUTTON4, &Cmfc_driver_loaderDlg::OnBnClickedButton4) END_MESSAGE_MAP() // Cmfc_driver_loaderDlg 消息处理程序 BOOL Cmfc_driver_loaderDlg::OnInitDialog() { CDialogEx::OnInitDialog(); // 将“关于...”菜单项添加到系统菜单中。 // IDM_ABOUTBOX 必须在系统命令范围内。 ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX); ASSERT(IDM_ABOUTBOX < 0xF000); CMenu* pSysMenu = GetSystemMenu(FALSE); if (pSysMenu != NULL) { BOOL bNameValid; CString strAboutMenu; bNameValid = strAboutMenu.LoadString(IDS_ABOUTBOX); ASSERT(bNameValid); if (!strAboutMenu.IsEmpty()) { pSysMenu->AppendMenu(MF_SEPARATOR); pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu); } } // 设置此对话框的图标。 当应用程序主窗口不是对话框时,框架将自动 // 执行此操作 SetIcon(m_hIcon, TRUE); // 设置大图标 SetIcon(m_hIcon, FALSE); // 设置小图标 // TODO: 在此添加额外的初始化代码 return TRUE; // 除非将焦点设置到控件,否则返回 TRUE } void Cmfc_driver_loaderDlg::OnSysCommand(UINT nID, LPARAM lParam) { if ((nID & 0xFFF0) == IDM_ABOUTBOX) { CAboutDlg dlgAbout; dlgAbout.DoModal(); } else { CDialogEx::OnSysCommand(nID, lParam); } } // 如果向对话框添加最小化按钮,则需要下面的代码 // 来绘制该图标。 对于使用文档/视图模型的 MFC 应用程序, // 这将由框架自动完成。 void Cmfc_driver_loaderDlg::OnPaint() { if (IsIconic()) { CPaintDC dc(this); // 用于绘制的设备上下文 SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0); // 使图标在工作区矩形中居中 int cxIcon = GetSystemMetrics(SM_CXICON); int cyIcon = GetSystemMetrics(SM_CYICON); CRect rect; GetClientRect(&rect); int x = (rect.Width() - cxIcon + 1) / 2; int y = (rect.Height() - cyIcon + 1) / 2; // 绘制图标 dc.DrawIcon(x, y, m_hIcon); } else { CDialogEx::OnPaint(); } } //当用户拖动最小化窗口时系统调用此函数取得光标 //显示。 HCURSOR Cmfc_driver_loaderDlg::OnQueryDragIcon() { return static_cast<HCURSOR>(m_hIcon); } void Cmfc_driver_loaderDlg::OnBnClickedButton1() { // TODO: 在此添加控件通知处理程序代码 CWnd* pMonitorText = GetDlgItem(IDC_STATIC_MONITOR); LONG pRes = loadDriver(DRIVER_PATH, DRIVER_NAME); if (pRes) { pMonitorText->SetWindowText(L"当前监控状态:\n驱动已加载"); } } void Cmfc_driver_loaderDlg::OnBnClickedButton4() { // TODO: 在此添加控件通知处理程序代码 CWnd* pMonitorText = GetDlgItem(IDC_STATIC_MONITOR); LONG pRes = stopDriver(DRIVER_PATH, DRIVER_NAME); if (pRes) { pMonitorText->SetWindowText(L"当前监控状态:\n驱动已停止"); } } void Cmfc_driver_loaderDlg::OnBnClickedButton2() { // TODO: 在此添加控件通知处理程序代码 CWnd* pMonitorText = GetDlgItem(IDC_STATIC_MONITOR); LONG pRes = unloadDriver(DRIVER_PATH, DRIVER_NAME); if (pRes) { pMonitorText->SetWindowText(L"当前监控状态:\n已关闭"); } } void Cmfc_driver_loaderDlg::OnBnClickedButton3() { // TODO: 在此添加控件通知处理程序代码 CWnd* pMonitorText = GetDlgItem(IDC_STATIC_MONITOR); LONG pRes = runDriver(DRIVER_PATH, DRIVER_NAME); if (pRes) { pMonitorText->SetWindowText(L"当前监控状态:\n已开启"); } } LONG Cmfc_driver_loaderDlg::loadDriver(CString driverPath, CString driverName) { // TODO: 加载驱动模块 if (driverPath.IsEmpty() || driverName.IsEmpty()) { MessageBox(L"检查驱动路径或者名称是否为空", L"提示:"); return FALSE; } this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (this->scMageger == NULL) { MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:"); return FALSE; } SC_HANDLE serviceHandle = CreateService(this->scMageger, driverName, driverName, SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, driverPath, NULL, NULL, NULL, NULL, NULL); if (serviceHandle == NULL) { DWORD error = GetLastError(); if (error == ERROR_SERVICE_EXISTS) { MessageBox(L"服务已经存在", L"提示:"); } else { CString str; str.Format(L"CreateService 错误号为:%d", error); MessageBox(str, L"提示:"); OutputDebugString(str); } CloseServiceHandle(this->scMageger); return FALSE; } CloseServiceHandle(serviceHandle); CloseServiceHandle(this->scMageger); this->scMageger = NULL; return TRUE; } LONG Cmfc_driver_loaderDlg::unloadDriver(CString driverPath, CString driverName) { if (driverPath.IsEmpty() || driverName.IsEmpty()) { MessageBox(L"检查驱动路径或者名称是否为空", L"提示:"); return FALSE; } this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (this->scMageger == NULL) { MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:"); return FALSE; } SC_HANDLE serviceHandle = OpenService(this->scMageger, driverName, SERVICE_ALL_ACCESS); if (serviceHandle == NULL) { DWORD error = GetLastError(); if (error == ERROR_SERVICE_DOES_NOT_EXIST) { MessageBox(L"服务已经不存在", L"提示:"); } else { CString str("OpenService 错误号为:" + error); MessageBox(str, L"提示:"); } return FALSE; } if (!DeleteService(serviceHandle)) { DWORD error = GetLastError(); CString str; str.Format(L"DeleteService 错误号为:%d", error); MessageBox(str, L"提示"); CloseServiceHandle(serviceHandle); CloseServiceHandle(this->scMageger); return FALSE; } CloseServiceHandle(serviceHandle); CloseServiceHandle(this->scMageger); this->scMageger = NULL; return TRUE; } LONG Cmfc_driver_loaderDlg::runDriver(CString driverPath, CString driverName) { SC_HANDLE serviceHandle; this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (this->scMageger == NULL) { MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:"); return FALSE; } serviceHandle = OpenService(this->scMageger, driverName, SERVICE_ALL_ACCESS); if (serviceHandle == NULL) { DWORD error = GetLastError(); if (error == ERROR_SERVICE_DOES_NOT_EXIST) { MessageBox(L"服务已经不存在", L"提示:"); } else { CString str("OpenService 错误号为:" + error); MessageBox(str, L"提示:"); } return FALSE; } int result = StartService(serviceHandle, 0, NULL); if (result == 0) { DWORD error = GetLastError(); if (error == ERROR_SERVICE_ALREADY_RUNNING) { MessageBox(L"服务已经运行", L"提示:"); return FALSE; } } CloseServiceHandle(serviceHandle); CloseServiceHandle(this->scMageger); this->scMageger = NULL; return TRUE; } LONG Cmfc_driver_loaderDlg::stopDriver(CString driverPath, CString driverName) { SC_HANDLE serviceHandle; SERVICE_STATUS error = { 0 }; this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (this->scMageger == NULL) { MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:"); return FALSE; } serviceHandle = OpenService(this->scMageger, driverName, SERVICE_ALL_ACCESS); if (serviceHandle == NULL) { DWORD error = GetLastError(); if (error == ERROR_SERVICE_DOES_NOT_EXIST) { MessageBox(L"服务已经不存在", L"提示:"); } else { CString str("OpenService 错误号为:" + error); MessageBox(str, L"提示:"); } CloseServiceHandle(serviceHandle); CloseServiceHandle(this->scMageger); return FALSE; } if (ControlService(serviceHandle, SERVICE_CONTROL_STOP, &error)) { CloseServiceHandle(serviceHandle); CloseServiceHandle(this->scMageger); MessageBox(L"停止驱动成功", L"提示:"); return TRUE; } return FALSE; }
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY