驱动入门 R3与R0的通信

119 阅读 0 评论 79 点赞

我是靠谱客的博主危机毛衣，这篇文章主要介绍驱动入门 R3与R0的通信，现在分享给大家，希望可以做个参考。

哇这一段时间是很自闭的主要的原因还是因为我们老师还有学长给我了一道Linux逆向题我死活都不会做。。。凉凉

然后我就继续学习驱动了然后根据一些学习资料写了一下驱动程序与应用层的程序的通信大概就是缓冲区的方法然后因为虚拟机里面没有安装vs 我就用codeblocks写的但是发现报错了后来百度了一下发现定义了一下 UNCODE就可以了然后就成了

R0代码：

复制代码

#include <ntddk.h>
#define DEVICE_OBJECT_NAME  L"\Device\BufferedIODeviceObjectName"
#define DEVICE_LINK_NAME    L"\DosDevices\BufferedIODevcieLinkName"
void dirver(IN PDRIVER_OBJECT pDriveObject)
{
	KdPrint(("驱动已经卸载！n"));
	DbgPrint("卸载成功！\n");
}
NTSTATUS pass(IN PDEVICE_OBJECT DeviceObject, IN PIRP pIrp)
{
	pIrp->IoStatus.Status = STATUS_SUCCESS;
	pIrp->IoStatus.Information = 0;
	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
	return STATUS_SUCCESS;
}
NTSTATUS Read(IN PDEVICE_OBJECT DeviceObject, IN PIRP pIrp)
{
	KdPrint(("程序已经开始运行！n"));
	NTSTATUS flag = STATUS_SUCCESS;
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);
	ULONG u_len = stack->Parameters.Read.Length;
	pIrp->IoStatus.Status = flag;
	pIrp->IoStatus.Information = u_len;
	memset(pIrp->AssociatedIrp.SystemBuffer, 0xAA, u_len);;
	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
	KdPrint(("程序已经结束n"));
	return flag;

}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriveObject, IN PUNICODE_STRING RegisterPath)
{
	PDEVICE_OBJECT DeviceObject = NULL;
	UNICODE_STRING  DeviceObjectName;
	UNICODE_STRING  DeviceObjectLink;
	NTSTATUS flag = STATUS_SUCCESS;
	RtlInitUnicodeString(&DeviceObjectName, DEVICE_OBJECT_NAME);
	flag = IoCreateDevice(DriveObject, 0,
		&DeviceObjectName,
		FILE_DEVICE_UNKNOWN,
		0,
		FALSE,
		&DeviceObject);
	if (!NT_SUCCESS(flag))
	{

return flag;
	}
	DeviceObject->Flags |= DO_DIRECT_IO;
	RtlInitUnicodeString(&DeviceObjectLink, DEVICE_LINK_NAME);
	flag = IoCreateSymbolicLink(&DeviceObjectLink, &DeviceObjectName);
	if (!NT_SUCCESS(flag))
	{
		IoDeleteDevice(DeviceObject);
	}
	for (ULONG i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
	{
		DriveObject->MajorFunction[i] = pass;
	}
	DriveObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = Read;
	DriveObject->DriverUnload = dirver;
	return STATUS_SUCCESS;

}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#include <ntddk.h>
#define DEVICE_OBJECT_NAME  L"\Device\BufferedIODeviceObjectName"
#define DEVICE_LINK_NAME    L"\DosDevices\BufferedIODevcieLinkName"
void dirver(IN PDRIVER_OBJECT pDriveObject)
{
	KdPrint(("驱动已经卸载！n"));
	DbgPrint("卸载成功！\n");
}
NTSTATUS pass(IN PDEVICE_OBJECT DeviceObject, IN PIRP pIrp)
{
	pIrp->IoStatus.Status = STATUS_SUCCESS;
	pIrp->IoStatus.Information = 0;
	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
	return STATUS_SUCCESS;
}
NTSTATUS Read(IN PDEVICE_OBJECT DeviceObject, IN PIRP pIrp)
{
	KdPrint(("程序已经开始运行！n"));
	NTSTATUS flag = STATUS_SUCCESS;
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);
	ULONG u_len = stack->Parameters.Read.Length;
	pIrp->IoStatus.Status = flag;
	pIrp->IoStatus.Information = u_len;
	memset(pIrp->AssociatedIrp.SystemBuffer, 0xAA, u_len);;
	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
	KdPrint(("程序已经结束n"));
	return flag;

}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriveObject, IN PUNICODE_STRING RegisterPath)
{
	PDEVICE_OBJECT DeviceObject = NULL;
	UNICODE_STRING  DeviceObjectName;
	UNICODE_STRING  DeviceObjectLink;
	NTSTATUS flag = STATUS_SUCCESS;
	RtlInitUnicodeString(&DeviceObjectName, DEVICE_OBJECT_NAME);
	flag = IoCreateDevice(DriveObject, 0,
		&DeviceObjectName,
		FILE_DEVICE_UNKNOWN,
		0,
		FALSE,
		&DeviceObject);
	if (!NT_SUCCESS(flag))
	{

		return flag;
	}
	DeviceObject->Flags |= DO_DIRECT_IO;
	RtlInitUnicodeString(&DeviceObjectLink, DEVICE_LINK_NAME);
	flag = IoCreateSymbolicLink(&DeviceObjectLink, &DeviceObjectName);
	if (!NT_SUCCESS(flag))
	{
		IoDeleteDevice(DeviceObject);
	}
	for (ULONG i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
	{
		DriveObject->MajorFunction[i] = pass;
	}
	DriveObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = Read;
	DriveObject->DriverUnload = dirver;
	return STATUS_SUCCESS;

}

R3 代码

复制代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#define UNICODE
#include<stdio.h>
#include<math.h>
#include<string.h>
#include <windows.h>
#define DEVICE_LINK_NAME    L"\\.\BufferedIODevcieLinkName"
int main()
{
    HANDLE h=CreateFile(DEVICE_LINK_NAME,
                        GENERIC_READ|GENERIC_WRITE,
                        0,
                        NULL,
                        OPEN_EXISTING,
                        FILE_ATTRIBUTE_NORMAL,
                        NULL);
    if(h==INVALID_HANDLE_VALUE)
    {
        printf("file:%s with error code %dn","DIVE",GetLastError());
        system("pause");
        return 1;
    }
    UCHAR buffer[10];
    ULONG ulRead;
    bool bRet=ReadFile(h,buffer,10,&ulRead,NULL);
    if(bRet)
    {
        printf("Read %d bytes:",ulRead);
        for(int i=0;i<(int)ulRead;i++)
        {
             printf("%02x",buffer[i]);
        }
        printf("n");
    }
    CloseHandle(h);
    system("pause");
    return 0;
}