/
/
自定义接口扩展
typedef struct _DeviceExtension
{
LIST_ENTRY IrpList;
KTIMER timer;
LARGE_INTEGER liDueTime;
KDPC dpc;
}DEV_EXT,
*
PDEV_EXT;
/
/
默认派遣函数
NTSTATUS _DefaultDispatch(PDEVICE_OBJECT _pDeviceObject, PIRP _pIrp)
{
_pIrp
-
>IoStatus.Status
=
STATUS_NOT_SUPPORTED;
_pIrp
-
>IoStatus.Information
=
0
;
IoCompleteRequest(_pIrp, IO_NO_INCREMENT);
return
_pIrp
-
>IoStatus.Status;
}
/
/
创建派遣函数
NTSTATUS _AsyncCreateCloseDispatch(PDEVICE_OBJECT _pDevcieObject, PIRP _pIrp)
{
_pIrp
-
>IoStatus.Status
=
STATUS_SUCCESS;
_pIrp
-
>IoStatus.Information
=
0
;
IoCompleteRequest(_pIrp, IO_NO_INCREMENT);
return
_pIrp
-
>IoStatus.Status;
}
/
/
读取派遣函数
NTSTATUS _AsyncReadDispatch(PDEVICE_OBJECT _pDeviceObject, PIRP _pIrp)
{
NTSTATUS status;
PIO_STACK_LOCATION pIrpStack
=
IoGetCurrentIrpStackLocation(_pIrp);
PDEV_EXT pDevExt
=
(PDEV_EXT)_pDeviceObject
-
>DeviceExtension;
IoMarkIrpPending(_pIrp);
/
/
将IRP插入自定义链表中插入的是ListEntry
InsertTailList(&pDevExt
-
>IrpList, &_pIrp
-
>Tail.Overlay.ListEntry);
/
/
返回pending 主要返回给I
/
O管理器的值必须和IRP的Pending标志位一致
/
/
By: LyShark.com
/
/
即调用iomarkirppending和返回值要一致
return
STATUS_PENDING;
}
/
/
DPC线程
VOID _CustomDpc(PKDPC Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
{
PIRP pIrp;
PDEV_EXT pDevExt
=
(PDEV_EXT)DeferredContext;
PVOID pBuffer
=
NULL;
ULONG uBufferLen
=
0
;
PIO_STACK_LOCATION pIrpStack
=
NULL;
do
{
if
(!pDevExt)
{
break
;
}
/
/
检查尾端IRP链表是否为空 为空则跳出
if
(IsListEmpty(&pDevExt
-
>IrpList))
{
break
;
}
/
/
从IRP链表中取出一个IRP并完成该IRP 取出的是ListEntry的地址
PLIST_ENTRY pListEntry
=
(PLIST_ENTRY)RemoveHeadList(&pDevExt
-
>IrpList);
if
(!pListEntry)
break
;
pIrp
=
(PIRP)CONTAINING_RECORD(pListEntry, IRP, Tail.Overlay.ListEntry);
pIrpStack
=
IoGetCurrentIrpStackLocation(pIrp);
DbgPrint(
"当前DPC Irp: 0x%x\n"
, pIrp);
/
/
驱动程序的读写方式位直接I
/
O
pBuffer
=
MmGetSystemAddressForMdl(pIrp
-
>MdlAddress);
if
(pBuffer
=
=
NULL)
{
pIrp
-
>IoStatus.Status
=
STATUS_UNSUCCESSFUL;
pIrp
-
>IoStatus.Information
=
0
;
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
break
;
}
uBufferLen
=
pIrpStack
-
>Parameters.Read.Length;
DbgPrint(
"读取DPC长度: %d\n"
, uBufferLen);
/
/
支持
5
字节以下的读请求
uBufferLen
=
uBufferLen >
13
?
13
: uBufferLen;
/
/
复制请求内容
RtlCopyMemory(pBuffer,
"hello lyshark"
, uBufferLen);
pIrp
-
>IoStatus.Status
=
STATUS_SUCCESS;
pIrp
-
>IoStatus.Information
=
uBufferLen;
/
/
完成该IRP
IoCompleteRequest(pIrp, IO_NO_INCREMENT);
}
while
(FALSE);
/
/
重新设置定时器
KeSetTimer(&pDevExt
-
>timer, pDevExt
-
>liDueTime, &pDevExt
-
>dpc);
}
/
/
卸载驱动
VOID _UnloadDispatch(PDRIVER_OBJECT _pDriverObject)
{
UNICODE_STRING Win32DeviceName;
PDEV_EXT pDevExt
=
(PDEV_EXT)_pDriverObject
-
>DeviceObject
-
>DeviceExtension;
RtlInitUnicodeString(&Win32DeviceName, L
"\\DosDevices\\LySharkAsync"
);
/
/
删除定时器
/
/
LyShark
KeCancelTimer(&pDevExt
-
>timer);
/
/
删除创建的设备
IoDeleteDevice(_pDriverObject
-
>DeviceObject);
}
/
/
驱动入口
NTSTATUS DriverEntry(PDRIVER_OBJECT _pDriverObject, PUNICODE_STRING _pRegistryPath)
{
UNICODE_STRING DeviceName, Win32DeivceName;
PDEVICE_OBJECT pDeviceObject
=
NULL;
NTSTATUS status;
PDEV_EXT pDevExt
=
NULL;
HANDLE hThread;
OBJECT_ATTRIBUTES ObjectAttributes;
CLIENT_ID CID;
RtlInitUnicodeString(&DeviceName, L
"\\Device\\LySharkAsync"
);
RtlInitUnicodeString(&Win32DeivceName, L
"\\DosDevices\\LySharkAsync"
);
for
(ULONG i
=
0
; i <
=
IRP_MJ_MAXIMUM_FUNCTION; i
+
+
)
{
_pDriverObject
-
>MajorFunction[i]
=
_DefaultDispatch;
}
_pDriverObject
-
>MajorFunction[IRP_MJ_CREATE]
=
_AsyncCreateCloseDispatch;
_pDriverObject
-
>MajorFunction[IRP_MJ_CLOSE]
=
_AsyncCreateCloseDispatch;
_pDriverObject
-
>MajorFunction[IRP_MJ_READ]
=
_AsyncReadDispatch;
_pDriverObject
-
>DriverUnload
=
_UnloadDispatch;
/
/
分配自定义扩展
status
=
IoCreateDevice(_pDriverObject, sizeof(DEV_EXT), &DeviceName, FILE_DEVICE_UNKNOWN,
0
, FALSE, &pDeviceObject);
if
(!NT_SUCCESS(status))
return
status;
if
(!pDeviceObject)
return
STATUS_UNEXPECTED_IO_ERROR;
pDeviceObject
-
>Flags |
=
DO_DIRECT_IO;
pDeviceObject
-
>AlignmentRequirement
=
FILE_WORD_ALIGNMENT;
status
=
IoCreateSymbolicLink(&Win32DeivceName, &DeviceName);
pDeviceObject
-
>Flags &
=
~DO_DEVICE_INITIALIZING;
pDevExt
=
(PDEV_EXT)pDeviceObject
-
>DeviceExtension;
/
/
初始化IRP链表
InitializeListHead(&pDevExt
-
>IrpList);
/
/
初始化定时器
KeInitializeTimer(&(pDevExt
-
>timer));
/
/
初始化DPC pDevExt是传给_CustomDpc函数的参数
KeInitializeDpc(&pDevExt
-
>dpc, (PKDEFERRED_ROUTINE)_CustomDpc, pDevExt);
/
/
设置定时时间位
1s
pDevExt
-
>liDueTime
=
RtlConvertLongToLargeInteger(
-
10000000
);
/
/
启动定时器
KeSetTimer(&pDevExt
-
>timer, pDevExt
-
>liDueTime, &pDevExt
-
>dpc);
return
STATUS_SUCCESS;
}