?? driverentry.c
字號:
#include <ntddk.h>
#include "ntifs.h"
NTSTATUS
DriverEntry (
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
UNICODE_STRING parameter_path;//備份注冊表設備服務鍵的鍵名
RTL_QUERY_REGISTRY_TABLE query_table[2];//保存查詢注冊表樹時返回相應鍵的內容
ULONG n_devices;//支持的設備個數
NTSTATUS status;//狀態值,具體請參閱ntstatus.h
UNICODE_STRING device_dir_name;//保存目錄設備名
OBJECT_ATTRIBUTES object_attributes;//保存對象屬性
ULONG n;
USHORT n_created_devices;
//初始化parameter_path
parameter_path.Length = 0;
parameter_path.MaximumLength = RegistryPath->Length + sizeof(PARAMETER_KEY);
parameter_path.Buffer = (PWSTR) ExAllocatePool(PagedPool, parameter_path.MaximumLength);
if (parameter_path.Buffer == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
RtlCopyUnicodeString(¶meter_path, RegistryPath);
RtlAppendUnicodeToString(¶meter_path, PARAMETER_KEY);
RtlZeroMemory(&query_table[0], sizeof(query_table));
query_table[0].Flags = RTL_QUERY_REGISTRY_DIRECT | RTL_QUERY_REGISTRY_REQUIRED;
//RTL_QUERY_REGISTRY_DIRECT在ntddk.h中定義為0x00000020
//RTL_QUERY_REGISTRY_REQUIRED在ntddk.h中定義為0x00000004
//結果應為0x00000024
query_table[0].Name = NUMBEROFDEVICES_VALUE;
//NUMBEROFDEVICES_VALUE在ntifs中定義為L"NumberOfDevices"
query_table[0].EntryContext = &n_devices;
status = RtlQueryRegistryValues(
RTL_REGISTRY_ABSOLUTE,
parameter_path.Buffer,
&query_table[0],
NULL,
NULL
);
//RTL_REGISTRY_ABSOLUTE在ntddk.h中定義為0,代表路徑為完全路徑
ExFreePool(parameter_path.Buffer);
if (!NT_SUCCESS(status))
{
KdPrint(("FileDisk: Query registry failed, using default values.\n"));
n_devices = DEFAULT_NUMBEROFDEVICES;
}
RtlInitUnicodeString(&device_dir_name, DEVICE_DIR_NAME);
InitializeObjectAttributes(
&object_attributes,
&device_dir_name,
OBJ_PERMANENT,
NULL,
NULL
);
//OBJ_PERMANENT在ntdef.h中定義為0x00000010L
status = ZwCreateDirectoryObject(
&dir_handle,
DIRECTORY_ALL_ACCESS,
&object_attributes
);
//DIRECTORY_ALL_ACCESS在ntddk.h中定義為(STANDARD_RIGHTS_REQUIRED | 0xF)
//即為STANDARD_RIGHTS_REQUIRED與0xF按位或
//STANDARD_RIGHTS_REQUIRED在ntddk.h中定義為0x000F0000L
if (!NT_SUCCESS(status))
{
return status;
}
ZwMakeTemporaryObject(dir_handle);
for (n = 0, n_created_devices = 0; n < n_devices; n++)
{
status = FileDiskCreateDevice(DriverObject, n, FILE_DEVICE_DISK);
if (NT_SUCCESS(status))
{
n_created_devices++;
}
}
////for (n = 0; n < n_devices; n++)
////{
//// status = FileDiskCreateDevice(DriverObject, n, FILE_DEVICE_CD_ROM);
//// if (NT_SUCCESS(status))
//// {
//// n_created_devices++;
//// }
////}
if (n_created_devices == 0)
{
ZwClose(dir_handle);
return status;
}
DriverObject->MajorFunction[IRP_MJ_CREATE] = FileDiskCreateClose;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = FileDiskCreateClose;
DriverObject->MajorFunction[IRP_MJ_READ] = FileDiskReadWrite;
DriverObject->MajorFunction[IRP_MJ_WRITE] = FileDiskReadWrite;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = FileDiskDeviceControl;
//常用的IRP主功能代碼
//IRP_MJ_CREATE:創建或打開設備文件,ntddk.h中定義為0x00
//IRP_MJ_CLOSE:關閉句柄,ntddk.h中定義為0x02
//IRP_MJ_READ:讀,ntddk.h中定義為0x03
//IRP_MJ_WRITE:寫,ntddk.h中定義為0x04
//IRP_MJ_CLEANUP:取消文件句柄上的任何等待的IRP,ntddk.h中定義為0x12
//IRP_MJ_DEVICE_CONTROL:設備I/O控制,ntddk.h中定義為0x0e
//IRP_MJ_INTERNAL_DEVICE_CONTROL(IRP_MJ_SCSI):來自高層驅動程序的設備I/O控制,ntddk.h中定義為0x0f
//IRP_MJ_SYSTEM_CONTROL:WMI,ntddk.h中定義為0x17
//IRP_MJ_POWER:電源管理請求,ntddk.h中定義為0x16
//IRP_MJ_PNP:即插即用消息,ntddk.h中定義為0x1b
//IRP_MJ_SHUTDOWN:關閉通知,ntddk.h中定義為0x10
DriverObject->DriverUnload = FileDiskUnload;
return STATUS_SUCCESS;
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -