代码语言:javascript复制
#include <windows.h>
#include <winsvc.h>
#include <conio.h>
#include <stdio.h>
#define DRIVER_NAME "123467"
#define DRIVER_PATH "..\HelloDDK.sys"
//装载NT驱动程序
BOOL LoadNTDriver(char* lpszDriverName,char* lpszDriverPath)
{
/************************ 加载NT驱动的代码*******************************
① 调用OpenSCManager,打开SCM管理器.如果返回NULL,则返回失败,否则继续
② 调用CreateService,创建服务,创建成功则转步骤 ⑥
③ 用GetLastError的得到错误返回值
④ 返回值为ERROR_IO_PENDING,说明服务已经创建过,用OpenService打开此服务.
⑤ 返回值为其他值, 创建武服务失败,返回失败.
⑥ 调用StartService开启服务
⑦ 成功返回
************************************************************************/
char szDriverImagePath[256];
//得到完整的驱动路径
GetFullPathName(lpszDriverPath, 256, szDriverImagePath, NULL);
BOOL bRet = FALSE;
SC_HANDLE hServiceMgr=NULL;// SCM管理器的句柄
SC_HANDLE hServiceDDK=NULL;// NT驱动程序的服务句柄
//打开服务控制管理器
hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
if( hServiceMgr == NULL )
{
// OpenSCManager失败
printf( "OpenSCManager() Faild %d ! n", GetLastError() );
bRet = FALSE;
goto BeforeLeave;
}
else
{
// OpenSCManager成功
printf( "OpenSCManager() ok ! n" );
}
//创建驱动所对应的服务
hServiceDDK = CreateService( hServiceMgr,
lpszDriverName, // 驱动程序的在注册表中的名字
lpszDriverName, // 注册表驱动程序的 DisplayName 值
SERVICE_ALL_ACCESS, // 加载驱动程序的访问权限
SERVICE_KERNEL_DRIVER, // 表示加载的服务是驱动程序
SERVICE_DEMAND_START, // 注册表驱动程序的 Start 值
SERVICE_ERROR_IGNORE, // 注册表驱动程序的 ErrorControl 值
szDriverImagePath, // 注册表驱动程序的 ImagePath 值
NULL,
NULL,
NULL,
NULL,
NULL);
DWORD dwRtn;
// 判断服务是否失败
if( hServiceDDK == NULL )
{
dwRtn = GetLastError();
if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_EXISTS )
{
//由于其他原因创建服务失败
printf( "CrateService() Faild %d ! n", dwRtn );
bRet = FALSE;
goto BeforeLeave;
}
else
{
//服务创建失败,是由于服务已经创立过
printf( "CrateService() Faild Service is ERROR_IO_PENDING or ERROR_SERVICE_EXISTS! n" );
}
// 驱动程序已经加载,只需要打开
hServiceDDK = OpenService( hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS );
if( hServiceDDK == NULL )
{
// 如果打开服务也失败,则意味错误
dwRtn = GetLastError();
printf( "OpenService() Faild %d ! n", dwRtn );
bRet = FALSE;
goto BeforeLeave;
}
else
{
printf( "OpenService() ok ! n" );
}
}
else
{
printf( "CrateService() ok ! n" );
}
// 开启此项服务
bRet= StartService( hServiceDDK, NULL, NULL );
if( !bRet )
{
DWORD dwRtn = GetLastError();
if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_ALREADY_RUNNING )
{
printf( "StartService() Faild %d ! n", dwRtn );
bRet = FALSE;
goto BeforeLeave;
}
else
{
if( dwRtn == ERROR_IO_PENDING )
{
// 设备被挂住
printf( "StartService() Faild ERROR_IO_PENDING ! n");
bRet = FALSE;
goto BeforeLeave;
}
else
{
// 服务已经开启
printf( "StartService() Faild ERROR_SERVICE_ALREADY_RUNNING ! n");
bRet = TRUE;
goto BeforeLeave;
}
}
}
bRet = TRUE;
// 离开前关闭句柄
BeforeLeave:
if(hServiceDDK)
{
CloseServiceHandle(hServiceDDK); // 服务句柄
}
if(hServiceMgr)
{
CloseServiceHandle(hServiceMgr); // SCM句柄
}
return bRet;
}
// 卸载驱动程序
BOOL UnloadNTDriver( char * szSvrName )
{
/************************* 卸载NT驱动的代码******************************
① 调用OpenSCManager,打开SCM管理器,如果返回NULL,则返回失败,否则继续.
② 调用OpenService.如果返回NULL,则返回失败,否则继续
③ 调用DeleteService卸载此项服务.
④ 成功返回.
************************************************************************/
BOOL bRet = FALSE;
SC_HANDLE hServiceMgr=NULL;// SCM管理器的句柄
SC_HANDLE hServiceDDK=NULL;// NT驱动程序的服务句柄
SERVICE_STATUS SvrSta;
// 打开SCM管理器
hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
if( hServiceMgr == NULL )
{
// 打开SCM管理器失败
printf( "OpenSCManager() Faild %d ! n", GetLastError() );
bRet = FALSE;
goto BeforeLeave;
}
else
{
// 打开SCM管理器失败成功
printf( "OpenSCManager() ok ! n" );
}
// 打开驱动所对应的服务
hServiceDDK = OpenService( hServiceMgr, szSvrName, SERVICE_ALL_ACCESS );
if( hServiceDDK == NULL )
{
// 打开驱动所对应的服务失败
printf( "OpenService() Faild %d ! n", GetLastError() );
bRet = FALSE;
goto BeforeLeave;
}
else
{
printf( "OpenService() ok ! n" );
}
// 停止驱动程序,如果停止失败,只有重新启动才能,再动态加载。
if( !ControlService( hServiceDDK, SERVICE_CONTROL_STOP , &SvrSta ) )
{
printf( "ControlService() Faild %d !n", GetLastError() );
}
else
{
// 打开驱动所对应的失败
printf( "ControlService() ok !n" );
}
// 动态卸载驱动程序。
if( !DeleteService( hServiceDDK ) )
{
// 卸载失败
printf( "DeleteSrevice() Faild %d !n", GetLastError() );
}
else
{
// 卸载成功
printf( "DelServer:eleteSrevice() ok !n" );
}
bRet = TRUE;
BeforeLeave:
// 离开前关闭打开的句柄
if(hServiceDDK)
{
CloseServiceHandle(hServiceDDK); // 服务句柄
}
if(hServiceMgr)
{
CloseServiceHandle(hServiceMgr); // SCM 句柄
}
return bRet;
}
void TestDriver()
{
// 测试驱动程序
HANDLE hDevice = CreateFile("\\.\HelloDDK",
GENERIC_WRITE | GENERIC_READ,
0,
NULL,
OPEN_EXISTING,
0,
NULL);
if( hDevice != INVALID_HANDLE_VALUE )
{
MessageBox(NULL,"SUCESSFULLY....ComeOn...","Yes",0);
printf( "Create Device ok ! n" );
}
else
{
printf( "Create Device faild %d ! n", GetLastError() );
MessageBox(NULL,"Faild...Fuckking...","No",0);
}
CloseHandle( hDevice );
}
int main(int argc, char* argv[])
{
UnloadNTDriver(DRIVER_NAME);
// 加载驱动
BOOL bRet = LoadNTDriver(DRIVER_NAME,DRIVER_PATH);
if (!bRet)
{
printf("LoadNTDriver errorn");
return 0;
}
// 加载成功
printf( "press any to create device!n" );
getch();
TestDriver();
// 这时候你可以通过注册表,或其他查看符号连接的软件验证。
printf( "press any to unload the driver!n" );
getch();
// 卸载驱动
UnloadNTDriver(DRIVER_NAME);
// if (!bRet)
// {
// printf("UnloadNTDriver errorn");
// return 0;
// }
system("pause");
return 0;
}