驱动
#include <iostream>#include <Windows.h>
#include <stdlib.h>
int main()
{
HANDLE hdevice = NULL;
UCHAR readBuffer = { 0 };
DWORD bread = 0;
hdevice = CreateFile("\\\\.\\MyFirstDevice",GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if (hdevice == INVALID_HANDLE_VALUE) {
printf("Open Device Faile\n");
system("pause");
return 0;
}
printf("Open Sucess\n");
system("pause");
ReadFile(hdevice, (PVOID)readBuffer, 50, &bread, NULL);
printf("--%p--%s--%d--\n", readBuffer, readBuffer, bread);
printf("Write!\n");
system("pause");
WriteFile(hdevice, "This Message come from R3.", strlen("This Message come from R3."), &bread, NULL);
CloseHandle(hdevice);
system("pause");
return 0;
}这是R3代码
以下是驱动的部分关键代码:
#include <ntifs.h>
#define DEVICE_NAME L"\\Device\\MyFirstDevice"
#define SYM_NAME L"\\??\\MyFirstDevice"
void nothing(HANDLE ppid, HANDLE mypid, BOOLEAN bcreate) {
DbgPrint("ProcessNotify\n");
}
NTSTATUS MyWrite(PDEVICE_OBJECT pdevice, PIRP pirp) {
NTSTATUS status = STATUS_SUCCESS;
DbgPrint("My Device has be Writeed\n");
PIO_STACK_LOCATION pstack = IoGetCurrentIrpStackLocation(pirp);
ULONG Writesize = pstack->Parameters.Write.Length;
PCHAR Writebuffer = pirp->AssociatedIrp.SystemBuffer;
RtlZeroMemory(pdevice->DeviceExtension,200);
RtlCopyMemory(pdevice->DeviceExtension,Writebuffer, Writesize);
DbgPrint("--%llx--%s\n", Writebuffer, (PCHAR)pdevice->DeviceExtension);
pirp->IoStatus.Status = status;
pirp->IoStatus.Information = 13;
IoCompleteRequest(pirp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
//入口函数,相当于main函数
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath) {
//驱动程序的入口
NTSTATUS status = STATUS_SUCCESS;
UNICODE_STRING devicename = { 0 };
//设置卸载函数
pDriverObject->DriverUnload = DriverUnload;
RtlInitUnicodeString(&devicename, DEVICE_NAME);
//创建设备
PDEVICE_OBJECT pdevice = NULL;
status = IoCreateDevice(pDriverObject, 0, &devicename, FILE_DEVICE_UNKNOWN, 0, TRUE, &pdevice);
if (!NT_SUCCESS(status)) {
DbgPrint("Create Device Failed:%x\n", status);
return status;
}
//设置交互数据的方式
pdevice->Flags |= DO_BUFFERED_IO;
//创建符号连接名称
UNICODE_STRING symname = { 0 };
RtlInitUnicodeString(&symname, SYM_NAME);
//创建符号链接
status = IoCreateSymbolicLink(&symname, &devicename);
if (!NT_SUCCESS(status)) {
DbgPrint("创建符号链接失败!\n");
DbgPrint("Create SymbolicLink Failed :%x\n", status);
IoDeleteDevice(pdevice);
return status;
}
pDriverObject->MajorFunction = MyCreate;
pDriverObject->MajorFunction = MyClose;
pDriverObject->MajorFunction = MyCleanup;
pDriverObject->MajorFunction = MyRead;
pDriverObject->MajorFunction = MyWrite;
return 0;
}
在实际测试的时候,安装好驱动,R3的那个代码一运行到
WriteFile(hdevice, "This Message come from R3.", strlen("This Message come from R3."), &bread, NULL);
就直接蓝屏
有没有大佬知道该怎么解决?
蓝屏得有dump文件才好分析判断 苏紫方璇 发表于 2023-11-18 13:07
蓝屏得有dump文件才好分析判断
{:1_908:}代码是我跟着视频一行一行敲的,视频中win7的可以,我的是win10,不知道咋就出事了{:1_908:}感觉应该是代码错了{:1_937:}
搞内核编程还是先搭建一下双机调试环境吧,能直接看变量值啥的,找bug效率会高不少 驱动项目里的,属性,平台设置成 Desktop win10 试试。 董督秀 发表于 2023-11-18 14:55
驱动项目里的,属性,平台设置成 Desktop win10 试试。
设置的就是Windows 10 or higher{:1_937:} 这个还是版主说的对啊,你是不是写的内核程序啊,如果是的话,你要先搭建好双机调试啊,然后dump出内存,然后才好给你说明啊,不然,没办法给你指出来,不过,我看到你说是跟着视频一步步来的,会不会视频里慢的是win7 32位,你却用win10来运行啊,毕竟64位后如果要加载驱动要过pg的 A学习的小菜鸟 发表于 2023-11-23 15:05
这个还是版主说的对啊,你是不是写的内核程序啊,如果是的话,你要先搭建好双机调试啊,然后dump出内存,然 ...
谢谢大佬回复,问了视频的作者,给我指出来了,是语法的错误。双机调试已经搭建好了,但是我还不会分析dmp文件{:1_908:}
页:
[1]