A novice would like to ask about the driver version of helloworld, experts please give me some advice!

xiongyi6

A novice would like to ask about the driver version of helloworld, experts please give me some advice! [Copy link]

    I've been learning about drivers recently and have come across many confusing questions. I'm begging for advice from experts. 1. How do I trace and debug into the sys file? Is there any specific method? I only know how to add a MessageBox in main.c, and then use softice to break the MessageBox, but I still can't get into sys. 2. I traced into DriverControl in main.c, and after passing in -start, DeviceIoControl returned 0, and GetLastErr() returned 87. What went wrong? Will entering DeviceIoControl jump to the driver's Dispath function? Here is the code: HelloWorld.c #ifndef __HELLOWORLD_C__ #define __HELLOWORLD_C__ #define DEBUGMSG #include

#define DEVICE_HELLO_INDEX 0x860 //2 IOCTL macros #define START_HELLPWORLD CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_HELLO_INDEX,METHOD_BUFFERED,FILE_ANY_ACCESS) #define STOP_HELLPWORLD CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_HELLO_INDEX+1,METHOD_BUFFERED,FILE_ANY_ACCESS) #define NT_DEVICE_NAME L"\\Device\\HelloWorld" //Device name #define DOS_DEVICE_NAME L"\\DosDevices\\HelloWorld" //Symbolic connection NTSTATUS HelloWorldDispatch (IN PDEVICE_OBJECT DeviceObject,IN PIRP pIrp); VOID HelloWorldUnLoad (IN PDRIVER_OBJECT DriverObject); //Driver entry NTSTATUS DriverEntry (IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING RegistryPath) { NTSTATUS ntStatus=STATUS_SUCCESS; PDEVICE_OBJECT lpDeviceObject=NULL; //Pointer to device object UNICODE_STRING DeviceNameString={0}; //Device name UNICODE_STRING DeviceLinkString ={0}; //Symbolic link //Debug information #ifdef DEBUGMSG DbgPrint("Starting DriverEntry()\n"); #endif RtlInitUnicodeString(&DeviceNameString,NT_DEVICE_NAME); //Initialize Unicode string //Create device ntStatus=IoCreateDevice (DriverObject,0,&DeviceNameString,FILE_DEVICE_UNKNOWN,0,FALSE,&lpDeviceObject); //Use NT_SUCCESS macro to detect whether the function call is successful if (!NT_SUCCESS(ntStatus)) { #ifdef DEBUGMSG DbgPrint("IoCreateDevice() error reports 0x%08X\n",ntStatus); #endif return ntStatus; } RtlInitUnicodeString(&DeviceLinkString,DOS_DEVICE_NAME); //Create symbolic link ntStatus=IoCreateSymbolicLink (&DeviceLinkString,&DeviceNameString); if (!NT_SUCCESS(ntStatus)) { #ifdef DEBUGMSG DbgPrint("IoCreateSymbolicLink() error reports 0x%08X\n",ntStatus); #endif if (lpDeviceObject) IoDeleteDevice(lpDeviceObject); return ntStatus; } //Set IRP dispatch routine and unload routine DriverObject->MajorFunction[IRP_MJ_CREATE]= DriverObject->MajorFunction[IRP_MJ_CLOSE]= DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=HelloWorldDispatch; DriverObject->DriverUnload=HelloWorldUnLoad; return ntStatus; } NTSTATUS HelloWorldDispatch (IN PDEVICE_OBJECT DeviceObject,IN PIRP pIrp) { NTSTATUS ntStatus=STATUS_SUCCESS; PIO_STACK_LOCATION IrpStack=NULL; //IRP stack ULONG IoControlCodes=0; //I/O control code//Set IRP status pIrp->IoStatus.Status=STATUS_SUCCESS; pIrp->IoStatus.Information=0; #ifdef DEBUGMSG DbgPrint("Starting HelloWorldDispatch()\n"); #endif IrpStack=IoGetCurrentIrpStackLocation(pIrp); //Get the IRP of the current caller switch (IrpStack->MajorFunction) { case IRP_MJ_CREATE: #ifdef DEBUGMSG DbgPrint("IRP_MJ_CREATE\n"); #endif break; case IRP_MJ_CLOSE: #ifdef DEBUGMSG DbgPrint( "IRP_MJ_CLOSE\n"); #endif break; case IRP_MJ_DEVICE_CONTROL: #ifdef DEBUGMSG DbgPrint("IRP_MJ_DEVICE_CONTROL\n"); #endif //Get I/O control code IoControlCodes=IrpStack->Parameters.DeviceIoControl.IoControlCode;

          switch (IoControlCodes)
          {
                //启动
                case START_HELLPWORLD:
                    DbgPrint("Starting \"Hello World\"\n");
                    break;

                //停止
                case STOP_HELLPWORLD:
                    DbgPrint("Stoping \"Hello World\"\n");
                    break;

                default:
                    pIrp->IoStatus.Status=STATUS_INVALID_PARAMETER;
                    break;
          }

          break;

        default:
          break;
  }

  ntStatus=pIrp->IoStatus.Status;
  IoCompleteRequest(pIrp,IO_NO_INCREMENT);

  return ntStatus;
}

VOID HelloWorldUnLoad (IN PDRIVER_OBJECT DriverObject)
{
  UNICODE_STRING DeviceLinkString={0};
  PDEVICE_OBJECT DeviceObjectTemp1=NULL;
  PDEVICE_OBJECT DeviceObjectTemp2=NULL;

  #ifdef DEBUGMSG
        DbgPrint("Starting HelloWorldUnLoad()\n");
  #endif

  RtlInitUnicodeString(&DeviceLinkString,DOS_DEVICE_NAME);

  if (DeviceLinkString.Buffer)
      IoDeleteSymbolicLink(&DeviceLinkString);

  if (DriverObject)
  {
      DeviceObjectTemp1=DriverObject->DeviceObject;

      while (DeviceObjectTemp1)
      {
          DeviceObjectTemp2=DeviceObjectTemp1;
          DeviceObjectTemp1=DeviceObjectTemp1->NextDevice;
          IoDeleteDevice(DeviceObjectTemp2);
      }
  }
}

#endif



Main.c
#define DEBUGMSG

#include
#include
#include

#define DEVICE_FILTER_INDEX 0x860

#define START_HELLPWORLD CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_FILTER_INDEX,METHOD_BUFFERED,FILE_ANY_ACCESS)
#define STOP_HELLPWORLD CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_FILTER_INDEX+1,METHOD_BUFFERED,FILE_ANY_ACCESS)

#define erron GetLastError()

#define MY_DEVICE_NAME "\\\\.\\HelloWorld\\sys\\i386\\HelloWorld.sys"

#define MY_DEVICE_START "-start"
#define MY_DEVICE_STOP "-stop"

BOOL DriverControl (TCHAR *Maik);

void Usage (TCHAR *Paramerter);

int main (int argc,TCHAR *argv[])
{
  if (argc!=2)
  {
    Usage(argv[0]);
    return 0;
  }

  if (strcmpi(argv[1],MY_DEVICE_START)==0 || strcmpi(argv[1],MY_DEVICE_STOP)==0)
    DriverControl(argv[1]);
  else
  {
    Usage(argv[0]);
    return 0;
  }

  return 0;
}

BOOL DriverControl (TCHAR *Maik)
{
  HANDLE hDevice=NULL; //设备句柄

  //获得设备句柄
  hDevice=CreateFile(MY_DEVICE_NAME,GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);

  if (hDevice==INVALID_HANDLE_VALUE)
  {
      #ifdef DEBUGMSG
          printf("CreateFile() GetLastError reports %d\n",erron);
      #endif
      return FALSE;
  }

  //启动
  if (strcmpi(Maik,MY_DEVICE_START)==0)
  {
      //传递启动的I/O控制代码
      if (!(DeviceIoControl(hDevice,START_HELLPWORLD,NULL,0,NULL,0,NULL,NULL)))
      {
        #ifdef DEBUGMSG
            printf("DeviceIoControl() GetLastError reports %d\n",erron);
        #endif
        CloseHandle(hDevice);
        return FALSE;
      }
  }

  //停止
  if (strcmpi(Maik,MY_DEVICE_STOP)==0)
  {
      //传递停止的I/O控制代码
      if (!(DeviceIoControl(hDevice,STOP_HELLPWORLD,NULL,0,NULL,0,NULL,NULL)))
      {
        #ifdef DEBUGMSG
            printf("DeviceIoControl() GetLastError reports %d\n",erron);
        #endif
        CloseHandle(hDevice);
        return FALSE;
      }
  }

  if (hDevice)
      CloseHandle(hDevice); //关闭句柄

  return TRUE;
}

void Usage (TCHAR *Paramerter)
{
  fprintf(stderr,"============================================================================\n"
        "    驱动版Hello World\n"
        "作者：dahubaobao[E.S.T]\n"
        "主页：http://www.eviloctal.com/\n"
        "OICQ：382690\n\n"
        "%s -start\t启动\n"
        "%s -stop \t停止\n\n"
        "本程序只是用做代码交流，如有错误，还请多多包含！\n"
        "============================================================================\n"
        ,Paramerter,Paramerter);
}

meja

I changed the call of DeviceIoControl function to DeviceIoControl(hDevice,STOP_HELLPWORLD,NULL,0,NULL,0,,&BytesReturn,,(LPOVERLAPPED)NULL) but it didn't work.

xboy3721

Waiting for the expert to answer.

xsslf

Waiting for the expert to answer.