- 注册时间
- 2011-3-10
- 最后登录
- 1970-1-1
该用户从未签到
|
代码太杂了,放出核心部分,给大家提供一个思路
#include "Driver.h"
#include "helper.h"
#include "ThreadHeader.h"
#include "Process.h"
VOID AddWinDbgToEpro(
HANDLE ParentId,
HANDLE ProcessId,
BOOLEAN Create
);
VOID DealIO(
IN HANDLE ParentId,
IN HANDLE ProcessId,
IN BOOLEAN Create
);
VOID TimerDpc( IN PKDPC pDpc,
IN PVOID pContext,
IN PVOID SysArg1,
IN PVOID SysArg2 ) ;
#pragma INITCODE
extern "C" NTSTATUS DriverEntry (
IN PDRIVER_OBJECT pDriverObject,
IN PUNICODE_STRING pRegistryPath )
{
NTSTATUS status;
KdPrint(("Enter DriverEntry\n"));
//注册其他驱动调用函数入口
pDriverObject->DriverUnload = HelloDDKUnload;
pDriverObject->MajorFunction[IRP_MJ_CREATE] = HelloDDKDispatchRoutine;
pDriverObject->MajorFunction[IRP_MJ_CLOSE] = HelloDDKDispatchRoutine;
pDriverObject->MajorFunction[IRP_MJ_WRITE] = HelloDDKDispatchRoutine;
pDriverObject->MajorFunction[IRP_MJ_READ] = HelloDDKDispatchRoutine;
//创建驱动设备对象
status = CreateDevice(pDriverObject);
//PsSetCreateProcessNotifyRoutine(DealIO,FALSE);
KdPrint(("DriverEntry end\n"));
return status;
}
|
|