2013七月15
WD-手工/代码安装NT式驱动方式
windows对NT驱动的加载,是基于服务的方式加载的,类似于Windows服务程序的加载
1.手工加载NT驱动
手工方式比较简单:HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices下找一个示例驱动导出来,改下,再导进去
下面是自己实现的reg代码,当然你也可以手工一项项加,不怕麻烦的话:
Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesDDKTest] "Start"=dword:00000003 "Type"=dword:00000001 "ErrorControl"=dword:00000001 "ImagePath"="\??\C:\Documents and Settings\Administrator\桌面\objchk_win7_x86\i386\DDKTest.sys" "DisplayName"="DDKTest"
其中:
Start为3表示按需要装入此驱动
Type为1表示此驱动在内核模式下加载
然后
加载驱动使用:
运行—输入:net start ddktest
停止驱动使用:
运行—输入:net stop ddktest
注意没有.sys后缀
2.代码加载NT驱动
设备驱 动程序的动态加载主要由服务控制管理程序(Service Control Manager,SCM) 系统组件完 成,加载和卸载NT驱动分为4个步骤
1.为NT驱动创建新的服务
2.开启此服务
3.关闭此服 务
4.删除NT驱动所创建的服务
以下是要使用的函数
2.1.打开SCM的函数
SC_HANDLE WINAPI OpenSCManager( __in LPCTSTR lpMachineName,//计算机名称,NULL代表本机 __in LPCTSTR lpDatabaseName,//SCM数据库,NULL代表使用缺省数据库 __in DWORD dwDesiredAccess//使用权限 );
2.2.关闭SCM句柄
BOOL WINAPI CloseServiceHandle( __in SC_HANDLE hSCObject );
2.3.创建服务
创建SCM管理器的句柄,后面的操作都是基于这个句柄进行的
SC_HANDLE WINAPI CreateService( __in SC_HANDLE hSCManager,//SCM句柄 __in LPCTSTR lpServiceName,//服务名, 如DDKTest,可参考上面的手工注册表 __in LPCTSTR lpDisplayName,//服务显示出来的名字,可参考上面的手工注册表DisplayName __in DWORD dwDesiredAccess,//打开权限,如SERVICE_ALL_ACCESS __in DWORD dwServiceType,//服务类型,可参考上面的手工注册表type,1表示驱动服务 __in DWORD dwStartType,//启动时机,可参考上面的手工注册表start,3表示通过StartService打开 __in DWORD dwErrorControl,//失败显示错误类型,可参考上面的手工注册表ErrorControl,1表示把该错误记录到事件日志中并返回继续执行 __in LPCTSTR lpBinaryPathName,//服务文件的完整路径,如:C:Windowssystem32TesSafe.sys __in LPCTSTR lpLoadOrderGroup,//用何用户组开启服务,设为NULL表示服务不属于任一用户组 __out LPDWORD lpdwTagId,//验证标签,一般设为NULL __in LPCTSTR lpDependencies,//所依赖的服务名称,无依赖设为NULL __in LPCTSTR lpServiceStartName,//用户帐户名称,为NULL使用LocalSystem帐户 __in LPCTSTR lpPassword //用户口令,如果是LocalSystem,设为NULL );
2.4.打开服务
针对已创建的服务,再次打次此项服务
SC_HANDLE WINAPI OpenService( __in SC_HANDLE hSCManager, __in LPCTSTR lpServiceName,//服务名 __in DWORD dwDesiredAccess );
2.5.控制服务
BOOL WINAPI ControlService( __in SC_HANDLE hService,//服务的句柄, OpenService or CreateService 得到 __in DWORD dwControl,//控制码: //SERVICE_CONTROL_CONTINUE:由暂停到运行 //SERVICE_CONTROL_PAUSE:由运行到暂停 //SERVICE_CONTROL_STOP:由运行到停止 __out LPSERVICE_STATUS lpServiceStatus//返回状态码 );
2.6.更改服务配置
BOOL WINAPI ChangeServiceConfig(//整个可以参考CreateService的定义!!! __in SC_HANDLE hService, //服务的句柄, OpenService or CreateService 得到 __in DWORD dwServiceType,//服务类型,可参考上面的手工注册表type,1表示驱动服务 __in DWORD dwStartType,//启动时机,可参考上面的手工注册表start,3表示通过StartService打开 __in DWORD dwErrorControl,//失败显示错误类型,可参考上面的手工注册表ErrorControl,1表示把该错误记录到事件日志中并返回继续执行 __in LPCTSTR lpBinaryPathName,//服务文件的完整路径,如:C:Windowssystem32TesSafe.sys __in LPCTSTR lpLoadOrderGroup, __out LPDWORD lpdwTagId, __in LPCTSTR lpDependencies, __in LPCTSTR lpServiceStartName, __in LPCTSTR lpPassword, __in LPCTSTR lpDisplayName );
2.7.启动服务
BOOL WINAPI StartService( __in SC_HANDLE hService,//服务的句柄, OpenService or CreateService 得到 __in DWORD dwNumServiceArgs,//传给服务的参数个数 __in LPCTSTR* lpServiceArgVectors//传给 服务的参数array );
加载NT驱动示例:(自已随手写的,结合以前写过的代码.)
View Code CPP
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 | bool LoadDriver(char* szDriverName, char* szDriverPath) { bool bRet = false; SC_HANDLE schSCManager = NULL; SC_HANDLE hSeriver = NULL; HANDLE hDevice = INVALID_HANDLE_VALUE; do { // 我们可以通过这个驱动的设备符号链接来判断这个驱动的设备有没有运行 ,这个代码可有可无! char szServiceFileName[1024] = "\\.\"; _snprintf(szServiceFileName, 1024, "%s%s", szServiceFileName, szDriverName); hDevice = CreateFileA(szServiceFileName, GENERIC_READ ¦ GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL ); if (INVALID_HANDLE_VALUE != hDevice) { bRet = true; printf("[LoadDriver] service is runningn"); break; } //打开SCM schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (!schSCManager) { printf("[LoadDriver]--OpenSCManager fail with err:%dn",GetLastError()); break; } // 创建服务 hSeriver = CreateServiceA(schSCManager, szDriverName, szDriverName, SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, szDriverPath, NULL, NULL, NULL, NULL, NULL ); if (NULL == hSeriver) { DWORD dwErr = GetLastError(); if (ERROR_IO_PENDING != dwErr && ERROR_SERVICE_EXISTS != dwErr) { printf("LoadDriver]--CreateServiceA fail with err:%dn",dwErr); break; } //服务已存在,尝试打开它 hSeriver = OpenServiceA(schSCManager, szDriverName, SERVICE_ALL_ACCESS); if (NULL == hSeriver) { printf("[LoadDriver]--OpenServiceA fail with err:%dn",GetLastError()); break; } // 这时可能配置与我们需要的不一样,更改其配置 bRet = ChangeServiceConfigA(hSeriver, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, szDriverPath, NULL, NULL, NULL, NULL, NULL, NULL ); if (!bRet) { //如果返回err:2,你要考虑手工加入注册表 printf("[LoadDriver]--ChangeServiceConfigA fail with err:%dn",GetLastError()); break; } } // 启动服务 bRet = StartService(hSeriver, 0, NULL); if (!bRet) { DWORD dwErr = GetLastError(); if (ERROR_SERVICE_ALREADY_RUNNING == dwErr) { printf("[LoadDriver]--StartService already runningn"); bRet = true;//服务已运行... } else { printf("[LoadDriver]--StartService fail with err:%dn",GetLastError()); } break; } } while (false); if (schSCManager) { CloseServiceHandle(schSCManager); } if (hSeriver) { CloseServiceHandle(hSeriver); } if (hDevice) { CloseHandle(hDevice); } return bRet; } bool LoadDriver(char* szDriverName, char* szDriverPath) { bool bRet = false; SC_HANDLE schSCManager = NULL; SC_HANDLE hSeriver = NULL; do { //打开SCM schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (!schSCManager) { printf("[LoadDriver]--OpenSCManager fail with err:%dn",GetLastError()); break; } // 创建服务 hSeriver = CreateServiceA(schSCManager, szDriverName, szDriverName, SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, szDriverPath, NULL, NULL, NULL, NULL, NULL ); if (NULL == hSeriver) { DWORD dwErr = GetLastError(); if (ERROR_IO_PENDING != dwErr && ERROR_SERVICE_EXISTS != dwErr) { printf("LoadDriver]--CreateServiceA fail with err:%dn",dwErr); break; } //服务已存在,尝试打开它 hSeriver = OpenServiceA(schSCManager, szDriverName, SERVICE_ALL_ACCESS); if (NULL == hSeriver) { printf("[LoadDriver]--OpenServiceA fail with err:%dn",GetLastError()); break; } // 这时可能配置与我们需要的不一样,更改其配置 bRet = ChangeServiceConfigA(hSeriver, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, szDriverPath, NULL, NULL, NULL, NULL, NULL, NULL ); if (!bRet) { //如果返回err:2,你要考虑手工加入注册表 printf("[LoadDriver]--ChangeServiceConfigA fail with err:%dn",GetLastError()); break; } } // 启动服务 bRet = StartService(hSeriver, 0, NULL); if (!bRet) { DWORD dwErr = GetLastError(); if (ERROR_SERVICE_ALREADY_RUNNING == dwErr) { printf("[LoadDriver]--StartService already runningn"); bRet = true;//服务已运行... } else { printf("[LoadDriver]--StartService fail with err:%dn",GetLastError()); } break; } } while (false); if (schSCManager) { CloseServiceHandle(schSCManager); } if (hSeriver) { CloseServiceHandle(hSeriver); } printf("[LoadDriver]--bRet:%dn", bRet); return bRet; } bool UnLoadDriver(char *szDriverName) { bool bRet = false; SC_HANDLE schSCManager = NULL; SC_HANDLE hSeriver = NULL; do { //打开SCM schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (!schSCManager) { printf("[UnLoadDriver]--OpenSCManager fail with err:%dn",GetLastError()); break; } hSeriver = OpenServiceA(schSCManager, szDriverName, SERVICE_ALL_ACCESS); if (NULL == hSeriver) { printf("[UnLoadDriver]--OpenServiceA fail with err:%dn",GetLastError()); break; } SERVICE_STATUS serviceStatus; if (!ControlService(hSeriver, SERVICE_CONTROL_STOP, &serviceStatus)) { DWORD dwErr = GetLastError(); if (ERROR_SERVICE_NOT_ACTIVE != dwErr)//如果是因为服务没有启动而导致的ControlService错误.此时仍然可以安全的DeleteService. { printf("[UnLoadDriver]--ControlService fail with err:%dn",dwErr); break; } else { printf("[UnLoadDriver]--ControlService service not startn"); } } bRet = DeleteService(hSeriver);//删除服务有风险,一般建议stop就好了 if (!bRet) { printf("[UnLoadDriver]--DeleteService fail with err:%dn", GetLastError()); break; } }while (false); if (schSCManager) { CloseServiceHandle(schSCManager); } if (hSeriver) { CloseServiceHandle(hSeriver); } printf("[UnLoadDriver]--bRet:%dn", bRet); return bRet; } int main() { char key; cout<<"put Y/N load or unload:"; cin>>key; if (key == 'y'¦¦key == 'Y') { LoadDriver("ddktest", "C:\Documents and Settings\Administrator\桌面\objchk_win7_x86\i386\DDKTest.sys"); } else { UnLoadDriver("ddktest"); } system("pause"); return 0; } |
如果delete出现了1072错误:
指定的服务已标记为删除
可以这样解决:
直接运行–>命令
sc stop ddktest
另注册表中有个deleteflag项,删除掉
最后贴个自己写的demo示意图:
文章作者:hgy413
本文地址:https://hgy413.com/104.html
版权所有 © 转载时必须以链接形式注明作者和原始出处!
Hi, I do think this is an excellent site. I stumbledupon it 😉 I may come back once again since
I bookmarked it. Money and freedom is the
best way to change, may you be rich and continue
to help others.
Everyone loves it whenever people come together and share thoughts.
Great website, stick with it!
I am extremely impressed with your writing skills
as well as with the layout on your weblog. Is this a paid theme or
did you customize it yourself? Anyway keep up the excellent quality writing, it is rare to see a
nice blog like this one today.
Greetings I am so happy I found your web site, I really found you by
mistake, while I was researching on Yahoo for something
else, Nonetheless I am here now and would just like to say thank you for a
marvelous post and a all round interesting blog (I
also love the theme/design), I don’t have time to look over it all
at the minute but I have bookmarked it and also added in your RSS
feeds, so when I have time I will be back to read a lot
more, Please do keep up the superb job.
Thanks for the good writeup. It if truth be told was
once a entertainment account it. Look complicated to more brought agreeable
from you! By the way, how can we keep up a
correspondence?
Why people still use to read news papers when in this technological globe the whole
thing is existing on net?
This piece of writing presents clear idea designed
for the new visitors of blogging, that truly how to do blogging and site-building.
A person necessarily lend a hand to make seriously posts I would state.
This is the first time I frequented your web page and to this point?
I surprised with the analysis you made to create this particular post amazing.
Fantastic job!
I do consider all of the ideas you’ve presented
in your post. They’re very convincing and can certainly work.
Still, the posts are very quick for beginners.
Could you please prolong them a little from subsequent time?
Thank you for the post.
Greetings from Los angeles! I’m bored to tears at work so I decided to browse your
site on my iphone during lunch break. I really like the knowledge you
present here and can’t wait to take a look when I get home.
I’m surprised at how quick your blog loaded on my cell phone ..
I’m not even using WIFI, just 3G .. Anyhow, fantastic blog!
My family every time say that I am wasting my time here at web,
but I know I am getting knowledge everyday by reading thes
fastidious posts.
What’s up friends, how is all, and what you wish for to say about this piece of writing,
in my view its in fact awesome for me.
I am really impressed together with your writing skills and also
with the layout in your blog. Is that this a paid subject or did you modify
it yourself? Anyway keep up the nice high quality writing, it’s
rare to see a nice weblog like this one today..
Link exchange is nothing else however it is
only placing the other person’s webpage link on your page at suitable place
and other person will also do same for you.
Sling tv coupons and promo codes for november 2018
Having read this I thought it was very enlightening.
I appreciate you spending some time and energy to put this information together.
I once again find myself spending a lot of time both reading and posting comments.
But so what, it was still worth it! Sling tv coupons and promo codes for
november 2018
When I initially commented I clicked the “Notify me when new comments are added” checkbox and now
each time a comment is added I get several e-mails with the same comment.
Is there any way you can remove people from that service?
Thanks!
Amazing! Its actually awesome paragraph, I have got much clear
idea about from this paragraph.
I’m gone to say to my little brother, that
he should also pay a quick visit this blog on regular basis to get updated from most up-to-date news.
Thanks for sharing your thoughts about g new. Regards
obviously like your web-site however you have to check the spelling on several of your
posts. Many of them are rife with spelling problems and I to
find it very bothersome to inform the reality
on the other hand I will surely come back again.
It’s enormous that you are getting thoughts from this piece
of writing as well as from our discussion made here.
I really like it when folks come together and share ideas.
Great blog, stick with it!
This excellent website truly has all of the info I wanted concerning this subject
and didn’t know who to ask.
It’s awesome to visit this web page and reading the views of all mates on the topic of this
paragraph, while I am also zealous of getting knowledge.
Thank you for any other informative site. The place else may just I am getting that type of
info written in such an ideal method? I have a project
that I am just now working on, and I’ve been on the glance out for such information.