FSD键盘钩子框架参考爱写驱动的女装大佬

环境：vs2013+wdk8.1

#include 

extern	POBJECT_TYPE *IoDriverObjectType;
PDRIVER_OBJECT kbdriver = NULL;
typedef	NTSTATUS(*pBeforeRead)(PDEVICE_OBJECT pDevice, PIRP pIrp);

pBeforeRead BeforeRead = NULL;


NTSTATUS
ObReferenceObjectByName(
__in PUNICODE_STRING ObjectName,
__in ULONG Attributes,
__in_opt PACCESS_STATE AccessState,
__in_opt ACCESS_MASK DesiredAccess,
__in POBJECT_TYPE ObjectType,
__in KPROCESSOR_MODE AccessMode,
__inout_opt PVOID ParseContext,
__out PVOID *Object
);

NTSTATUS Unload(PDRIVER_OBJECT driver)
{
	DbgPrint("Unload me");
	return STATUS_SUCCESS;
}

NTSTATUS MyRead(PDEVICE_OBJECT pDevice, PIRP pIrp)
{
	DbgPrint("====Read====");
	/*do something you like*/
	return BeforeRead(pDevice, pIrp);
}
NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING regpath)
{
	UNICODE_STRING	kbdname = RTL_CONSTANT_STRING(L"\\Driver\\Kbdclass");
	NTSTATUS status = ObReferenceObjectByName(&kbdname, OBJ_CASE_INSENSITIVE, NULL, 0, *IoDriverObjectType, KernelMode, NULL, &kbdriver);
	if (!NT_SUCCESS(status)){
		DbgPrint("Open Kbdclass Failed");
		return STATUS_SUCCESS;
	}
	else{
		ObDereferenceObject(kbdriver);
	}

	BeforeRead = kbdriver->MajorFunction[IRP_MJ_READ];
	kbdriver->MajorFunction[IRP_MJ_READ] = MyRead;

	return STATUS_SUCCESS;
}