Windows内核编程的一个小例子

#include "ntddk.h"




void Example1Unload(IN PDRIVER_OBJECT pDrvobj)
{
UNICODE_STRING usDosDevName;
DbgPrint("Example1: Driver is being unload.\n");


RtlInitUnicodeString(&usDosDevName, L"\\DosDevices\\ExampleLINK2");
IoDeleteSymbolicLink(&usDosDevName);
IoDeleteDevice(pDrvobj->DeviceObject);
}


NTSTATUS ExampleIrp(IN PDEVICE_OBJECT device, IN PIRP pIrp)
{


DbgPrint("An driver routine is called.\n");
return STATUS_SUCCESS;
}


NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDrvObj, IN PUNICODE_STRING pUsRegPath)
{
NTSTATUS status = STATUS_UNSUCCESSFUL;
UNICODE_STRING usDevName;
UNICODE_STRING usDosDevName;
PDEVICE_OBJECT pDevObj = NULL;
unsigned int nIndex;
DbgPrint("Example: Driver entry is called. \n");




RtlInitUnicodeString(&usDevName, L"\\Device\\Example3");
RtlInitUnicodeString(&usDosDevName, L"\\DosDevices\\ExampleLINK2");


// Create Device
status = IoCreateDevice(pDrvObj, 0, &usDevName, FILE_DEVICE_UNKNOWN, 
FILE_DEVICE_SECURE_OPEN, FALSE, &pDevObj);


if(NT_SUCCESS(status))
{
for(nIndex = 0; nIndex < IRP_MJ_MAXIMUM_FUNCTION; ++nIndex)
pDrvObj->MajorFunction[nIndex] = ExampleIrp;


pDrvObj->DriverUnload = Example1Unload;


// 把创建的设备保存起来，否则以后不能引用
pDrvObj->DeviceObject = pDevObj;
status = IoCreateSymbolicLink(&usDosDevName, &usDevName);
if(!NT_SUCCESS(status))
{
DbgPrint("IoCreateSymbolicLink failed.\n");
IoDeleteDevice(pDevObj);


}
else
{
DbgPrint("Successed!.\n");
}



}
else
{
DbgPrint("IoCreateDevice failed\n");
}


    return status;


}