KMD使用Win32事件

KMD可以设置Win32事件有信号，当KMD内部发生了某些事情，需要Win32来做某些工作时，就可以使用这种手段
步骤
1.KMD内部保存KEVENT对象指针，Ｗin32使用IOCTL方法传递Win32事件句柄
2.KMD转换Win32句柄得到KEVENT对象指针
3.使用KeSetEvent，和KENENT对象指针参数，使Win32事件有信号
4.不需要使用该事件时，KMD要释放KEVENT对象

---

/*Win32*/

...

g_hDriver= CreateFile("\\\\.\\notify",

                            GENERIC_WRITE | GENERIC_READ, 

                            0, 

                            NULL, 

                            OPEN_EXISTING, 

                            0, 

                            NULL); 

...

g_hEvent=::CreateEvent(0,0,0,0);

...

/*IRP ObReferenceObjectByHandle*/

DeviceIoControl(m_hDriver,IOCTL_IRP_PASSEVENT,

                &g_hEvent, sizeof(g_hEvent), 

                NULL, 0,     

                &junk,                 

                (LPOVERLAPPED) NULL);

...



unsigned __stdcall SecondThreadFunc( void* pArguments )

{

    if(WAIT_OBJECT_0==::WaitForSingleObject(g_hEvent,INFINITE))

    {

        _endthreadex(1);

    }    

    return 0;

} 



_beginthreadex( NULL, 0, &wait_thread, NULL, 0, &threadid );

...    

/*IRP　KeSetEvent*/

DeviceIoControl(g_hDriver,

                IOCTL_IRP_SETEVENT,

                NULL, 0, // no input buffer

                NULL, 0,     // output buffer

                &junk,                 // # bytes returned

                (LPOVERLAPPED) NULL)  // synchronous I/O

...

/*IRP ObDereferenceObject*/  

DeviceIoControl(g_hDriver,

                IOCTL_IRP_DELETEEVENT,

                NULL, 0, // no input buffer

                NULL, 0,     // output buffer

                &junk,                 // # bytes returned

                (LPOVERLAPPED) NULL) ; // synchronous 






 
   


 /*KMD*/                  

...

/*全局指针，指向转换后的Win32事件*/

PKEVENT g_pEvent=0;

...

/*IRP_MJ_DEVICE_CONTROL routine DispatchDeviceControl*/

NTSTATUS DispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)

{

    PIO_STACK_LOCATION      irpStack;                                

    NTSTATUS                ntStatus;

    ULONG                   IoControlCodes;

    HANDLE                  hEvent;

    irpStack=IoGetCurrentIrpStackLocation(Irp);

    Irp->IoStatus.Status      = STATUS_SUCCESS;

    Irp->IoStatus.Information = 0;    

    IoControlCodes=irpStack->Parameters.DeviceIoControl.IoControlCode;

    switch (IoControlCodes)

    {        

    case IOCTL_IRP_PASSEVENT:

        hEvent=*(HANDLE*)Irp->AssociatedIrp.SystemBuffer;

        ntStatus = ObReferenceObjectByHandle(hEvent,

                   EVENT_MODIFY_STATE,

                   *ExEventObjectType,

                   Irp->RequestorMode,

                   (PVOID*) &g_pEvent,

                   NULL);

        break;

    case IOCTL_IRP_SETEVENT:

        KeSetEvent(g_pEvent,0,FALSE);

        ntStatus=Irp->IoStatus.Status;

        break;

    case IOCTL_IRP_DELETEEVENT:

        ObDereferenceObject(g_pEvent);

        ntStatus=Irp->IoStatus.Status;

        DbgPrint("irp3\n");

        break;

    default:                                            

        ntStatus = STATUS_INVALID_DEVICE_REQUEST;

        break;

    } 

    IoCompleteRequest (Irp, IO_NO_INCREMENT);    

    return ntStatus;



}