第一个入门NT驱动

HelloDDK.h

#pragma once



#ifdef __cplusplus

extern "C"

{

#endif

#include <ntddk.h>

#ifdef __cplusplus

};

#endif



#define PAGEDCODE code_seg("PAGE")

#define LOCKEDCODE code_seg()

#define INITCODE code_seg("INIT")



#define PAGEDDATA data_seg("PAGE")

#define LOCKEDDATA data_seg()

#define INITDATA data_seg("INIT")



#define arraysize(p) (sizeof(p)/sizeof((p)[0]))



typedef struct _DEVICE_EXTERNSION{

    PDEVICE_OBJECT pDevice;

    UNICODE_STRING ustrDeviceName; //设备名称

    UNICODE_STRING ustrSymLinkName; //符号链接名

}DEVICE_EXTENSION, *PDEVICE_EXTERSION;



//函数声明

NTSTATUS CreateDevice(IN PDRIVER_OBJECT pDriverObject);

VOID HelloDDKUnload(IN PDRIVER_OBJECT pDriverObject);

NTSTATUS HelloDDKDispatchRoutine(

    IN PDEVICE_OBJECT pDevObj,

    IN PIRP pIrp);

extern "C" NTSTATUS DriverEntry(

    IN PDRIVER_OBJECT pDriverObject,

    IN PUNICODE_STRING pRegistryPath);

HelloDDK.cpp

#include "HelloDDK.h"



/************************************************************************

* 函数名称:DriverEntry

* 功能描述:初始化驱动程序，定位和申请硬件资源，创建内核对象

* 参数列表:

      pDriverObject:从I/O管理器中传进来的驱动对象

      pRegistryPath:驱动程序在注册表的中的路径

* 返回 值:返回初始化驱动状态

*************************************************************************/

#pragma INITCODE

extern "C" NTSTATUS DriverEntry(

    IN PDRIVER_OBJECT pDriverObject,

    IN PUNICODE_STRING pRegistryPath)

{

    NTSTATUS status;

    KdPrint(("Enter DriverEntry\n"));



    //注册其他驱动调用函数入口

    pDriverObject->DriverUnload = HelloDDKUnload;

    pDriverObject->MajorFunction[IRP_MJ_CREATE] = HelloDDKDispatchRoutine;

    pDriverObject->MajorFunction[IRP_MJ_CLOSE] = HelloDDKDispatchRoutine;

    pDriverObject->MajorFunction[IRP_MJ_WRITE] = HelloDDKDispatchRoutine;

    pDriverObject->MajorFunction[IRP_MJ_READ] = HelloDDKDispatchRoutine;



    //创建驱动设备对象

    status = CreateDevice(pDriverObject);



    KdPrint(("DriverEntry end\n"));

    return status;

}



/************************************************************************

* 函数名称:CreateDevice

* 功能描述:初始化设备对象

* 参数列表:

      pDriverObject:从I/O管理器中传进来的驱动对象

* 返回 值:返回初始化状态

*************************************************************************/

#pragma INITCODE

NTSTATUS CreateDevice(IN PDRIVER_OBJECT pDriverObject)

{

    NTSTATUS status;

    PDEVICE_OBJECT pDevObj;

    PDEVICE_EXTERSION pDevExt;



    //创建设备名称

    UNICODE_STRING devName;

    RtlInitUnicodeString(&devName, L"\\Device\\MyDDKDevice");

    //创建设备

    status = IoCreateDevice(

        pDriverObject,

        sizeof(DEVICE_EXTENSION),

        &(UNICODE_STRING)devName,

        FILE_DEVICE_UNKNOWN,

        0,TRUE,

        &pDevObj);



    if(!NT_SUCCESS(status))

        return status;



    pDevObj->Flags |= DO_BUFFERED_IO;

    pDevExt = (PDEVICE_EXTERSION)pDevObj->DeviceExtension;

    pDevExt->pDevice = pDevObj;

    pDevExt->ustrDeviceName = devName;

    //创建符号链接

    UNICODE_STRING symLinkName;

    RtlInitUnicodeString(&symLinkName, L"\\??\\HelloDDK");

    pDevExt->ustrSymLinkName = symLinkName;



    status = IoCreateSymbolicLink(&symLinkName, &devName);

    if(!NT_SUCCESS(status))

    {

        IoDeleteDevice(pDevObj);

        return status;

    }

    return STATUS_SUCCESS;

}



/************************************************************************

* 函数名称:HelloDDKUnload

* 功能描述:负责驱动程序的卸载操作

* 参数列表:

      pDriverObject:驱动对象

* 返回 值:返回状态

*************************************************************************/

#pragma PAGEDCODE

VOID HelloDDKUnload(IN PDRIVER_OBJECT pDriverObject)

{

    PDEVICE_OBJECT pNextObj;

    KdPrint(("Enter DriverUnload\n"));

    pNextObj = pDriverObject->DeviceObject;

    while( pNextObj != NULL )

    {

        PDEVICE_EXTERSION pDevExt = (PDEVICE_EXTERSION)pNextObj->DeviceExtension;

        //删除符号链接

        UNICODE_STRING pLinkName = pDevExt->ustrSymLinkName;

        IoDeleteSymbolicLink(&pLinkName);

        pNextObj = pNextObj->NextDevice;

        //删除设备

        IoDeleteDevice(pDevExt->pDevice);

    }

    KdPrint(("DriverUnload end\n"));

}



/************************************************************************

* 函数名称:HelloDDKDispatchRoutine

* 功能描述:对读IRP进行处理

* 参数列表:

      pDevObj:功能设备对象

      pIrp:从IO请求包

* 返回 值:返回状态

*************************************************************************/

#pragma PAGEDCODE

NTSTATUS HelloDDKDispatchRoutine(

    IN PDEVICE_OBJECT pDevObj,

    IN PIRP pIrp)

{

    KdPrint(("Enter HelloDDKDispatchRoutine\n"));

    NTSTATUS status = STATUS_SUCCESS;

    //完成IRP

    pIrp->IoStatus.Status = status;

    pIrp->IoStatus.Information = 0;

    IoCompleteRequest(pIrp, IO_NO_INCREMENT);

    KdPrint(("Leave HelloDDKDispatchRoutine\n"));

    return status;

}