Minifilter的动态安装、加载及卸载

MINIFILTER框架的文件系统过滤驱动，无法使用的CreateService和OpenService进行动态加载。
看了一下，使用Inf文件安装Minifilter驱动的方式是在注册表驱动服务项下比传统驱动 多创建了Instances子键，然后读取DefaultInstance值，这个值标明了Instance选项，然后，再去读指定的Instance的Altitude和Flags值。

 

 

 

 头文件代码：

#include < winsvc.h >
#include < winioctl.h >
#define DRIVER_NAME "HelloDDK"
#define DRIVER_PATH ".\\HelloDDK.sys"

BOOL InstallDriver( const char * lpszDriverName, const char *     lpszDriverPath, const char * lpszAltitude);
BOOL StartDriver( const char * lpszDriverName);
BOOL StopDriver( const char * lpszDriverName);
BOOL DeleteDriver( const char * lpszDriverName);

源文件代码：

#include " stdafx.h "
#include " SysLoader.h "

// ================ 动态加载/卸载sys驱动 ======================
// SYS文件跟程序放在同个目录下
// 如果产生的SYS名为HelloDDK.sys,那么安装驱动InstallDriver("HelloDDK",".\\HelloDDK.sys","370030"/*Altitude*/);
// 启动驱动服务 StartDriver("HelloDDK");
// 停止驱动服务 StopDriver("HelloDDK");
// 卸载SYS也是类似的调用过程， DeleteDriver("HelloDDK");
// ==========================================================
BOOL InstallDriver( const char * lpszDriverName, const char * lpszDriverPath, const char * lpszAltitude)
{
    char     szTempStr[MAX_PATH];
    HKEY    hKey;
    DWORD    dwData;
    char     szDriverImagePath[MAX_PATH];   

    if ( NULL == lpszDriverName || NULL == lpszDriverPath )
    {
        return FALSE;
    }
    // 得到完整的驱动路径
    GetFullPathName(lpszDriverPath, MAX_PATH, szDriverImagePath, NULL);

    SC_HANDLE hServiceMgr = NULL; // SCM管理器的句柄
    SC_HANDLE hService = NULL; // NT驱动程序的服务句柄

    // 打开服务控制管理器
    hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
    if ( hServiceMgr == NULL )
    {
        // OpenSCManager失败
        CloseServiceHandle(hServiceMgr);
        return FALSE;       
    }

    // OpenSCManager成功 

    // 创建驱动所对应的服务
    hService = CreateService( hServiceMgr,
        lpszDriverName,             // 驱动程序的在注册表中的名字
        lpszDriverName,             // 注册表驱动程序的DisplayName 值
        SERVICE_ALL_ACCESS,         // 加载驱动程序的访问权限
        SERVICE_FILE_SYSTEM_DRIVER, // 表示加载的服务是文件系统驱动程序
        SERVICE_DEMAND_START,       // 注册表驱动程序的Start 值
        SERVICE_ERROR_IGNORE,       // 注册表驱动程序的ErrorControl 值
        szDriverImagePath,          // 注册表驱动程序的ImagePath 值
        " FSFilter Activity Monitor " , // 注册表驱动程序的Group 值
        NULL,
        " FltMgr " ,                   // 注册表驱动程序的DependOnService 值
        NULL,
        NULL);

    if ( hService == NULL )
    {       
        if ( GetLastError() == ERROR_SERVICE_EXISTS )
        {
            // 服务创建失败，是由于服务已经创立过
            CloseServiceHandle(hService);       // 服务句柄
            CloseServiceHandle(hServiceMgr);    // SCM句柄
            return TRUE;
        }
        else
        {
            CloseServiceHandle(hService);       // 服务句柄
            CloseServiceHandle(hServiceMgr);    // SCM句柄
            return FALSE;
        }
    }
    CloseServiceHandle(hService);       // 服务句柄
    CloseServiceHandle(hServiceMgr);    // SCM句柄

    // ---------------------------------------------------------
    // SYSTEM\\CurrentControlSet\\Services\\DriverName\\Instances子健下的键值项
    // ---------------------------------------------------------
    strcpy(szTempStr, " SYSTEM\\CurrentControlSet\\Services\\ " );
    strcat(szTempStr,lpszDriverName);
    strcat(szTempStr, " \\Instances " );
    if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,szTempStr, 0 , "" ,TRUE,KEY_ALL_ACCESS,NULL, & hKey,(LPDWORD) & dwData) != ERROR_SUCCESS)
    {
        return FALSE;
    }
    // 注册表驱动程序的DefaultInstance 值
    strcpy(szTempStr,lpszDriverName);
    strcat(szTempStr, " Instance " );
    if (RegSetValueEx(hKey, " DefaultInstance " , 0 ,REG_SZ,(CONST BYTE * )szTempStr,(DWORD)strlen(szTempStr)) != ERROR_SUCCESS)
    {
        return FALSE;
    }
    RegFlushKey(hKey); // 刷新注册表
    RegCloseKey(hKey);
    // ---------------------------------------------------------

    // ---------------------------------------------------------
    // SYSTEM\\CurrentControlSet\\Services\\DriverName\\Instances\\DriverName Instance子健下的键值项
    // ---------------------------------------------------------
    strcpy(szTempStr, " SYSTEM\\CurrentControlSet\\Services\\ " );
    strcat(szTempStr,lpszDriverName);
    strcat(szTempStr, " \\Instances\\ " );
    strcat(szTempStr,lpszDriverName);
    strcat(szTempStr, " Instance " );
    if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,szTempStr, 0 , "" ,TRUE,KEY_ALL_ACCESS,NULL, & hKey,(LPDWORD) & dwData) != ERROR_SUCCESS)
    {
        return FALSE;
    }
    // 注册表驱动程序的Altitude 值
    strcpy(szTempStr,lpszAltitude);
    if (RegSetValueEx(hKey, " Altitude " , 0 ,REG_SZ,(CONST BYTE * )szTempStr,(DWORD)strlen(szTempStr)) != ERROR_SUCCESS)
    {
        return FALSE;
    }
    // 注册表驱动程序的Flags 值
    dwData = 0x0 ;
    if (RegSetValueEx(hKey, " Flags " , 0 ,REG_DWORD,(CONST BYTE * ) & dwData, sizeof (DWORD)) != ERROR_SUCCESS)
    {
        return FALSE;
    }
    RegFlushKey(hKey); // 刷新注册表
    RegCloseKey(hKey);
    // ---------------------------------------------------------

    return TRUE;
}

BOOL StartDriver( const char * lpszDriverName)
{
    SC_HANDLE        schManager;
    SC_HANDLE        schService;
    SERVICE_STATUS    svcStatus;

    if (NULL == lpszDriverName)
    {
        return FALSE;
    }

    schManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
    if (NULL == schManager)
    {
        CloseServiceHandle(schManager);
        return FALSE;
    }
    schService = OpenService(schManager,lpszDriverName,SERVICE_ALL_ACCESS);
    if (NULL == schService)
    {
        CloseServiceHandle(schService);
        CloseServiceHandle(schManager);
        return FALSE;
    }

    if ( ! StartService(schService, 0 ,NULL))
    {
        CloseServiceHandle(schService);
        CloseServiceHandle(schManager);
        if ( GetLastError() == ERROR_SERVICE_ALREADY_RUNNING )
        {            
            // 服务已经开启
            return TRUE;
        }
        return FALSE;
    }
   
    CloseServiceHandle(schService);
    CloseServiceHandle(schManager);

    return TRUE;
}

BOOL StopDriver( const char * lpszDriverName)
{
    SC_HANDLE        schManager;
    SC_HANDLE        schService;
    SERVICE_STATUS    svcStatus;
    bool             bStopped = false ;

    schManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
    if (NULL == schManager)
    {
        return FALSE;
    }
    schService = OpenService(schManager,lpszDriverName,SERVICE_ALL_ACCESS);
    if (NULL == schService)
    {
        CloseServiceHandle(schManager);
        return FALSE;
    }   
    if ( ! ControlService(schService,SERVICE_CONTROL_STOP, & svcStatus) && (svcStatus.dwCurrentState != SERVICE_STOPPED))
    {
        CloseServiceHandle(schService);
        CloseServiceHandle(schManager);
        return FALSE;
    }
   
    CloseServiceHandle(schService);
    CloseServiceHandle(schManager);

    return TRUE;
}

BOOL DeleteDriver( const char * lpszDriverName)
{
    SC_HANDLE        schManager;
    SC_HANDLE        schService;
    SERVICE_STATUS    svcStatus;

    schManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
    if (NULL == schManager)
    {
        return FALSE;
    }
    schService = OpenService(schManager,lpszDriverName,SERVICE_ALL_ACCESS);
    if (NULL == schService)
    {
        CloseServiceHandle(schManager);
        return FALSE;
    }
    ControlService(schService,SERVICE_CONTROL_STOP, & svcStatus);
    if ( ! DeleteService(schService))
    {
        CloseServiceHandle(schService);
        CloseServiceHandle(schManager);
        return FALSE;
    }
    CloseServiceHandle(schService);
    CloseServiceHandle(schManager);

    return TRUE;
}

 

出自： http://www.cnblogs.com/js2854/archive/2011/04/03.html