使用 DeviceIoControl 传递数据到程序

驱动程序代码

#include <ntddk.h>

#define IOCTL_TEST1 CTL_CODE(\
FILE_DEVICE_UNKNOWN, \
0x100, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)

VOID DriverUnload(IN PDRIVER_OBJECT DriverObject)
{
	UNICODE_STRING usSymLinkName;
	PDEVICE_OBJECT pDeviceObject = NULL;

	RtlInitUnicodeString(&usSymLinkName,L"\\DosDevices\\MySymLink");

	IoDeleteSymbolicLink(&usSymLinkName);  //删除符号链接

	pDeviceObject = DriverObject->DeviceObject;
	IoDeleteDevice(pDeviceObject);    //删除设备

	DbgPrint("驱动已经被停止了\n");

}

//自定义IRP派遣的函数
NTSTATUS MyDispatch(IN PDEVICE_OBJECT device,IN PIRP irp)
{
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(irp);

	irp->IoStatus.Status = STATUS_SUCCESS;
	irp->IoStatus.Information = 0;

	if (stack->MajorFunction==IRP_MJ_CREATE)
	{
		DbgPrint("IRP_MJ_CREATE\n");
	}
	if (stack->MajorFunction==IRP_MJ_CLOSE)
	{
		DbgPrint("IRP_MJ_CLOSE\n");
	}

	IoCompleteRequest(irp, IO_NO_INCREMENT);

	return STATUS_SUCCESS;
}

//自定义创建设备和符号链接的函数
NTSTATUS MyCreateDevice (IN PDRIVER_OBJECT pDriverObject)
{
	NTSTATUS status;
	PDEVICE_OBJECT device;
	UNICODE_STRING usDevName;
	UNICODE_STRING usSymLinkName;

	RtlInitUnicodeString(&usDevName,L"\\Device\\MyDevice");
	RtlInitUnicodeString(&usSymLinkName,L"\\DosDevices\\MySymLink");


	//创建设备
	status = IoCreateDevice(pDriverObject,
						0,
						&usDevName,
						FILE_DEVICE_UNKNOWN,
						0,
						FALSE,    
						&device);
						if(!NT_SUCCESS(status))
						{
						DbgPrint("创建设备失败\n");
						return status;
	}

	//创建符号链接
	status = IoCreateSymbolicLink(&usSymLinkName,&usDevName);

	if(!NT_SUCCESS(status))
	{
		IoDeleteDevice(device);
		DbgPrint("创建符号链接失败\n");
		return status;
	}

	//设备创建之后，打开初始化完成标记
	device->Flags &= ~DO_DEVICE_INITIALIZING;

	return STATUS_SUCCESS;
}

NTSTATUS MyIOCTL(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp)
{
	NTSTATUS status = STATUS_SUCCESS;
	UCHAR* OutputBuffer=NULL;
	ULONG info=0;

	//得到当前堆栈
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);

	//得到输入缓冲区大小
	ULONG cbin =stack->Parameters.DeviceIoControl.InputBufferLength;

	//得到输出缓冲区大小
	ULONG cbout = stack->Parameters.DeviceIoControl.OutputBufferLength;

	//得到IOCTL码
	ULONG code = stack->Parameters.DeviceIoControl.IoControlCode;

	switch (code)
	{                        // process request
		case IOCTL_TEST1:
		{
			KdPrint(("IOCTL_TEST1\n"));

			//操作输出缓冲区            
			OutputBuffer = (UCHAR*)pIrp->AssociatedIrp.SystemBuffer;

			strcat(OutputBuffer,"123456789");

			//设置实际操作输出缓冲区长度
			info = cbout;

			//显示输出缓冲区数据
			DbgPrint("你输入的数据长度是：%d\n",info);
			DbgPrint("你输出的数据是：%s\n",OutputBuffer);

			break;
		}
		default:
		status = STATUS_INVALID_VARIANT;
	}

	// 完成IRP
	pIrp->IoStatus.Status = status;
	pIrp->IoStatus.Information = info;    // bytes xfered
	IoCompleteRequest( pIrp, IO_NO_INCREMENT );

	return status;
}

NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
	MyCreateDevice(DriverObject);
	DriverObject->MajorFunction[IRP_MJ_CREATE] = MyDispatch;
	DriverObject->MajorFunction[IRP_MJ_CLOSE] = MyDispatch;
	DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = MyIOCTL;

	DriverObject->DriverUnload = DriverUnload;

	return STATUS_SUCCESS;
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

#include <ntddk.h>

#define IOCTL_TEST1 CTL_CODE(\

FILE_DEVICE_UNKNOWN, \

0x100, \

METHOD_BUFFERED, \

FILE_ANY_ACCESS)

VOID DriverUnload(IN PDRIVER_OBJECT DriverObject)

{

UNICODE_STRING usSymLinkName;

PDEVICE_OBJECT pDeviceObject = NULL;

RtlInitUnicodeString(&usSymLinkName,L"\\DosDevices\\MySymLink");

IoDeleteSymbolicLink(&usSymLinkName); //删除符号链接

pDeviceObject = DriverObject->DeviceObject;

IoDeleteDevice(pDeviceObject); //删除设备

DbgPrint("驱动已经被停止了\n");

}

//自定义IRP派遣的函数

NTSTATUS MyDispatch(IN PDEVICE_OBJECT device,IN PIRP irp)

{

PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(irp);

irp->IoStatus.Status = STATUS_SUCCESS;

irp->IoStatus.Information = 0;

if (stack->MajorFunction==IRP_MJ_CREATE)

{

DbgPrint("IRP_MJ_CREATE\n");

}

if (stack->MajorFunction==IRP_MJ_CLOSE)

{

DbgPrint("IRP_MJ_CLOSE\n");

}

IoCompleteRequest(irp, IO_NO_INCREMENT);

return STATUS_SUCCESS;

}

//自定义创建设备和符号链接的函数

NTSTATUS MyCreateDevice (IN PDRIVER_OBJECT pDriverObject)

{

NTSTATUS status;

PDEVICE_OBJECT device;

UNICODE_STRING usDevName;

UNICODE_STRING usSymLinkName;

RtlInitUnicodeString(&usDevName,L"\\Device\\MyDevice");

RtlInitUnicodeString(&usSymLinkName,L"\\DosDevices\\MySymLink");

//创建设备

status = IoCreateDevice(pDriverObject,

&usDevName,

FILE_DEVICE_UNKNOWN,

FALSE,

&device);

if(!NT_SUCCESS(status))

{

DbgPrint("创建设备失败\n");

return status;

}

//创建符号链接

status = IoCreateSymbolicLink(&usSymLinkName,&usDevName);

if(!NT_SUCCESS(status))

{

IoDeleteDevice(device);

DbgPrint("创建符号链接失败\n");

return status;

}

//设备创建之后，打开初始化完成标记

device->Flags &= ~DO_DEVICE_INITIALIZING;

return STATUS_SUCCESS;

}

NTSTATUS MyIOCTL(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp)

{

NTSTATUS status = STATUS_SUCCESS;

UCHAR* OutputBuffer=NULL;

ULONG info=0;

//得到当前堆栈

PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);

//得到输入缓冲区大小

ULONG cbin =stack->Parameters.DeviceIoControl.InputBufferLength;

//得到输出缓冲区大小

ULONG cbout = stack->Parameters.DeviceIoControl.OutputBufferLength;

//得到IOCTL码

ULONG code = stack->Parameters.DeviceIoControl.IoControlCode;

switch (code)

{ // process request

case IOCTL_TEST1:

{

KdPrint(("IOCTL_TEST1\n"));

//操作输出缓冲区

OutputBuffer = (UCHAR*)pIrp->AssociatedIrp.SystemBuffer;

strcat(OutputBuffer,"123456789");

//设置实际操作输出缓冲区长度

info = cbout;

//显示输出缓冲区数据

DbgPrint("你输入的数据长度是：%d\n",info);

DbgPrint("你输出的数据是：%s\n",OutputBuffer);

break;

}

default:

status = STATUS_INVALID_VARIANT;

}

// 完成IRP

pIrp->IoStatus.Status = status;

pIrp->IoStatus.Information = info; // bytes xfered

IoCompleteRequest( pIrp, IO_NO_INCREMENT );

return status;

}

NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)

{

MyCreateDevice(DriverObject);

DriverObject->MajorFunction[IRP_MJ_CREATE] = MyDispatch;

DriverObject->MajorFunction[IRP_MJ_CLOSE] = MyDispatch;

DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = MyIOCTL;

DriverObject->DriverUnload = DriverUnload;

return STATUS_SUCCESS;

}

应用程序代码

#include <windows.h>
#include <stdio.h>
//使用CTL_CODE必须加入winioctl.h
#include <winioctl.h>

#define IOCTL_TEST1 CTL_CODE(FILE_DEVICE_UNKNOWN,0x100,METHOD_BUFFERED,FILE_ANY_ACCESS)

int main()
{
	HANDLE hDevice = CreateFile("\\\\.\\MySymLink",
	GENERIC_READ | GENERIC_WRITE,
	0,    
	NULL,    
	OPEN_EXISTING,
	FILE_ATTRIBUTE_NORMAL,
	NULL );    

	if (hDevice == INVALID_HANDLE_VALUE)
	{
		printf("Create device error\n");
		return 0;
	}

	UCHAR OutputBuffer[10];
	DWORD dwOutput;
	BOOL bRet;

	bRet = DeviceIoControl(hDevice, IOCTL_TEST1, NULL, 0, OutputBuffer, 10, &dwOutput, NULL);

	if(bRet)
	{
		printf("收到的数据长度是：%d\n",dwOutput);
		printf("收到的数据是：%s\n",OutputBuffer);
	}

	CloseHandle(hDevice);
	getchar();
	return 0;
}

#include <windows.h>

#include <stdio.h>

//使用CTL_CODE必须加入winioctl.h

#include <winioctl.h>

#define IOCTL_TEST1 CTL_CODE(FILE_DEVICE_UNKNOWN,0x100,METHOD_BUFFERED,FILE_ANY_ACCESS)

int main()

{

HANDLE hDevice = CreateFile("\\\\.\\MySymLink",

GENERIC_READ | GENERIC_WRITE,

NULL,

OPEN_EXISTING,

FILE_ATTRIBUTE_NORMAL,

NULL );

if (hDevice == INVALID_HANDLE_VALUE)

{

printf("Create device error\n");

return 0;

}

UCHAR OutputBuffer[10];

DWORD dwOutput;

BOOL bRet;

bRet = DeviceIoControl(hDevice, IOCTL_TEST1, NULL, 0, OutputBuffer, 10, &dwOutput, NULL);

if(bRet)

{

printf("收到的数据长度是：%d\n",dwOutput);

printf("收到的数据是：%s\n",OutputBuffer);

}

CloseHandle(hDevice);

getchar();

return 0;

}

转载请注明：exchen's blog » 使用 DeviceIoControl 传递数据到程序

使用 DeviceIoControl 传递数据到程序

与本文相关的文章

Hi，您需要填写昵称和邮箱！