说明

没什么特别的，只是用来测试在WIN10上写驱动，包含最基本的通信代码。
又水了一篇博客，哈哈哈。
注意驱动路径发生改变时，不要忘了修改注册表的值。
https://blog.csdn.net/Kwansy/article/details/113182501

驱动

#include <ntddk.h>#define DEVICE_NAME L"\\device\\ntdrv" #define LINK_NAME L"\\dosdevices\\ntdrv"#define IOCTRL_BASE 0x800#define MYIOCTRL_CODE(i) \CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTRL_BASE+i, METHOD_BUFFERED,FILE_ANY_ACCESS)#define CTL_PRINT MYIOCTRL_CODE(0)// 通用的分发函数 NTSTATUS DispatchCommon(PDEVICE_OBJECT pObject, PIRP pIrp) {pIrp->IoStatus.Status = STATUS_SUCCESS; // 返回给应用层pIrp->IoStatus.Information = 0; // 读写字节数IoCompleteRequest(pIrp, IO_NO_INCREMENT);return STATUS_SUCCESS; // 返回给内核层IO管理器 }// 我们唯一关心的IRP分发函数 NTSTATUS DispatchIoctrl(PDEVICE_OBJECT pObject, PIRP pIrp) {ULONG i;ULONG nIoctrlCode = 0;PVOID pInputBuff = NULL;PVOID pOutputBuff = NULL;ULONG nInputBufferLength = 0;ULONG nOutputBufferLength = 0;ULONG nOutput = 0;PIO_STACK_LOCATION pStack = NULL;pInputBuff = pOutputBuff = pIrp->AssociatedIrp.SystemBuffer;pStack = IoGetCurrentIrpStackLocation(pIrp);nInputBufferLength = pStack->Parameters.DeviceIoControl.InputBufferLength;nOutputBufferLength = pStack->Parameters.DeviceIoControl.OutputBufferLength;nIoctrlCode = pStack->Parameters.DeviceIoControl.IoControlCode;switch (nIoctrlCode){case CTL_PRINT:DbgPrint("%s\n", pInputBuff);for (i = 0; i < strlen(pInputBuff) && i < nInputBufferLength; i++){((PCHAR)pInputBuff)[i] = (UCHAR)toupper(((PCHAR)pInputBuff)[i]);}nOutput = nOutputBufferLength;break;default:DbgPrint("Unknown iocontrol\n");}pIrp->IoStatus.Status = STATUS_SUCCESS;pIrp->IoStatus.Information = nOutput;IoCompleteRequest(pIrp, IO_NO_INCREMENT);return STATUS_SUCCESS;}// 驱动卸载函数，做一些必要的清理 VOID DriverUnload(PDRIVER_OBJECT pDriverObject) {UNICODE_STRING uLinkName = { 0 };RtlInitUnicodeString(&uLinkName, LINK_NAME);IoDeleteSymbolicLink(&uLinkName);IoDeleteDevice(pDriverObject->DeviceObject);DbgPrint("Driver unloaded\n");}// 驱动入口 NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,PUNICODE_STRING pRegPath) {UNICODE_STRING uDeviceName = { 0 };UNICODE_STRING uLinkName = { 0 };NTSTATUS ntStatus = 0;PDEVICE_OBJECT pDeviceObject = NULL;ULONG i = 0;DbgPrint("Driver load begin\n");RtlInitUnicodeString(&uDeviceName, DEVICE_NAME);RtlInitUnicodeString(&uLinkName, LINK_NAME);ntStatus = IoCreateDevice(pDriverObject,0, &uDeviceName, FILE_DEVICE_UNKNOWN, 0, FALSE, &pDeviceObject);if (!NT_SUCCESS(ntStatus)){DbgPrint("IoCreateDevice failed:%x", ntStatus);return ntStatus;}pDeviceObject->Flags |= DO_BUFFERED_IO;ntStatus = IoCreateSymbolicLink(&uLinkName, &uDeviceName);if (!NT_SUCCESS(ntStatus)){IoDeleteDevice(pDeviceObject);DbgPrint("IoCreateSymbolicLink failed:%x\n", ntStatus);return ntStatus;}for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++){pDriverObject->MajorFunction[i] = DispatchCommon;}pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctrl;pDriverObject->DriverUnload = DriverUnload;DbgPrint("Driver load ok!\n");return STATUS_SUCCESS; }

加载器

#include <windows.h> #include <winsvc.h> #include <conio.h> #include <stdio.h> #include <winioctl.h>#define DRIVER_NAME L"ntdrv" #define DRIVER_PATH L"MyDriver1.sys" #define LINK_NAME "\\\\.\\ntdrv"#define IOCTRL_BASE 0x800#define MYIOCTRL_CODE(i) \CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTRL_BASE+i, METHOD_BUFFERED,FILE_ANY_ACCESS)#define CTL_PRINT MYIOCTRL_CODE(0)// 加载驱动 BOOL LoadDriver(PCWSTR lpszDriverName, PCWSTR lpszDriverPath) {// 获取驱动完整路径WCHAR szDriverFullPath[MAX_PATH] = { 0 };GetFullPathNameW(lpszDriverPath, MAX_PATH, szDriverFullPath, NULL);//printf("%s\n", szDriverFullPath);// 打开服务控制管理器SC_HANDLE hServiceMgr = NULL; // SCM管理器句柄 hServiceMgr = OpenSCManagerW(NULL, NULL, SC_MANAGER_ALL_ACCESS);if (NULL == hServiceMgr){printf("OpenSCManagerW 失败, %d\n", GetLastError());return FALSE;}//printf("打开服务控制管理器成功.\n");// 创建驱动服务SC_HANDLE hServiceDDK = NULL; // NT驱动程序服务句柄hServiceDDK = CreateServiceW(hServiceMgr,lpszDriverName,lpszDriverName,SERVICE_ALL_ACCESS,SERVICE_KERNEL_DRIVER,SERVICE_DEMAND_START,SERVICE_ERROR_IGNORE,szDriverFullPath,NULL,NULL,NULL,NULL,NULL);if (NULL == hServiceDDK){DWORD dwErr = GetLastError();if (dwErr != ERROR_IO_PENDING && dwErr != ERROR_SERVICE_EXISTS){printf("创建驱动服务失败, %d\n", dwErr);return FALSE;}}//printf("创建驱动服务成功.\n");// 驱动服务已经创建，打开服务hServiceDDK = OpenServiceW(hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS);if (!StartService(hServiceDDK, NULL, NULL)){DWORD dwErr = GetLastError();if (dwErr != ERROR_SERVICE_ALREADY_RUNNING){printf("运行驱动服务失败, %d\n", dwErr);return FALSE;}}//printf("运行驱动服务成功.\n");if (hServiceDDK){CloseServiceHandle(hServiceDDK);}if (hServiceMgr){CloseServiceHandle(hServiceMgr);}return TRUE; }// 卸载驱动 void UnloadDriver(PCWSTR lpszDriverName) {SC_HANDLE hServiceMgr = OpenSCManagerW(0, 0, SC_MANAGER_ALL_ACCESS);SC_HANDLE hServiceDDK = OpenServiceW(hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS);SERVICE_STATUS SvrStatus;ControlService(hServiceDDK, SERVICE_CONTROL_STOP, &SvrStatus);DeleteService(hServiceDDK);if (hServiceDDK){CloseServiceHandle(hServiceDDK);}if (hServiceMgr){CloseServiceHandle(hServiceMgr);} }//测试驱动程序 void TestDriver() {HANDLE hDevice = CreateFileA(LINK_NAME,GENERIC_WRITE | GENERIC_READ,0,NULL,OPEN_EXISTING,0,NULL);if (hDevice == INVALID_HANDLE_VALUE){printf("Create Device Failed %d ! \n", GetLastError());return;}DWORD dwRead = 0;DWORD dwWrite = 0;char bufInput[1024] = { 0 };char bufOutput[1024] = { 0 };DWORD dwRet = 0;printf("Enter a string: ");scanf("%s", bufInput);DeviceIoControl(hDevice,CTL_PRINT,bufInput,1024,bufOutput,1024,&dwRet,NULL);printf("Driver return string: %s\n", bufOutput);printf("DeviceIoControl done!\n");CloseHandle(hDevice); }int main(int argc, char *argv[]) {//加载驱动BOOL bRet = LoadDriver(DRIVER_NAME, DRIVER_PATH);if (!bRet){printf("LoadNTDriver error\n");return 0;}//加载成功printf("press any key to create device!\n");_getch();TestDriver();//这时候你可以通过注册表，或其他查看符号连接的软件验证。 printf("press any key to stop service!\n");_getch();//卸载驱动UnloadDriver(DRIVER_NAME);return 0; }

总结

以上是生活随笔为你收集整理的Win10 KMD驱动模板，应用层向内核传一个字符串，内核把它转成大写的全部内容，希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错，欢迎将生活随笔推荐给好友。