操作驱动程序、与驱动程序通信

Question

首先,调用NtLoadDriver成功加载了驱动（名称:"ialdnwxf",地址:"\\??\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\sbtx.sys",注册:"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\ialdnwxf"）

接着,如何与驱动通信呢?(驱动操作码:0x00222005)

貌似使用NtDeviceIoControlFile,但不知第一个参数HANDLE如何获得？NtCreateFile获取的HANDLE用在这里好像不行,MSDN上没有相关例程.

调用NtUnloadDriver成功卸载

---

rrrfff

Answer 1

	//初始化
	UNICODE_STRING UNI_STR,UNI_STR_2;
	RtlInitUnicodeString(&UNI_STR,T("\\Registry\\Machine\\System\\CurrentControlSet\\Services\\ialdnwxf"));
	//加载驱动程序
	if(!NtLoadDriver(&UNI_STR))
	{
		MessageBoxA(0,"加载成功!","Err",0);
	}
	else
	{
		show_err();
	}
	//获取驱动句柄HANDLE
	OBJECT_ATTRIBUTES OA = {0};
	RtlInitUnicodeString(&UNI_STR_2,T("\\\\.\\ialdnwxf"));
	InitializeObjectAttributes(&OA,&UNI_STR_2,0x00000200/*OBJ_KERNEL_HANDLE*/,NULL,NULL);
	HANDLE hDriver   = NULL;
	IO_STATUS_BLOCK ISB = {0};
	if(!NtCreateFile(&hDriver,GENERIC_READ|GENERIC_WRITE,&OA,&ISB,NULL,FILE_ATTRIBUTE_NORMAL,FILE_SHARE_READ|FILE_SHARE_WRITE,0x00000003/*FILE_OPEN_IF*/,NULL,NULL,NULL))
	{
		MessageBoxA(0,"获取驱动句柄成功!","Err",0); 
	}
	else
	{
		show_err();//此处显示错误 C000003B STATUS_OBJECT_PATH_SYNTAX_BAD
	}
	//与驱动通信
	ULONG InputBuffer=0,OutputBuffer=0;
	if (!NtDeviceIoControlFile(hDriver,NULL,NULL,&ISB,&ISB,0x00222005/*IoControlCode is 2236421*/,&InputBuffer,sizeof(InputBuffer),/*&OutputBuffer*/0,/*sizeof(OutputBuffer)*/0))
	{
		MessageBoxA(0,"操作成功!","Err",0);
	}
	else
	{
		show_err();//此处显示错误C0000008 STATUS_INVALID_HANDLE
	}
	if(!NtUnloadDriver(&UNI_STR))
	{
		MessageBoxA(0,"卸载驱动成功!","Err",0);
	}
	else
	{
		show_err();
	}
	RtlFreeUnicodeString(&UNI_STR);
	NtClose(hDriver);

---

rrrfff

Answer 2

Hi rrrfff,

我把您的帖子从Visual C++移到“Windows 硬件开发者论坛"，这里有更多这方面的专家可以给您更好更准确的答案。

谢谢，

Lucy

---

Lucy Liu [MSFT]
MSDN Community Support | Feedback to us
Get or Request Code Sample from Microsoft
Please remember to mark the replies as answers if they help and unmark them if they provide no help.