前言:代码实现驱动文件加载,后面在实现绕过写拷贝实现全局HOOK的时候会用到
这里就直接给代码了,就是通过相关的服务API来实现驱动的加载。
注意:代码基于MFC框架写的
功能实现
四个功能实现:
安装驱动
LONG Cmfc_driver_loaderDlg::loadDriver(CString driverPath, CString driverName)
{
// TODO: 加载驱动模块
if (driverPath.IsEmpty() || driverName.IsEmpty())
{
MessageBox(L"检查驱动路径或者名称是否为空", L"提示:");
return FALSE;
}
this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (this->scMageger == NULL)
{
MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:");
return FALSE;
}
SC_HANDLE serviceHandle = CreateService(this->scMageger, driverName, driverName, SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, driverPath, NULL, NULL, NULL, NULL, NULL);
if (serviceHandle == NULL)
{
DWORD error = GetLastError();
if (error == ERROR_SERVICE_EXISTS)
{
MessageBox(L"服务已经存在", L"提示:");
}
else
{
CString str;
str.Format(L"CreateService 错误号为:%d", error);
MessageBox(str, L"提示:");
OutputDebugString(str);
}
CloseServiceHandle(this->scMageger);
return FALSE;
}
CloseServiceHandle(serviceHandle);
CloseServiceHandle(this->scMageger);
this->scMageger = NULL;
return TRUE;
}
运行驱动
LONG Cmfc_driver_loaderDlg::runDriver(CString driverPath, CString driverName)
{
SC_HANDLE serviceHandle;
this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (this->scMageger == NULL)
{
MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:");
return FALSE;
}
serviceHandle = OpenService(this->scMageger, driverName, SERVICE_ALL_ACCESS);
if (serviceHandle == NULL)
{
DWORD error = GetLastError();
if (error == ERROR_SERVICE_DOES_NOT_EXIST)
{
MessageBox(L"服务已经不存在", L"提示:");
}
else
{
CString str("OpenService 错误号为:" + error);
MessageBox(str, L"提示:");
}
return FALSE;
}
int result = StartService(serviceHandle, 0, NULL);
if (result == 0)
{
DWORD error = GetLastError();
if (error == ERROR_SERVICE_ALREADY_RUNNING)
{
MessageBox(L"服务已经运行", L"提示:");
return FALSE;
}
}
CloseServiceHandle(serviceHandle);
CloseServiceHandle(this->scMageger);
this->scMageger = NULL;
return TRUE;
}
停止启动
LONG Cmfc_driver_loaderDlg::stopDriver(CString driverPath, CString driverName)
{
SC_HANDLE serviceHandle;
SERVICE_STATUS error = { 0 };
this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (this->scMageger == NULL)
{
MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:");
return FALSE;
}
serviceHandle = OpenService(this->scMageger, driverName, SERVICE_ALL_ACCESS);
if (serviceHandle == NULL)
{
DWORD error = GetLastError();
if (error == ERROR_SERVICE_DOES_NOT_EXIST)
{
MessageBox(L"服务已经不存在", L"提示:");
}
else
{
CString str("OpenService 错误号为:" + error);
MessageBox(str, L"提示:");
}
CloseServiceHandle(serviceHandle);
CloseServiceHandle(this->scMageger);
return FALSE;
}
if (ControlService(serviceHandle, SERVICE_CONTROL_STOP, &error))
{
CloseServiceHandle(serviceHandle);
CloseServiceHandle(this->scMageger);
MessageBox(L"停止驱动成功", L"提示:");
return TRUE;
}
return FALSE;
}
卸载驱动
LONG Cmfc_driver_loaderDlg::unloadDriver(CString driverPath, CString driverName)
{
if (driverPath.IsEmpty() || driverName.IsEmpty())
{
MessageBox(L"检查驱动路径或者名称是否为空", L"提示:");
return FALSE;
}
this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (this->scMageger == NULL)
{
MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:");
return FALSE;
}
SC_HANDLE serviceHandle = OpenService(this->scMageger, driverName, SERVICE_ALL_ACCESS);
if (serviceHandle == NULL)
{
DWORD error = GetLastError();
if (error == ERROR_SERVICE_DOES_NOT_EXIST)
{
MessageBox(L"服务已经不存在", L"提示:");
}
else
{
CString str("OpenService 错误号为:" + error);
MessageBox(str, L"提示:");
}
return FALSE;
}
if (!DeleteService(serviceHandle))
{
DWORD error = GetLastError();
CString str;
str.Format(L"DeleteService 错误号为:%d", error);
MessageBox(str, L"提示");
CloseServiceHandle(serviceHandle);
CloseServiceHandle(this->scMageger);
return FALSE;
}
CloseServiceHandle(serviceHandle);
CloseServiceHandle(this->scMageger);
this->scMageger = NULL;
return TRUE;
}
完整代码
// mfc_driver_loaderDlg.cpp : 实现文件
//
#include "stdafx.h"
#include "mfc_driver_loader.h"
#include "mfc_driver_loaderDlg.h"
#include "afxdialogex.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#endif
#define DRIVER_PATH L"C:\\WinDriver_getDriverObjectModules.sys"
#define DRIVER_NAME L"ThisIsDriver"
// 用于应用程序“关于”菜单项的 CAboutDlg 对话框
class CAboutDlg : public CDialogEx
{
public:
CAboutDlg();
// 对话框数据
enum { IDD = IDD_ABOUTBOX };
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持
// 实现
protected:
DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialogEx(CAboutDlg::IDD)
{
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
CDialogEx::DoDataExchange(pDX);
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialogEx)
END_MESSAGE_MAP()
// Cmfc_driver_loaderDlg 对话框
Cmfc_driver_loaderDlg::Cmfc_driver_loaderDlg(CWnd* pParent /*=NULL*/)
: CDialogEx(Cmfc_driver_loaderDlg::IDD, pParent)
{
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void Cmfc_driver_loaderDlg::DoDataExchange(CDataExchange* pDX)
{
CDialogEx::DoDataExchange(pDX);
}
BEGIN_MESSAGE_MAP(Cmfc_driver_loaderDlg, CDialogEx)
ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDC_BUTTON1, &Cmfc_driver_loaderDlg::OnBnClickedButton1)
ON_BN_CLICKED(IDC_BUTTON2, &Cmfc_driver_loaderDlg::OnBnClickedButton2)
ON_BN_CLICKED(IDC_BUTTON3, &Cmfc_driver_loaderDlg::OnBnClickedButton3)
ON_BN_CLICKED(IDC_BUTTON4, &Cmfc_driver_loaderDlg::OnBnClickedButton4)
END_MESSAGE_MAP()
// Cmfc_driver_loaderDlg 消息处理程序
BOOL Cmfc_driver_loaderDlg::OnInitDialog()
{
CDialogEx::OnInitDialog();
// 将“关于...”菜单项添加到系统菜单中。
// IDM_ABOUTBOX 必须在系统命令范围内。
ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX < 0xF000);
CMenu* pSysMenu = GetSystemMenu(FALSE);
if (pSysMenu != NULL)
{
BOOL bNameValid;
CString strAboutMenu;
bNameValid = strAboutMenu.LoadString(IDS_ABOUTBOX);
ASSERT(bNameValid);
if (!strAboutMenu.IsEmpty())
{
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
// 设置此对话框的图标。 当应用程序主窗口不是对话框时,框架将自动
// 执行此操作
SetIcon(m_hIcon, TRUE); // 设置大图标
SetIcon(m_hIcon, FALSE); // 设置小图标
// TODO: 在此添加额外的初始化代码
return TRUE; // 除非将焦点设置到控件,否则返回 TRUE
}
void Cmfc_driver_loaderDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
if ((nID & 0xFFF0) == IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
else
{
CDialogEx::OnSysCommand(nID, lParam);
}
}
// 如果向对话框添加最小化按钮,则需要下面的代码
// 来绘制该图标。 对于使用文档/视图模型的 MFC 应用程序,
// 这将由框架自动完成。
void Cmfc_driver_loaderDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // 用于绘制的设备上下文
SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0);
// 使图标在工作区矩形中居中
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// 绘制图标
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialogEx::OnPaint();
}
}
//当用户拖动最小化窗口时系统调用此函数取得光标
//显示。
HCURSOR Cmfc_driver_loaderDlg::OnQueryDragIcon()
{
return static_cast<HCURSOR>(m_hIcon);
}
void Cmfc_driver_loaderDlg::OnBnClickedButton1()
{
// TODO: 在此添加控件通知处理程序代码
CWnd* pMonitorText = GetDlgItem(IDC_STATIC_MONITOR);
LONG pRes = loadDriver(DRIVER_PATH, DRIVER_NAME);
if (pRes)
{
pMonitorText->SetWindowText(L"当前监控状态:\n驱动已加载");
}
}
void Cmfc_driver_loaderDlg::OnBnClickedButton4()
{
// TODO: 在此添加控件通知处理程序代码
CWnd* pMonitorText = GetDlgItem(IDC_STATIC_MONITOR);
LONG pRes = stopDriver(DRIVER_PATH, DRIVER_NAME);
if (pRes)
{
pMonitorText->SetWindowText(L"当前监控状态:\n驱动已停止");
}
}
void Cmfc_driver_loaderDlg::OnBnClickedButton2()
{
// TODO: 在此添加控件通知处理程序代码
CWnd* pMonitorText = GetDlgItem(IDC_STATIC_MONITOR);
LONG pRes = unloadDriver(DRIVER_PATH, DRIVER_NAME);
if (pRes)
{
pMonitorText->SetWindowText(L"当前监控状态:\n已关闭");
}
}
void Cmfc_driver_loaderDlg::OnBnClickedButton3()
{
// TODO: 在此添加控件通知处理程序代码
CWnd* pMonitorText = GetDlgItem(IDC_STATIC_MONITOR);
LONG pRes = runDriver(DRIVER_PATH, DRIVER_NAME);
if (pRes)
{
pMonitorText->SetWindowText(L"当前监控状态:\n已开启");
}
}
LONG Cmfc_driver_loaderDlg::loadDriver(CString driverPath, CString driverName)
{
// TODO: 加载驱动模块
if (driverPath.IsEmpty() || driverName.IsEmpty())
{
MessageBox(L"检查驱动路径或者名称是否为空", L"提示:");
return FALSE;
}
this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (this->scMageger == NULL)
{
MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:");
return FALSE;
}
SC_HANDLE serviceHandle = CreateService(this->scMageger, driverName, driverName, SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, driverPath, NULL, NULL, NULL, NULL, NULL);
if (serviceHandle == NULL)
{
DWORD error = GetLastError();
if (error == ERROR_SERVICE_EXISTS)
{
MessageBox(L"服务已经存在", L"提示:");
}
else
{
CString str;
str.Format(L"CreateService 错误号为:%d", error);
MessageBox(str, L"提示:");
OutputDebugString(str);
}
CloseServiceHandle(this->scMageger);
return FALSE;
}
CloseServiceHandle(serviceHandle);
CloseServiceHandle(this->scMageger);
this->scMageger = NULL;
return TRUE;
}
LONG Cmfc_driver_loaderDlg::unloadDriver(CString driverPath, CString driverName)
{
if (driverPath.IsEmpty() || driverName.IsEmpty())
{
MessageBox(L"检查驱动路径或者名称是否为空", L"提示:");
return FALSE;
}
this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (this->scMageger == NULL)
{
MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:");
return FALSE;
}
SC_HANDLE serviceHandle = OpenService(this->scMageger, driverName, SERVICE_ALL_ACCESS);
if (serviceHandle == NULL)
{
DWORD error = GetLastError();
if (error == ERROR_SERVICE_DOES_NOT_EXIST)
{
MessageBox(L"服务已经不存在", L"提示:");
}
else
{
CString str("OpenService 错误号为:" + error);
MessageBox(str, L"提示:");
}
return FALSE;
}
if (!DeleteService(serviceHandle))
{
DWORD error = GetLastError();
CString str;
str.Format(L"DeleteService 错误号为:%d", error);
MessageBox(str, L"提示");
CloseServiceHandle(serviceHandle);
CloseServiceHandle(this->scMageger);
return FALSE;
}
CloseServiceHandle(serviceHandle);
CloseServiceHandle(this->scMageger);
this->scMageger = NULL;
return TRUE;
}
LONG Cmfc_driver_loaderDlg::runDriver(CString driverPath, CString driverName)
{
SC_HANDLE serviceHandle;
this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (this->scMageger == NULL)
{
MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:");
return FALSE;
}
serviceHandle = OpenService(this->scMageger, driverName, SERVICE_ALL_ACCESS);
if (serviceHandle == NULL)
{
DWORD error = GetLastError();
if (error == ERROR_SERVICE_DOES_NOT_EXIST)
{
MessageBox(L"服务已经不存在", L"提示:");
}
else
{
CString str("OpenService 错误号为:" + error);
MessageBox(str, L"提示:");
}
return FALSE;
}
int result = StartService(serviceHandle, 0, NULL);
if (result == 0)
{
DWORD error = GetLastError();
if (error == ERROR_SERVICE_ALREADY_RUNNING)
{
MessageBox(L"服务已经运行", L"提示:");
return FALSE;
}
}
CloseServiceHandle(serviceHandle);
CloseServiceHandle(this->scMageger);
this->scMageger = NULL;
return TRUE;
}
LONG Cmfc_driver_loaderDlg::stopDriver(CString driverPath, CString driverName)
{
SC_HANDLE serviceHandle;
SERVICE_STATUS error = { 0 };
this->scMageger = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (this->scMageger == NULL)
{
MessageBox(L"OpenSCManager打开失败,检查权限", L"提示:");
return FALSE;
}
serviceHandle = OpenService(this->scMageger, driverName, SERVICE_ALL_ACCESS);
if (serviceHandle == NULL)
{
DWORD error = GetLastError();
if (error == ERROR_SERVICE_DOES_NOT_EXIST)
{
MessageBox(L"服务已经不存在", L"提示:");
}
else
{
CString str("OpenService 错误号为:" + error);
MessageBox(str, L"提示:");
}
CloseServiceHandle(serviceHandle);
CloseServiceHandle(this->scMageger);
return FALSE;
}
if (ControlService(serviceHandle, SERVICE_CONTROL_STOP, &error))
{
CloseServiceHandle(serviceHandle);
CloseServiceHandle(this->scMageger);
MessageBox(L"停止驱动成功", L"提示:");
return TRUE;
}
return FALSE;
}