testsys.def
;testsys.def : Declares the module parameters for the DLL.
; LIBRARY "testsys"
EXPORTS
; Explicit exports can go here
SDK_ExportFunction1 @1
SDK_ExportFunction2 @2
testsys.h
#ifndef _TESTSYS_H
#define _TESTSYS_H 1
extern void NTAPI SDK_ExportFunction1(ULONG nIndex) ;
extern void NTAPI SDK_ExportFunction2();
#endif
testsys.c
#include <ntddk.h>
#include "testsys.h"
void NTAPI SDK_ExportFunction1(ULONG nIndex)
{
return ;
}
void NTAPI SDK_ExportFunction2()
{
return ;
}
#pragma code_seg("INIT")
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
return STATUS_SUCCESS ;
}
#pragma code_seg()
阅读全文…
内核编程
内核, 函数, 导出, 驱动
I’ll give you what I found, but all I can say is don’t do it.
There are always problems linking one version of the CRT against a version of a compiler that it wasn’t written for.
Create a win32 DLL project.
C/C++ settings for VC2008
-
General
Additional Include Directories:
C:\WINDDK\2600\inc\wxp
C:\WINDDK\2600\inc\ddk\wxp
C:\WINDDK\2600\inc\ddk\wdm\wxp
C:\WINDDK\2600\inc\crt
Debug Information Format : Program Database (/Zi)
-
Optimization
Enable Intrinsic Functions: Yes (/Oi) … To avoid the memcmp compile error.
-
Preprocessor
Preprocessor Definitions:
_X86_=1
i386=1
_WIN32_WINNT=0×0501
WINVER=0×0501
WIN32_LEAN_AND_MEAN=1 … dont know if this does much for a device driver
Ignore Standard Include Path:Yes (/X)
-
Code Generation
Enable C++ Exceptions:No … no exception handling in the kernel!
Buffer Security Check:No (/GS-) … linker error if set to Yes
Basic runtime Checks: Default
-
Advanced
Calling Convention:__stdcall (/Gz)
-
Language
Enable Run-Time Type Info:No (/GR-) … linker error if set to Yes
阅读全文…
内核编程, 技术心得
filedisk, QuickSYS, romfs, sfilter, VS2008, 驱动
Sfilter 是 MS 提供的一个例子文件系统过滤驱动程序. 在 IFS Kit 中可以找到源代码. 在系统安全等相关方面等用得很多了,例如 文件的透明加密解密,只允许特定的进程访问特定的文件。Sfilter可以在XP,20003中动态加载, 在 2000 下却不可以. 通过如下的代码可以实现在 2000 下的动态加载。
有两种方法可以实现。第一种是首先获得文件系统驱动 DRIVER_OBJECT 的指针,然后通过,然后通过遍历 DRIVER_OBJECT 中保存的设备对象的链表,得到已经被文件系统驱动 MOUNT 的卷设备对象指针。代码如下
// 声明未公开的变量的函数原型
extern POBJECT_TYPE *IoDriverObjectType;
extern
NTKERNELAPI
NTSTATUS
ObReferenceObjectByName(
IN PUNICODE_STRING ObjectName,
IN ULONG Attributes,
IN PACCESS_STATE PassedAccessState OPTIONAL,
IN ACCESS_MASK DesiredAccess OPTIONAL,
IN POBJECT_TYPE ObjectType,
IN KPROCESSOR_MODE AccessMode,
IN OUT PVOID ParseContext OPTIONAL,
OUT PVOID *Object );
VOID
SfAttachToVolumeDevice( )
{
UNICODE_STRING szLinkPath;
PDRIVER_OBJECT lpDriverObject;
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
PDEVICE_OBJECT currentDevice = NULL;
RtlInitUnicodeString(&szLinkPath, L"\\FileSystem\\FastFat");
InitializeObjectAttributes(&ObjectAttributes,
&szLinkPath,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = ObReferenceObjectByName( &szLinkPath,
OBJ_CASE_INSENSITIVE,
NULL,
0,
*IoDriverObjectType,
KernelMode,
NULL,
&lpDriverObject );
currentDevice = lpDriverObject->DeviceObject;
while( currentDevice != NULL )
{
SfFsNotification( currentDevice, TRUE );
currentDevice = currentDevice->NextDevice;
}
RtlInitUnicodeString(&szLinkPath, L"\\FileSystem\\Ntfs");
InitializeObjectAttributes(&ObjectAttributes,
&szLinkPath,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
Status = ObReferenceObjectByName( &szLinkPath,
OBJ_CASE_INSENSITIVE,
NULL,
0,
*IoDriverObjectType,
KernelMode,
NULL,
&lpDriverObject);
currentDevice = lpDriverObject->DeviceObject;
while( currentDevice != NULL ){
SfFsNotification( currentDevice, TRUE );
currentDevice = currentDevice->NextDevice;
}
}
}
}
阅读全文…
内核编程, 技术心得
sfilter, 驱动
网上收集的关于用汇编语言编写 Windows 环境下的 KMD 驱动程序的教程, 由俄国人编写, 由罗云彬, 松松, 董岩翻译, 感谢所有这些人的辛勤劳动, 俺将这些散落在网络上的文章收集整理出来, 我想这些教程不止对使用汇编语言的人有帮助.
教程中文版的下载地址是 这里 KmdTutCn
附录:
选择那个汇编编译器, 如何编译 16 位 dos 和 32 位汇编程序
首先进入 masm32\bin目录,在dos下键入如下命令, 将分别编译 16 位和 32 位程序
- 如果是16位dos汇编代码
ml /Zm /c demo.asm
link16 demo.obj
- 如果是32位汇编代码
ml /c /coff /I c:\masm32\include test.asm
link /subsystem:windows test.obj
内核编程, 日常琐碎
16位, ASM, KMD, 内核, 驱动
近期评论