Friend chain

Non plug and play driver

helloddk.h

//  Make sure that the header file is compiled only once 
//  Because in real projects , A header file may be contained by another header file 
//  such as b.h It contains a.h
//  And then in c.c Has the following code ：
/*
#include<a.h>
#include<b.h>
*/
//  thus ,a.h It was included twice 
//  and #pragma once Can guarantee a.h It is compiled only once 
//  So as to improve the compilation efficiency 
#pragma once

//  The following condition is compiled in C++ It is very common in projects 
//  It allows us to C++ Project use C Header file in 
#ifdef __cplusplus
extern "C"
{
#endif
#include <NTDDK.h>
#ifdef __cplusplus
}
#endif


//  Paging mark 、 Non paged marking and initialization of memory blocks 
#define PAGEDCODE code_seg("PAGE")
#define LOCKEDCODE code_seg()
// INIT The flag indicates that the function only needs to be loaded into memory when loading 
//  After the driver is successfully loaded , Functions can be unloaded from memory 
#define INITCODE code_seg("INIT")

#define PAGEDDATA data_seg("PAGE")
#define LOCKEDDATA data_seg()
#define INITDATA data_seg("INIT")

#define arraysize(p)    (sizeof(p)/sizeof((p)[0]))


//  Define body  _DEVICE_EXTENSION , And name it 
//  Device extension structure 
//  This structure is widely used in drivers 
//  According to the needs of different procedures , It is used to supplement and define the relevant information of the equipment 
typedef struct _DEVICE_EXTENSION {
    PDEVICE_OBJECT pDevice;
    UNICODE_STRING ustrDeviceName;      //  Equipment name 
    UNICODE_STRING ustrSymLinkName;     //  Symbolic link name 
} DEVICE_EXTENSION, *PDEVICE_EXTENSION;

//  Function declaration 
//  This IN The keyword may be used to indicate that the parameter is an incoming parameter 
NTSTATUS CreateDevice(IN PDRIVER_OBJECT pDriverObject);
VOID HelloDDKUnload(IN PDRIVER_OBJECT pDriverObject);
NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj, IN PIRP pIrp);

helloddk.cpp

#include "HelloDDK.h"




/*
 Initialize the driver , Locate and apply for hardware resources , Create kernel objects 
 parameter list 
    pDriverObject： from IO The driver object passed in the manager 
    pRegistryPath： The path of the driver in the registry 
 Return value ：
     Return to initialization driver state 
*/
//  Use extern "C" Decorate the function , In this way, it will be compiled into [email protected]
//  Without this modifier , The compiler will follow C++ The symbolic name of , Link time will report an error 
//  Indicates that the function is loaded into INIT In the memory area 
#pragma INITCODE
extern "C" NTSTATUS DriverEntry(
    IN PDRIVER_OBJECT pDriverObject,
    IN PUNICODE_STRING pRegistryPath)
{
    NTSTATUS status;
    //  There are no programs running in the kernel console Of , So you can only use KdPrint Macro to output debugging information 
    //  This macro only works in debug versions （Free）
    //  Do nothing in the release （Checked）
    KdPrint(("Enter DriverEntry\n"));

    //  Register other driver call function entries 
    //  Send the address of our own defined function to the operating system 
    //  The operating system will call these functions when appropriate 
    //  Through the following assignment operation 
    //  When the driver is unloaded ,HelloDDKUnload Function will be called 
    //  Create in the driver 、 Turn off read-write related IRP when ,HelloDDKDispatchRoutine Function will be called 
    pDriverObject->DriverUnload                     = HelloDDKUnload;
    pDriverObject->MajorFunction[IRP_MJ_CREATE]     = HelloDDKDispatchRoutine;
    pDriverObject->MajorFunction[IRP_MJ_CLOSE]      = HelloDDKDispatchRoutine;
    pDriverObject->MajorFunction[IRP_MJ_WRITE]      = HelloDDKDispatchRoutine;
    pDriverObject->MajorFunction[IRP_MJ_READ]       = HelloDDKDispatchRoutine;

    //  Create drive device object 
    status = CreateDevice(pDriverObject);

    KdPrint(("DriverEntry end\n"));
    //  return CreateDevice Result 
    return status;
}

//  Definition CreateDevice function 
#pragma INITCODE
NTSTATUS CreateDevice(
    IN PDRIVER_OBJECT pDriverObject)
{
    NTSTATUS            status;
    PDEVICE_OBJECT      pDevObj;
    PDEVICE_EXTENSION   pDevExt;   

    //  Create device name 
    //  structure Unicode The string is used to store the name of this device object 
    UNICODE_STRING devName;
    RtlInitUnicodeString(&devName, L"\\Device\\MyDDKDevice");

    //  Create device 
    status = IoCreateDevice(pDriverObject,
                            sizeof(DEVICE_EXTENSION),
                            &(UNICODE_STRING)devName,
                            FILE_DEVICE_UNKNOWN,
                            0, 
                            TRUE,
                            &pDevObj);
    if(!NT_SUCCESS(status))
        return status;

    //  Indicates that the device is BUFFERED_IO equipment 
    //  There are two kinds of memory operations of devices , One is BUFFERED_IO, One is DO_DIRECT_IO, I'll explain later 
    pDevObj->Flags          = pDevObj->Flags | DO_BUFFERED_IO;

    //  Fill in the extended structure of the equipment 
    pDevExt                 = (PDEVICE_EXTENSION)pDevObj->DeviceExtension;
    pDevExt->pDevice        = pDevObj;
    pDevExt->ustrDeviceName = devName;

    //  Create symbolic links 
    //  The device name is only visible in kernel mode , User programs are invisible 
    //  Therefore, a symbolic connection needs to be exposed , The symbolic link points to the real device name 
    UNICODE_STRING SymLinkName;
    RtlInitUnicodeString(&SymLinkName, L"\\??\\HelloDDK");
    pDevExt->ustrSymLinkName = SymLinkName;

    //  If it is created successfully, it will return , Otherwise, call IoDeleteDevice Delete device 
    status = IoCreateSymbolicLink(&SymLinkName, &devName);
    if(!NT_SUCCESS(status))
    {
        IoDeleteDevice(pDevObj);
        return status;
    }
    return STATUS_SUCCESS;
}

//  Define the driver unload function 
#pragma PAGEDCODE
VOID HelloDDKUnload(IN PDRIVER_OBJECT pDriverObject)
{
    PDEVICE_OBJECT pNextObj;
    KdPrint(("Enter DriverUnload\n"));
    //  Get the device object from the driver object 
    pNextObj = pDriverObject->DeviceObject;
    //  Traverse the device object 
    while(pNextObj != NULL)
    {
        PDEVICE_EXTENSION pDevExt   = (PDEVICE_EXTENSION)pNextObj->DeviceExtension;

        //  Remove symbolic links 
        UNICODE_STRING pLinkName    = pDevExt->ustrSymLinkName;
        //  Delete symbolic links of device objects 
        IoDeleteSymbolicLink(&pLinkName);
        pNextObj                    = pNextObj->NextDevice;
        IoDeleteDevice(pDevExt->pDevice);
    }
}

//  Define default dispatch routines 
#pragma PAGEDCODE
NTSTATUS HelloDDKDispatchRoutine(
    IN PDEVICE_OBJECT pDevObj,
    IN PIRP pIrp)
{
    KdPrint(("Enter HelloDDKDispatchRoutine\n"));
    NTSTATUS status = STATUS_SUCCESS;
    //  complete IRP
    //  About IRP Introduction to , I'll introduce it later 
    pIrp->IoStatus.Status = status;
    pIrp->IoStatus.Information = 0;
    IoCompleteRequest(pIrp, IO_NO_INCREMENT);
    KdPrint(("Leave HelloDDKDispatchRoutine\n"));
    return status;
}

source

TARGETNAME=HelloDDK
TARGETTYPE=DRIVER
TARGETPATH=OBJ

INCLUDES=$(BASEDIR)\inc;\
         $(BASEDIR)\inc\ddk;\

SOURCES=helloddk.cpp\