// LoadNTDriver.cpp : 定义控制台应用程序的入口点。 // #include "stdafx.h" #include <Windows.h> #include <winsvc.h> #include <conio.h> #include <stdio.h> #define DRIVER_NAME TEXT("HelloDDK") #define DRIVER_PATH TEXT("..\\Driver Debug\\HelloDDK.sys") /************************************************************************ * 函数名称:LoadNTDriver * 功能描述:装在NT驱动程序 * 参数列表: lpszDriverName:驱动名 lpszDriverPath:驱动路径 * 返回 值:是否卸载成功BOOL *************************************************************************/ BOOL LoadNTDriver(TCHAR * lpszDriverName, TCHAR * lpszDriverPath) { TCHAR szDriverImagePath[256]; //得到完整的驱动路径 GetFullPathName(lpszDriverPath, 256, szDriverImagePath, NULL); BOOL bRet = FALSE; SC_HANDLE hServiceMgr = NULL;//SCM管理器的句柄 SC_HANDLE hServiceDDK = NULL;//TN驱动程序的服务句柄 //SC_MANAGER_ALL_ACCESS 使用权限 hServiceMgr = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if( hServiceMgr == NULL ) { //OpenSCManager失败 printf("OpenSCManager() Faild %d ! \n", GetLastError()); bRet = FALSE; goto BeforeLeave; } else { //OpenSCManager成功 printf("OpenSCManager() ok ! \n"); } //创建驱动所对应的服务 hServiceDDK = CreateService(hServiceMgr, lpszDriverName, //驱动程序的在注册表中的名字 lpszDriverName, // 注册表驱动程序的 DisplayName 值 SERVICE_ALL_ACCESS, // 加载驱动程序的访问权限 SERVICE_KERNEL_DRIVER, // 表示加载的服务是驱动程序 SERVICE_DEMAND_START, // 注册表驱动程序的 Start 值 SERVICE_ERROR_IGNORE, // 注册表驱动程序的 ErrorControl 值 szDriverImagePath, // 注册表驱动程序的 ImagePath 值 NULL, NULL, NULL, NULL, NULL); DWORD dwRtn; //判断服务是否失败 if( hServiceDDK == NULL ) { dwRtn = GetLastError(); if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_EXISTS ) { //由于其他原因创建服务失败 printf("CreateService() Faild %d ! \n", dwRtn); bRet = FALSE; goto BeforeLeave; } else { //服务创建失败,是由于服务已经创建过 printf("CreateService() Faild Service is ERROR_IO_PENDING OR ERROR_SERVICE_EXISTS ! \n"); } //驱动程序已经加载,只需要打开 hServiceDDK = OpenService( hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS ); if( hServiceDDK == NULL ) { //如果打开服务也失败,则意味着错误 dwRtn = GetLastError(); printf("OpenService() Faild %d ! \n", dwRtn); bRet = FALSE; goto BeforeLeave; } else { printf("OpenService() ok ! \n"); } } else { printf("CreateService() ok ! \n"); } //开启此项服务 bRet = StartService( hServiceDDK, NULL, NULL ); if( !bRet ) { DWORD DWORD = GetLastError(); if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_ALREADY_RUNNING ) { //开启服务失败 printf("StartSrivce() Faild %d ! \n", dwRtn); bRet = FALSE; goto BeforeLeave; } else { if( dwRtn == ERROR_IO_PENDING ) { //设备被挂住 printf( "StartService() Faild ERROR_IO_PENDING ! \n" ); bRet = FALSE; goto BeforeLeave; } else { //服务已经开启 printf( "StartService() ok ERROR_SERVICE_ALREADY_RUNNING ! \n" ); bRet = TRUE; goto BeforeLeave; } } } bRet = TRUE; //离开前关闭句柄 BeforeLeave: if(hServiceDDK) CloseServiceHandle(hServiceDDK); if(hServiceMgr) CloseServiceHandle(hServiceMgr); return bRet; } /************************************************************************ * 函数名称:UnloadNTDriver * 功能描述:卸载驱动程序 * 参数列表: szSvrName:服务名 * 返回 值:是否卸载成功BOOL *************************************************************************/ BOOL UnloadNTDriver(TCHAR * szSvrName) { BOOL bRet = FALSE; SC_HANDLE hServiceMgr = NULL;//SCM管理器的句柄 SC_HANDLE hServiceDDK = NULL;//TN驱动程序的服务句柄 SERVICE_STATUS SvrSta; //打开SCM管理器 hServiceMgr = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS ); if( hServiceMgr == NULL ) { //打开SCM管理器失败 printf( "OpenSCManager() Faild %d \n", GetLastError() ); bRet = FALSE; goto BeforeLeave; } else { //打开SCM管理器成功 printf( "OpenSCManager() ok ! \n" ); } //打开驱动所对应的服务 hServiceDDK = OpenService( hServiceMgr, szSvrName, SERVICE_ALL_ACCESS ); if( hServiceDDK == NULL ) { //打开驱动所对应的服务失败 printf( "OpenService() Faild %d \n", GetLastError() ); bRet = FALSE; goto BeforeLeave; } else { printf( "OpenService() ok ! \n" ); } //停止驱动程序,如果停止失败,只有重新启动才能,再动态加载 //SERVICE_CONTROL_CONTINUE:针对暂停的服务发出继续运行的命令 //SERVICE_CONTROL_PAUSE:针对正运行的服务发出暂停的命令 //SERVICE_CONTROL_STOP:针对运行的服务发出停止的命令 if( !ControlService( hServiceDDK, SERVICE_CONTROL_STOP, &SvrSta) ) { printf( "ControlService() Faild %d ! \n", GetLastError()); } else { //打开驱动所对应的失败 printf("ControlService() ok ! \n"); } //动态卸载驱动程序 if( !DeleteService( hServiceDDK) ) { //卸载失败 printf( "DeleteService() Faild %d !\n", GetLastError() ); } else { //卸载成功 printf( "DeleteService() ok !\n" ); } bRet = TRUE; //离开前 关闭打开的句柄 BeforeLeave: if( hServiceDDK ) CloseServiceHandle(hServiceDDK); if( hServiceMgr ) CloseServiceHandle(hServiceMgr); return bRet; } /************************************************************************ * 函数名称:TestDriver * 功能描述:测试驱动程序 * 参数列表: * 返回 值:void *************************************************************************/ void TestDriver() { //测试驱动程序 HANDLE hDevice = CreateFile(_T("\\\\.\\HelloDDK"), GENERIC_WRITE | GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL); if( hDevice != INVALID_HANDLE_VALUE ) { printf( "Create Device ok ! \n" ); } else { printf( "Create Device faild %d !\n", GetLastError() ); } CloseHandle(hDevice); } int _tmain(int argc, _TCHAR* argv[]) { //加载驱动 BOOL bRet = LoadNTDriver(DRIVER_NAME,DRIVER_PATH); if (!bRet) { printf("LoadNTDriver error\n"); return 0; } //加载成功 printf( "press any to create device!\n" ); getch(); TestDriver(); //这时候你可以通过注册表,或其他查看符号连接的软件验证。 printf( "press any to unload the driver!\n" ); getch(); //卸载驱动 UnloadNTDriver(DRIVER_NAME); if (!bRet) { printf("UnloadNTDriver error\n"); return 0; } return 0; }