keyboard_filters.c

//简单的让人觉得不可思议。

#include "ntddk.h"

#include <ntddkbd.h>

#include "stdio.h"

typedef struct _DEVICE_EXTENSION

{

  PDEVICE_OBJECT  TopOfStack;

} DEVICE_EXTENSION, *PDEVICE_EXTENSION;

NTSTATUS Ctrl2capReadComplete( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp,IN PVOID Context )

{

    PKEYBOARD_INPUT_DATA      KeyData;

    

    if( NT_SUCCESS( Irp->IoStatus.Status ) ) 

    {

        KeyData = Irp->AssociatedIrp.SystemBuffer;

        

        DbgPrint("ScanCode: %x ", KeyData[0].MakeCode );

        DbgPrint("%s\n", KeyData[0].Flags ? "Up" : "Down" );

    }

    

    if( Irp->PendingReturned ) 

    {

        IoMarkIrpPending( Irp );

    }

    return Irp->IoStatus.Status;

}

NTSTATUS Ctrl2capDispatchRead( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp )

{

    PDEVICE_EXTENSION   devExt;

    PIO_STACK_LOCATION  currentIrpStack;

    PIO_STACK_LOCATION  nextIrpStack;

    

    currentIrpStack = IoGetCurrentIrpStackLocation(Irp);

    nextIrpStack = IoGetNextIrpStackLocation(Irp);    

    *nextIrpStack = *currentIrpStack;

    IoSetCompletionRoutine( Irp, Ctrl2capReadComplete, DeviceObject,1,1,1);

    

    devExt = (PDEVICE_EXTENSION) DeviceObject->DeviceExtension;

    return IoCallDriver( devExt->TopOfStack, Irp );

}

NTSTATUS Ctrl2capDispatchGeneral(IN PDEVICE_OBJECT DeviceObject,IN PIRP  Irp )

{

    Irp->CurrentLocation++;                  //IoSkipCurrentIrpStackLocation macro

    Irp->Tail.Overlay.CurrentStackLocation++;//这两句等于上面的宏。

    return IoCallDriver(((PDEVICE_EXTENSION) DeviceObject->DeviceExtension)->TopOfStack, Irp);

}

NTSTATUS DriverEntry(IN PDRIVER_OBJECT  DriverObject,IN PUNICODE_STRING RegistryPath)

{

    ULONG             i;

    CCHAR             ntNameBuffer[64];

    STRING            ntNameString;

    UNICODE_STRING    ntUnicodeString;

    PDEVICE_OBJECT    device;

    NTSTATUS          status;

    PDEVICE_EXTENSION devExt;

    

    //_asm int 3;

    

    for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++) 

    {

        DriverObject->MajorFunction[i] = Ctrl2capDispatchGeneral;

    }

    DriverObject->MajorFunction[IRP_MJ_READ] = Ctrl2capDispatchRead;

    

    sprintf( ntNameBuffer, "\\Device\\KeyboardClass0" );

    RtlInitAnsiString( &ntNameString, ntNameBuffer );

    RtlAnsiStringToUnicodeString( &ntUnicodeString, &ntNameString, TRUE );

    status = IoCreateDevice(DriverObject,sizeof(DEVICE_EXTENSION),0,FILE_DEVICE_KEYBOARD,0,0,&device);

    device->Flags |= DO_BUFFERED_IO;

    device->Flags &= ~DO_DEVICE_INITIALIZING;

    

    devExt = (PDEVICE_EXTENSION) device->DeviceExtension;

    status = IoAttachDevice( device, &ntUnicodeString, &devExt->TopOfStack );

    return STATUS_SUCCESS;

}

sources文件的内容如下：

C_DEFINES=/DWIN2K=1

TARGETNAME=keyboard_filters

TARGETPATH=obj

TARGETTYPE=DRIVER

SOURCES=keyboard_filters.c