#include <ntifs.h>
#include <windef.h>
/*
汇编也可以写内核的DLL,包括64位的。
这里也就不说了。
VS2012和VS2013应该也可以,好像应该有示例的工程。
这里是WDK的内核的DLL的示例。
参考:
http://msdn.microsoft.com/zh-cn/library/windows/hardware/ff542891(v=vs.85).aspx
http://msdn.microsoft.com/zh-cn/library/windows/hardware/dn613893(v=vs.85).aspx
http://www.wd-3.com/archive/KernelDlls.htm
注意事项:
1.Unlike a standard driver, however, an export driver does not receive IRPs or occupy a place in the driver stack, nor is it considered to be a system service.
2.(Even if you use DECLSPEC_EXPORT, your .def file must contain at least DllInitialize and DllUnload so you can mark these functions as PRIVATE.)
3.You can build any standard driver as an export driver—it will operate as a standard driver when loaded in the usual way, and also export functions that other drivers can call.
made by correy
made at 2014.08.09
homepage:http://correy.webs.com
*/
//DECLSPEC_IMPORT
//DECLSPEC_EXPORT
__declspec(dllexport) int test ()
{
int Status = STATUS_SUCCESS;
KdPrint(("内核DLL的test\n"));
return Status;
}
NTSTATUS DllUnload(void)
{
NTSTATUS Status = STATUS_SUCCESS;
KdPrint(("内核DLL的DllUnload\n"));
return Status;
}
NTSTATUS DllInitialize(_In_ PUNICODE_STRING RegistryPath)
{
NTSTATUS Status = STATUS_SUCCESS;
KdPrint(("内核DLL的DllInitialize\n"));
return Status;
}
DRIVER_UNLOAD Unload;
VOID Unload(__in PDRIVER_OBJECT DriverObject)
{
KdPrint(("内核DLL的Unload\n"));
}
/*
At a minimum, an export driver must have a DriverEntry routine;
this can be an empty stub to satisfy build scripts--the export driver's DriverEntry is never called by Plug and Play.
*/
#pragma INITCODE
DRIVER_INITIALIZE DriverEntry;
NTSTATUS DriverEntry(__in struct _DRIVER_OBJECT * DriverObject, __in PUNICODE_STRING RegistryPath)
{
NTSTATUS Status = STATUS_SUCCESS;
KdBreakPoint();
DriverObject->DriverUnload = Unload;
KdPrint(("内核DLL的入口\n"));
return Status;
}
source文件如下:
TARGETNAME=KernelDLL #The .sys file is your kernel-mode DLL.
TARGETTYPE=EXPORT_DRIVER #这也可能决定了别的程序对这个文件的调用方式(静态链接和只有函数的信息)。DRIVER_LIBRARY可能就是静态链接的。以及生成的文件大小等。
SOURCES=KernelDLL.C
DLLDEF=def.def #这个文件没有使用。这是另一个办法。
TARGETPATH=obj
/////////////////////////////////////////////////////////////////////////////////////////////////////////
#include <ntifs.h>
#include <windef.h>
DECLSPEC_IMPORT int test ();
DRIVER_UNLOAD Unload;
VOID Unload(__in PDRIVER_OBJECT DriverObject)
{
}
#pragma INITCODE
DRIVER_INITIALIZE DriverEntry;
NTSTATUS DriverEntry(__in struct _DRIVER_OBJECT * DriverObject, __in PUNICODE_STRING RegistryPath)
{
NTSTATUS Status = STATUS_SUCCESS;
KdBreakPoint();
DriverObject->DriverUnload = Unload;
test();
return Status;
}
source文件如下:
TARGETNAME=test
TARGETTYPE=DRIVER
SOURCES=test.C
TARGETPATH=obj
TARGETLIBS=KernelDLL.lib #要把这个文件复制到相应的位置。好像还有静态链接和动态链接之别。
/////////////////////////////////////////////////////////////////////////////////////////////////////////
测试:
1.Export drivers must be installed in the %Windir%\System32\Drivers directory.
2.Install the export driver .sys file in the %windir%\system32\drivers directory.
It will be loaded the first time any other driver calls into it.
先加载KernelDLL.sys.
不然test.sys加载失败。
开始觉得这不可思议,不像DLL。
又一想系统的SYS也都是这样的。如ntos*.exe NDIS.SYS。
所以此功能用处不大。
3.加载test.sys.
效果就不说了。
2014年8月9日星期六
编写内核DLL
订阅:
博文评论 (Atom)
没有评论:
发表评论