Attach_读写_windows驱动_Windows驱动级的读写_驱动读写_读写驱动_

共120个文件

tlog：96个

inf：4个

log：3个

版权申诉

windows驱动

驱动读写

读写驱动

5星 · 超过95%的资源 43 浏览量 2021-09-28 19:44:01 上传评论收藏 1.82MB RAR 举报

在Windows操作系统中，驱动级的读写操作是一个关键的系统层面功能，它涉及到硬件设备与应用程序之间的数据交换。本文将深入探讨Windows驱动级读写的工作原理、重要性以及实现方式。我们要明白驱动程序是操作系统与硬件设备之间的桥梁。它们提供了一种抽象层，使得操作系统能够以统一的方式管理和控制各种不同类型的硬件。在读写操作中，驱动程序负责将操作系统发送的读写请求转化为特定硬件设备能理解的指令，同时，它也处理来自硬件的数据传输，将其转换为操作系统可以处理的形式。 Windows驱动级的读写主要分为两种类型：用户模式读写和内核模式读写。用户模式读写是通过API函数（如CreateFile、ReadFile和WriteFile）来完成的，适用于大多数应用程序。这些API函数会进一步调用内核模式的驱动程序来处理实际的硬件交互。而内核模式读写则直接在操作系统内核空间中进行，通常由系统服务或低级别的驱动程序执行，具有更高的效率和权限，但同时也需要更高的安全性和稳定性。驱动读写过程通常包含以下几个步骤： 1. **打开设备**：应用程序或驱动程序通过调用CreateFile函数，指定设备名称来打开设备，获取设备句柄。 2. **发送读/写请求**：使用ReadFile或WriteFile函数，将读/写请求和缓冲区地址传递给驱动程序。 3. **驱动处理请求**：驱动程序接收到请求后，会根据硬件特性，将请求分解成硬件可执行的指令。 4. **硬件交互**：驱动程序向硬件发送指令，启动数据传输。这个过程中可能涉及中断处理，即硬件完成操作后，通过中断通知CPU。 5. **数据传输**：数据从硬件到内存，或者从内存到硬件的转移。 6. **完成请求**：驱动程序确认数据传输完成，通知操作系统，从而返回读写结果给调用者。在编写驱动程序时，需要遵循Windows Driver Model (WDM)、Kernel-Mode Driver Framework (KMDF) 或 User-Mode Driver Framework (UMDF) 规范。WDM是传统的驱动模型，适用于各种类型的驱动；KMDF提供了更高级别的抽象，简化了驱动开发；UMDF则允许在用户模式下编写驱动，提高了调试和安全性，但性能略低。了解驱动级读写对于系统开发者和硬件工程师来说至关重要，因为这直接影响到系统的性能、稳定性和兼容性。例如，优化驱动读写性能可以提高整个系统的响应速度，而正确处理错误和异常则能保证系统的可靠性。 Windows驱动级的读写是一个复杂而关键的过程，涉及到操作系统、驱动程序和硬件设备的紧密协作。掌握这一领域的知识对于提升系统级编程技能，以及解决硬件相关问题具有重要意义。

资源推荐

资源详情

资源评论

收起资源包目录

Attach_读写_windows驱动_Windows驱动级的读写_驱动读写_读写驱动_ （120个子文件）

Io.c 7KB

Driver.c 152B

attach.cat 3KB

Attach.cer 856B

WdfCoinstaller01009.dll 1.64MB

Attach.vcxproj.filters 2KB

Io.h 9KB

Attach.inf 2KB

Attach.lastbuildstate 215B

Attach.Build.CppClean.log 42KB

Attach.log 686B

inf2catOutput.log 209B

Io.obj 31KB

Driver.obj 16KB

Attach.pdb 612KB

vc141.pdb 156KB

Attach.sln 3KB

Attach.sys 10KB

CL.read.1.tlog 17KB

inf2cat-expand.read.1.tlog 8KB

inf2cat-expand.write.1.tlog 5KB

CL.command.1.tlog 3KB

link.command.1.tlog 2KB

link.read.1.tlog 2KB

CL.write.1.tlog 656B

signtool.read.1.tlog 654B

inf2cat-expand.6212.read.1.tlog 652B

inf2cat-expand.392.read.1.tlog 652B

inf2cat-expand.412.read.1.tlog 652B

inf2cat-expand.6268.read.1.tlog 652B

inf2cat-expand.14056.read.1.tlog 652B

inf2cat-expand.11588.read.1.tlog 652B

inf2cat-expand.11312.read.1.tlog 652B

inf2cat-expand.12780.read.1.tlog 652B

inf2cat-expand.11816.read.1.tlog 652B

inf2cat-expand.4152.read.1.tlog 652B

inf2cat-expand.11912.read.1.tlog 652B

inf2cat-expand.188.read.1.tlog 652B

inf2cat-expand.7724.read.1.tlog 652B

inf2cat-expand.11856.read.1.tlog 600B

inf2cat-expand.5044.read.1.tlog 600B

inf2cat-expand.5428.read.1.tlog 600B

inf2cat-expand.5288.read.1.tlog 600B

inf2cat-expand.12688.read.1.tlog 600B

inf2cat-expand.5480.read.1.tlog 600B

inf2cat-expand.5744.read.1.tlog 600B

inf2cat-expand.12732.read.1.tlog 600B

inf2cat-expand.5976.read.1.tlog 600B

inf2cat-expand.13352.read.1.tlog 600B

inf2cat-expand.7712.read.1.tlog 600B

inf2cat-expand.7132.read.1.tlog 600B

inf2cat-expand.5452.read.1.tlog 600B

inf2cat-expand.11744.read.1.tlog 600B

inf2cat-expand.11580.read.1.tlog 600B

inf2cat-expand.8912.read.1.tlog 600B

inf2cat-expand.9100.read.1.tlog 600B

inf2cat-expand.4688.read.1.tlog 600B

inf2cat-expand.8788.read.1.tlog 600B

inf2cat-expand.11772.read.1.tlog 600B

inf2cat-expand.8400.read.1.tlog 600B

inf2cat-expand.11232.read.1.tlog 600B

inf2cat-expand.11724.read.1.tlog 600B

inf2cat-expand.6004.read.1.tlog 600B

inf2cat-expand.12908.read.1.tlog 600B

inf2cat-expand.4152.write.1.tlog 438B

inf2cat-expand.14056.write.1.tlog 438B

inf2cat-expand.11312.write.1.tlog 438B

inf2cat-expand.11588.write.1.tlog 438B

inf2cat-expand.7724.write.1.tlog 438B

inf2cat-expand.6268.write.1.tlog 438B

inf2cat-expand.188.write.1.tlog 438B

inf2cat-expand.412.write.1.tlog 438B

inf2cat-expand.12780.write.1.tlog 438B

inf2cat-expand.11816.write.1.tlog 438B

inf2cat-expand.392.write.1.tlog 438B

inf2cat-expand.11912.write.1.tlog 438B

inf2cat-expand.6212.write.1.tlog 438B

inf2cat-expand.12732.write.1.tlog 412B

inf2cat-expand.11232.write.1.tlog 412B

inf2cat-expand.5976.write.1.tlog 412B

inf2cat-expand.11772.write.1.tlog 412B

inf2cat-expand.5452.write.1.tlog 412B

inf2cat-expand.4688.write.1.tlog 412B

inf2cat-expand.8788.write.1.tlog 412B

inf2cat-expand.7712.write.1.tlog 412B

inf2cat-expand.12908.write.1.tlog 412B

inf2cat-expand.11724.write.1.tlog 412B

inf2cat-expand.8912.write.1.tlog 412B

inf2cat-expand.11744.write.1.tlog 412B

inf2cat-expand.5044.write.1.tlog 412B

inf2cat-expand.11856.write.1.tlog 412B

inf2cat-expand.7132.write.1.tlog 412B

inf2cat-expand.11580.write.1.tlog 412B

inf2cat-expand.5480.write.1.tlog 412B

inf2cat-expand.6004.write.1.tlog 412B

inf2cat-expand.12688.write.1.tlog 412B

共 120 条

#include "Io.h" VOID KSleep(LONG MilliSecond) { LARGE_INTEGER Interval = { 0 }; Interval.QuadPart = DELAY_ONE_MILLISECOND; Interval.QuadPart *= MilliSecond; KeDelayExecutionThread(KernelMode, 0, &Interval); } KIRQL Open() // 关 { KIRQL irql = KeRaiseIrqlToDpcLevel(); UINT64 cr0 = __readcr0(); cr0 &= 0xfffffffffffeffff; __writecr0(cr0); _disable(); return irql; } void Close(KIRQL irql) //开 { UINT64 cr0 = __readcr0(); cr0 |= 0x10000; _enable(); __writecr0(cr0); KeLowerIrql(irql); } NTSTATUS ReadPhysicalMemory(ULONGLONG startaddress, UINT_PTR bytestoread, PVOID output) { NTSTATUS ntStatus = STATUS_UNSUCCESSFUL; PMDL outputMDL; outputMDL = IoAllocateMdl(output, (ULONG)bytestoread, FALSE, FALSE, NULL); __try { MmProbeAndLockPages(outputMDL, KernelMode, IoWriteAccess); } __except (1) { IoFreeMdl(outputMDL); return STATUS_UNSUCCESSFUL; } /*__try { RtlInitUnicodeString(&physmemString, physmemName); InitializeObjectAttributes(&attributes, &physmemString, OBJ_CASE_INSENSITIVE, NULL, NULL); ntStatus = ZwOpenSection(&physmem, SECTION_ALL_ACCESS, &attributes); if (ntStatus == STATUS_SUCCESS) { SIZE_T length; PHYSICAL_ADDRESS viewBase; UINT_PTR offset; UINT_PTR toread; viewBase.QuadPart = (ULONGLONG)(startaddress); length = 0x2000; toread = bytestoread; memoryview = NULL; ntStatus = ZwMapViewOfSection( physmem, //sectionhandle NtCurrentProcess(), //processhandle (should be -1) &memoryview, //BaseAddress 0L, //ZeroBits length, //CommitSize &viewBase, //SectionOffset &length, //ViewSize ViewShare, 0, PAGE_READWRITE); if ((ntStatus == STATUS_SUCCESS) && (memoryview != NULL)) { if (toread > length) toread = length; if (toread) { __try { offset = (UINT_PTR)(startaddress)-(UINT_PTR)viewBase.QuadPart; if (offset + toread > length) { return STATUS_UNSUCCESSFUL; } else { RtlCopyMemory(output, &memoryview[offset], toread); } ZwUnmapViewOfSection(NtCurrentProcess(), memoryview); } __except (1) { return STATUS_UNSUCCESSFUL; } } } else { return STATUS_UNSUCCESSFUL; } ZwClose(physmem); }; } __except (1) { DbgPrint("Error while reading physical memory\n"); }*/ ntStatus = STATUS_SUCCESS; MmUnlockPages(outputMDL); IoFreeMdl(outputMDL); return ntStatus; } #pragma alloc_text( NOPAGE,ReadProcess) VOID ReadProcess(HANDLE Pid,ULONG Addr, UINT_PTR bytestoread, PVOID output) { NTSTATUS nStatus; PEPROCESS pEProcess = NULL; KAPC_STATE KAPC = { 0 }; PHYSICAL_ADDRESS PhyAddr; BOOLEAN bIsAttached = FALSE; nStatus = PsLookupProcessByProcessId(Pid, &pEProcess); if (!NT_SUCCESS(nStatus)) { return; } KeStackAttachProcess(pEProcess,&KAPC); bIsAttached = TRUE; if (MmIsAddressValid((PVOID)Addr) == 0) { goto TABLE1; } PhyAddr = MmGetPhysicalAddress((PVOID)Addr); PVOID Temp = MmMapIoSpace(PhyAddr, bytestoread, 0); RtlCopyMemory(output, Temp, bytestoread); MmUnmapIoSpace(Temp, bytestoread); TABLE1: if (bIsAttached != FALSE) { KeUnstackDetachProcess(&KAPC); } if (pEProcess != NULL) { ObDereferenceObject(pEProcess); pEProcess = NULL; } } NTSTATUS CreateIoObject(PDRIVER_OBJECT DriverObject) { UNICODE_STRING DriverObjectName = RTL_CONSTANT_STRING(DEVICE_OBJECT_NAME); UNICODE_STRING DriverLinkName = RTL_CONSTANT_STRING(DRIVER_LINK_NAME); PDEVICE_OBJECT DeivceObject = NULL; NTSTATUS Status = STATUS_UNSUCCESSFUL; Status = IoCreateDevice(DriverObject, 0, &DriverObjectName, FILE_DEVICE_UNKNOWN, 0, FALSE, &DeivceObject); if (!NT_SUCCESS(Status)) { DbgPrint("CreateDeviceFail\n"); return Status; } Status = IoCreateSymbolicLink(&DriverLinkName, &DriverObjectName); if (!NT_SUCCESS(Status)) { DeivceObject = NULL; DbgPrint("CreateSymbolicLinkFail\n"); return Status; } Status = STATUS_SUCCESS; return Status; } VOID UnLoad(PDRIVER_OBJECT DriverObject) { UNICODE_STRING DriverLinkName; PDEVICE_OBJECT Tmp_DriverOject = NULL; PDEVICE_OBJECT Delete = NULL; RtlInitUnicodeString(&DriverLinkName, DRIVER_LINK_NAME); IoDeleteSymbolicLink(&DriverLinkName); Delete = DriverObject->DeviceObject; while (Delete != NULL) { Tmp_DriverOject = Delete->NextDevice; IoDeleteDevice(Delete); Delete = Tmp_DriverOject; } //PsRemoveLoadImageNotifyRoutine(LoadImageRoutine); } NTSTATUS PassThroughDispatch(PDEVICE_OBJECT DriverOject, PIRP Irp) { Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = 0; IoCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_SUCCESS; } VOID SetDispatch(PDRIVER_OBJECT DriverObject) { if (!NT_SUCCESS(CreateIoObject(DriverObject))) { DbgPrint("CreateIoObjectDriverObject Error"); return; } for (ULONG i = 0; i<IRP_MJ_MAXIMUM_FUNCTION; i++) { DriverObject->MajorFunction[i] = PassThroughDispatch; //函数指针 } DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ControlThroughDispatch; DriverObject->DriverUnload = UnLoad; } NTSTATUS ControlThroughDispatch(PDEVICE_OBJECT DeviceObject, PIRP Irp) { NTSTATUS Status = STATUS_UNSUCCESSFUL; ULONG_PTR Informaiton = 0; PVOID InputData = NULL; ULONG InputDataLength = 0; PVOID OutputData = NULL; ULONG OutputDataLength = 0; ULONG IoControlCode = 0; PIO_STACK_LOCATION IoStackLocation = IoGetCurrentIrpStackLocation(Irp); //Irp堆栈 IoControlCode = IoStackLocation->Parameters.DeviceIoControl.IoControlCode; InputData = Irp->AssociatedIrp.SystemBuffer; OutputData = Irp->AssociatedIrp.SystemBuffer; InputDataLength = IoStackLocation->Parameters.DeviceIoControl.InputBufferLength; OutputDataLength = IoStackLocation->Parameters.DeviceIoControl.OutputBufferLength; switch (IoControlCode) { case READ_PROCESS: { if (InputData != NULL && InputDataLength > 0) { if (OutputData != NULL) { p_Read Read = (p_Read)InputData; SIZE_T OutSize = 0; ReadProcess((HANDLE)Read->pid, Read->Addr, Read->Size, OutputData); Informaiton = Read->Size; Status = STATUS_SUCCESS; } break; } } case GET_DLL_BASE: { if (OutputData != NULL) { memcpy(OutputData, CShellBase, sizeof(int)); Informaiton = sizeof(int); Status = STATUS_SUCCESS; break; } } default: break; } Irp->IoStatus.Status = Status; //Ring3 GetLastError(); Irp->IoStatus.Information = Informaiton; IoCompleteRequest(Irp, IO_NO_INCREMENT); //将Irp返回给Io管理器 return Status; //Ring3 DeviceIoControl()返回值 } VOID LoadImageRoutine(IN PUNICODE_STRING FullImageName, IN HANDLE ProcessId, // where image is mapped IN PIMAGE_INFO ImageInfo) { if (wcsstr(FullImageName->Buffer, L"\\CShell.dll") != NULL) { CShellBase = ImageInfo->ImageBase; } }

评论收藏

内容反馈

版权申诉