EXE代码
HANDLE ReadFiles()
{
HANDLE hDevice = CreateFile("
\\\\.\\HomeDrv"//这里不知道对不对,GENERIC_ALL,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if (hDevice == INVALID_HANDLE_VALUE)
{
MessageBox(0,"获取句柄失败","错误提示",IDOK);
}
else
{
return hDevice;
}
}
SYS代码
RtlInitUnicodeString(&sysLinkName,L"\\??\\HomeDrv"); //取得设备符号链接
pDriverObject->MajorFunction[ IRP_MJ_DEVICE_CONTROL]=ddk_DispatchRoutine_CONTROL; //注册派遣函数
NTSTATUS ddk_DispatchRoutine_CONTROL(IN PDEVICE_OBJECT pDevobj,IN PIRP pIrp )
{
ULONG info;
PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);
NTSTATUS status = STATUS_SUCCESS;
ULONG cbin = stack->Parameters.DeviceIoControl.InputBufferLength;
ULONG cout = stack->Parameters.DeviceIoControl.OutputBufferLength;
ULONG code = stack->Parameters.DeviceIoControl.IoControlCode;
switch(code)
{
case add_code :
{
int a,b,c;
int* InputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer;
__asm
{
mov eax,InputBuffer
mov ebx,[eax]
mov a,ebx
mov ebx,[eax+4]
mov b,ebx
}
c = a + b;
KdPrint(("A=%d,B=%d",a,b));
__asm
{
mov ebx,c
mov eax,InputBuffer
mov [eax],ebx
}
KdPrint(("成功回传"));
break;
}
case sub_code :
{
KdPrint(("sub_code"));
break;
}
}
pIrp->IoStatus.Information=info;//设置操作的字节数为0,这里无实际意义
pIrp->IoStatus.Status=STATUS_SUCCESS;//返回成功
IoCompleteRequest(pIrp,IO_NO_INCREMENT);//指示完成此IRP
KdPrint(("离开派遣函数\n"));//调试信息
return STATUS_SUCCESS; //返回成功
}
[课程]Linux pwn 探索篇!
