//打开驱动设备对象
HANDLE hDevice = CreateFile(L"\\\\.\\Kbdclass" ,GENERIC_READ | GENERIC_WRITE ,
                                 0 ,NULL ,OPEN_EXISTING ,
		FILE_ATTRIBUTE_NORMAL ,NULL		) ;
	if (hDevice == INVALID_HANDLE_VALUE)//判断设备是否成功打开
	{
		printf("Main: Failed to open device handle error code: %d\n" ,GetLastError()) ;
		goto _Return ;
	}

	//打开Driver-->Kbdclass驱动对象
	RtlInitUnicodeString(&kbdDriverName ,KBD_DRIVER_NAME) ;
	ntStatus = ObReferenceObjectByName(&kbdDriverName ,OBJ_CASE_INSENSITIVE ,NULL ,0 ,IoDriverObjectType ,
                       KernelMode ,NULL ,&kbdDriverObject) ;
	if (!NT_SUCCESS(ntStatus))
	{
		KdPrint(("CreateDeviceFun: Open Kbdclass driver error.\n")) ;
		return(ntStatus) ;
	}
	else
	{
		//调用ObReferenceObjectByName会导致驱动对象的引用计数增加
		//必须调用相对应的解引用函数ObDereferenceObject
		ObDereferenceObject(pDriverObject) ;
	}
	
	//这是设备链的第一个设备，位于设备栈的顶层
	pTargetDeviceObject = kbdDriverObject->DeviceObject ;
	//遍历设备链
	while (pTargetDeviceObject)
	{
		//生成一个过滤设备
		ntStatus = IoCreateDevice(pDriverObject ,sizeof(KEY_BOARD_DEV_EXT) ,NULL ,pTargetDeviceObject->DeviceType ,
                               pTargetDeviceObject->Characteristics ,FALSE ,OUT &pFilterDeviceObject) ;
		if (!NT_SUCCESS(ntStatus))
		{
			KdPrint(("CreateDeviceFun: Create filter device error.\n")) ;
			return(ntStatus) ;
		}

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法