windows驱动程序入门比较坑爹一点，本文旨在降低入门的门槛。注：下面的主要以NT式驱动为例，部分涉及到WDM驱动的差别会有特别说明。

首先，肯定是配置好对应的开发环境啦，不懂的就百度下吧，这里不再次描述了。

在Console控制台下，我们的有一个入口函数main；在Windows图形界面平台下，有另外一个入口函数Winmain。我们只要在这入口函数里面调用其他相关的函数，程序就会按照我们的意愿跑起来了。在我们用IDE开发的时候，也许你不会发现这些细微之处是如何配置出来的，一般来说我们也不用理会，因为在新建工程的时候，IDE已经帮我们把编译器（Compiler）以及连接器（Linker）的相关参数设置好，在正式编程的时候，我们只要按照规定的框架编程就行了。

同样，在驱动程序也有一个入口函数DriverEntry，这并不是一定的，但这是微软默认的、推荐使用的。在我们配置开发环境的时候我们有机会指定入口函数，这是链接器的参数/entry:"DriverEntry"。

入口函数的声明

NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,PUNICODE_STRING pRegistryPath)  

#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)  

#define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1)  
#define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2)  
#define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3)  

typedef struct _UNICODE_STRING {  
  USHORT  Length;  
  USHORT  MaximumLength;  
  PWSTR  Buffer;  
} UNICODE_STRING, *PUNICODE_STRING;  

typedef struct _DRIVER_OBJECT {  
    CSHORT Type;  
    CSHORT Size;  
    PDEVICE_OBJECT DeviceObject;  
    ULONG Flags;  
    PVOID DriverStart;  
    ULONG DriverSize;  
    PVOID DriverSection;  
    PDRIVER_EXTENSION DriverExtension;  
    UNICODE_STRING DriverName;  
    PUNICODE_STRING HardwareDatabase;  
    PFAST_IO_DISPATCH FastIoDispatch;  
    PDRIVER_INITIALIZE DriverInit;  
    PDRIVER_STARTIO DriverStartIo;  
    PDRIVER_UNLOAD DriverUnload;  
    PDRIVER_DISPATCH MajorFunction[IRP_MJ_MAXIMUM_FUNCTION + 1];  
} DRIVER_OBJECT;  

typedef struct _DEVICE_OBJECT {  
  CSHORT                      Type;  
  USHORT                      Size;  
  LONG                        ReferenceCount;  
  struct _DRIVER_OBJECT  *DriverObject;  
  struct _DEVICE_OBJECT  *NextDevice;  
  struct _DEVICE_OBJECT  *AttachedDevice;  
  struct _IRP  *CurrentIrp;  
  PIO_TIMER                   Timer;  
  ULONG                       Flags;  
  ULONG                       Characteristics;  
  __volatile PVPB             Vpb;  
  PVOID                       DeviceExtension;  
  DEVICE_TYPE                 DeviceType;  
  CCHAR                       StackSize;  
  union {  
    LIST_ENTRY         ListEntry;  
    WAIT_CONTEXT_BLOCK Wcb;  
  } Queue;  
  ULONG                       AlignmentRequirement;  
  KDEVICE_QUEUE               DeviceQueue;  
  KDPC                        Dpc;  
  ULONG                       ActiveThreadCount;  
  PSECURITY_DESCRIPTOR        SecurityDescriptor;  
  KEVENT                      DeviceLock;  
  USHORT                      SectorSize;  
  USHORT                      Spare1;  
  struct _DEVOBJ_EXTENSION  *  DeviceObjectExtension;  
  PVOID                       Reserved;  
} DEVICE_OBJECT, *PDEVICE_OBJECT;  

#ifdef __cplusplus
extern "C"
{
#endif

#include <NTDDK.h>

#ifdef __cplusplus
};
#endif

#define PAGECODE code_seg("PAGE")
#define LOCKEDCODE code_seg()
#define INITCODE code_seg("INIT")

#define PAGEDATA data_seg("PAGE")
#define LOCKEDDATA data_seg()
#define INITDATA data_seg("INIT")


typedef struct _DEVICE_EXTENSION
{
	PDEVICE_OBJECT pDevice;
	UNICODE_STRING ustrDeviceName;
	UNICODE_STRING ustrSymLinkName;
} DEVICE_EXTENSION , *PDEVICE_EXTENSION;

//函数声明
NTSTATUS DispatchRoutine(__in struct _DEVICE_OBJECT  *DeviceObject, __in struct _IRP  *Irp);
VOID UnloadRoutine(__in struct _DRIVER_OBJECT  *DriverObject);

///////////////////////
#pragma INITCODE
extern "C" NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,
								PUNICODE_STRING pRegistryPath)
{
	NTSTATUS status;
	PDEVICE_EXTENSION pDevExt;
	PDEVICE_OBJECT pDevObj;
	KdPrint(("\n--------------------------------------!\n"));
	KdPrint(("Enter DriverEntry!\n"));
	//注册相关例程
	pDriverObject->DriverUnload = UnloadRoutine;
	pDriverObject->MajorFunction[IRP_MJ_CREATE]	=	DispatchRoutine;
	pDriverObject->MajorFunction[IRP_MJ_READ]	=	DispatchRoutine;
	pDriverObject->MajorFunction[IRP_MJ_WRITE]	=	DispatchRoutine;
	pDriverObject->MajorFunction[IRP_MJ_CLOSE]	=	DispatchRoutine;

	//初始化相关字符串
	UNICODE_STRING ustrDeviceName;	//设备名
	UNICODE_STRING ustrSymLinkName; //符号链接名

	RtlInitUnicodeString(&ustrDeviceName,L"\\Device\\MyDDKDevice1");
	RtlInitUnicodeString(&ustrSymLinkName,L"\\??\\MyDDKDriver1");

	//创建设备对象
	
	status = IoCreateDevice(pDriverObject,sizeof(DEVICE_EXTENSION),&ustrDeviceName,FILE_DEVICE_UNKNOWN,0,TRUE,&pDevObj);
	if (!NT_SUCCESS(status))
	{
		KdPrint(("Create Device Failure!\n"));
		return status;	
	}
	pDevObj->Flags |= DO_BUFFERED_IO;
	pDevExt = (PDEVICE_EXTENSION)pDevObj->DeviceExtension;
	pDevExt->ustrDeviceName = ustrDeviceName;
	pDevExt->pDevice = pDevObj;

	//创建符号链接
	pDevExt->ustrSymLinkName = ustrSymLinkName;
	status = IoCreateSymbolicLink(&ustrSymLinkName,&ustrDeviceName);
	if (!NT_SUCCESS(status))
	{
		IoDeleteDevice(pDevObj);
		return status;
	}
	KdPrint(("Leave DriverEntry! stauts=%d",status));
	return status;
}

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课