作者:绿林科技
QQ:1473656864
文件名:NTDriverLoader.exe
OS:WinXP,Vista,Win7
功能:加载驱动
附加功能:对PE文件的合法性的检查、支持拖拽、保存路径
拖拽部分源代码:
void CDialog1::OnDropFiles(HDROP hDropInfo)
{
// TODO: 在此添加消息处理程序代码和/或调用默认值
wchar_t FileName[MAX_PATH + 1] = {0};//被拖拽的文件的绝对路径
::DragQueryFileW(hDropInfo, 0, FileName, MAX_PATH);//拖拽的文件名
CString str1,str2,str3;
HANDLE hFile;
IMAGE_DOS_HEADER dosHeader;
IMAGE_NT_HEADERS ntHeaders;
BOOL bValid = FALSE;
DWORD dwRead;
//第一步,打开要检测的文件
hFile = CreateFile(FileName, GENERIC_READ, FILE_SHARE_READ, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
//第二步,检测DOS头部的有效性
ReadFile(hFile, &dosHeader, sizeof(dosHeader), &dwRead, NULL);
if(dwRead == sizeof(dosHeader))
{
if(IMAGE_DOS_SIGNATURE == dosHeader.e_magic)
{
//第三步,定位image_nt_headers的位置
if(SetFilePointer(hFile, dosHeader.e_lfanew, NULL, FILE_BEGIN))
{
ReadFile(hFile, &ntHeaders, sizeof(ntHeaders), &dwRead, NULL);
if(dwRead == sizeof(ntHeaders))
{
//最后一步,检测PE头部的有效性
if(IMAGE_NT_SIGNATURE == ntHeaders.Signature)
{
bValid = TRUE;
}
}
}
}
}
if(bValid)
{
//AfxMessageBox(_T("该程序是有效PE文件"));
str1=PathFindExtension(FileName);
str2=_T(".sys");
str3=_T(".SYS");
if (str1==str2 || str1==str3)
{
m_EDIT1.SetWindowTextW(FileName);
}
else
AfxMessageBox(_T("文件后缀名不符合要求!"));
}
else
{
AfxMessageBox(_T("该程序不是有效的PE文件"));
}
CloseHandle(hFile);
// 结束此次拖拽操作,并释放分配的资源
CDialogEx::OnDropFiles(hDropInfo);
}
安装的部分源代码:
void CDialog1::OnBnClickedButton2()
{
// TODO: 在此添加控件通知处理程序代码
CString DriverFilePath;
CString DriverFileName;
m_EDIT1.GetWindowTextW(DriverFilePath);
if (!PathFileExists(DriverFilePath))
{
AfxMessageBox(_T("该文件不存在!"));
return;
}
else
{
DriverFileName=PathFindFileName(DriverFilePath);
DriverFileName = DriverFileName.Left(DriverFileName.GetLength()-4);
//AfxMessageBox(DriverFileName);
}
if (InstallDriverCWinThread != NULL)
{
delete InstallDriverCWinThread;
InstallDriverCWinThread = NULL;
}
InstallDriverCWinThread = AfxBeginThread(InstallDriverThread,this);
InstallDriverCWinThread->m_bAutoDelete=FALSE;
}
UINT CDialog1::InstallDriverThread(LPVOID pParam)
{
CString strPath;
CString DriverFilePath;
CString DriverFileName;
CDialog1* pDlg = NULL;
pDlg = (CDialog1*)pParam;
pDlg->m_EDIT1.GetWindowTextW(strPath);
pDlg->m_EDIT1.GetWindowTextW(DriverFilePath);
if (!PathFileExists(DriverFilePath))
{
AfxMessageBox(_T("该文件不存在!"));
return 0;
}
else
{
DriverFileName=PathFindFileName(DriverFilePath);
DriverFileName = DriverFileName.Left(DriverFileName.GetLength()-4);
//AfxMessageBox(DriverFileName);
}
wchar_t szDriverImagePath[MAX_PATH];
//得到完整的驱动路径
::GetFullPathNameW(strPath, MAX_PATH, szDriverImagePath, NULL);
BOOL bRet = FALSE;
SC_HANDLE hServiceMgr=NULL;//SCM管理器的句柄
SC_HANDLE hServiceDDK=NULL;//NT驱动程序的服务句柄
//打开服务控制管理器
hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
if( hServiceMgr == NULL )
{
//OpenSCManager失败
pDlg->m_STATIC1.SetWindowTextW(_T("OpenSCManager失败"));
bRet = FALSE;
goto BeforeLeave;
}
else
{
////OpenSCManager成功
pDlg->m_STATIC1.SetWindowTextW(_T("OpenSCManager成功"));
}
//创建驱动所对应的服务
hServiceDDK = ::CreateServiceW( hServiceMgr,
DriverFileName, //驱动程序的在注册表中的名字
DriverFileName, // 注册表驱动程序的 DisplayName 值
SERVICE_ALL_ACCESS, // 加载驱动程序的访问权限
SERVICE_KERNEL_DRIVER,// 表示加载的服务是驱动程序
SERVICE_DEMAND_START, // 注册表驱动程序的 Start 值
SERVICE_ERROR_IGNORE, // 注册表驱动程序的 ErrorControl 值
szDriverImagePath, // 注册表驱动程序的 ImagePath 值
NULL,
NULL,
NULL,
NULL,
NULL);
DWORD dwRtn;
//判断服务是否失败
if( hServiceDDK == NULL )
{
dwRtn = GetLastError();
if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_EXISTS )
{
//由于其他原因创建服务失败
pDlg->m_STATIC1.SetWindowTextW(_T("由于其他原因创建服务失败"));
bRet = FALSE;
goto BeforeLeave;
}
else
{
//服务创建失败,是由于服务已经创立过
pDlg->m_STATIC1.SetWindowTextW(_T("服务创建失败,是由于服务已经创立过"));
}
// 驱动程序已经加载,只需要打开
hServiceDDK = ::OpenServiceW( hServiceMgr, DriverFileName, SERVICE_ALL_ACCESS );
if( hServiceDDK == NULL )
{
//如果打开服务也失败,则意味错误
dwRtn = GetLastError();
pDlg->m_STATIC1.SetWindowTextW(_T("如果打开服务也失败,则意味错误"));
bRet = FALSE;
goto BeforeLeave;
}
else
{
pDlg->m_STATIC1.SetWindowTextW(_T("OpenService() ok !"));
}
}
else
{
pDlg->m_STATIC1.SetWindowTextW(_T("CrateService() ok ! "));
}
//开启此项服务
bRet= ::StartServiceW( hServiceDDK, NULL, NULL );
if( !bRet )
{
DWORD dwRtn = GetLastError();
if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_ALREADY_RUNNING )
{
pDlg->m_STATIC1.SetWindowTextW(_T("StartService() Faild!"));
bRet = FALSE;
goto BeforeLeave;
}
else
{
if( dwRtn == ERROR_IO_PENDING )
{
//设备被挂住
pDlg->m_STATIC1.SetWindowTextW(_T("设备被挂住!"));
bRet = FALSE;
goto BeforeLeave;
}
else
{
//服务已经开启
pDlg->m_STATIC1.SetWindowTextW(_T("服务已经开启!"));
bRet = TRUE;
goto BeforeLeave;
}
}
}
bRet = TRUE;
pDlg->m_STATIC1.SetWindowTextW(_T("安装并启动服务成功!"));
//离开前关闭句柄
BeforeLeave:
if(hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if(hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
return bRet;
}
源程序和源码:
NTDriverLoader(Src & Bin).rar
Visual C/C++,汇编语言,驱动交流群:177822398、 177822108
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)