NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
{ DbgPrint("--<%wZ>--\n", reg_path);
driver->DriverUnload = DrvUnload;
UNICODE_STRING DeviceName;
RtlInitUnicodeString(&DeviceName, L"\\Device\\testdevice");
IoCreateDevice(driver, 0, &DeviceName, FILE_DEVICE_UNKNOWN, 0, TRUE, &pdev);
pdev->Flags |= DO_BUFFERED_IO;
RtlInitUnicodeString(&symblename, L"\\??\\testdevice_com");
IoCreateSymbolicLink(&symblename, &DeviceName);
for (int i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
{
driver->MajorFunction[i] = MyDriverApi;
}
return 0;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriver, PUNICODE_STRING str)
{
pDriver->DriverUnload = UnloadDriver;
UNICODE_STRING targeserver = { 0 };
RtlInitUnicodeString(&targeserver, L"\\REGISTRY\\MACHINE\\SYSTEM\\ControlSet001\\services\\testdevice"); //此处根据A驱动打印的信息硬编码
ZwUnloadDriver(&targeserver);
return 0;
}
如果R3不调用CreateFile 打开符号链接。是可以成功卸载的。但是调用后就卸载不掉。
ZwUnloadDriver 返回值0 实际没有卸载。。。求助大佬。如何弄
