MINIFILTER框架的文件系統過濾驅動,無法使用的CreateService和OpenService進行動態加載。
看了一下,使用Inf文件安裝Minifilter驅動的方式是在註冊表驅動服務項下比傳統驅動多創建了Instances子鍵,然後讀取DefaultInstance值,這個值標明瞭Instance選項,然後,再去讀指定的Instance的Altitude和Flags值。
看了一下,使用Inf文件安裝Minifilter驅動的方式是在註冊表驅動服務項下比傳統驅動多創建了Instances子鍵,然後讀取DefaultInstance值,這個值標明瞭Instance選項,然後,再去讀指定的Instance的Altitude和Flags值。
頭文件代碼:
#include <winsvc.h>
#include <winioctl.h>
#define DRIVER_NAME "HelloDDK"
#define DRIVER_PATH ".\\HelloDDK.sys"
BOOL InstallDriver(const char* lpszDriverName,const char* lpszDriverPath,const char* lpszAltitude);
BOOL StartDriver(const char* lpszDriverName);
BOOL StopDriver(const char* lpszDriverName);
BOOL DeleteDriver(const char* lpszDriverName);
#include <winioctl.h>
#define DRIVER_NAME "HelloDDK"
#define DRIVER_PATH ".\\HelloDDK.sys"
BOOL InstallDriver(const char* lpszDriverName,const char* lpszDriverPath,const char* lpszAltitude);
BOOL StartDriver(const char* lpszDriverName);
BOOL StopDriver(const char* lpszDriverName);
BOOL DeleteDriver(const char* lpszDriverName);
源文件代碼:
#include "stdafx.h"
#include "SysLoader.h"
//================ 動態加載/卸載sys驅動 ======================
// SYS文件跟程序放在同個目錄下
// 如果產生的SYS名爲HelloDDK.sys,那麼安裝驅動InstallDriver("HelloDDK",".\\HelloDDK.sys","370030"/*Altitude*/);
// 啓動驅動服務 StartDriver("HelloDDK");
// 停止驅動服務 StopDriver("HelloDDK");
// 卸載SYS也是類似的調用過程, DeleteDriver("HelloDDK");
//==========================================================
BOOL InstallDriver(const char* lpszDriverName,const char* lpszDriverPath,const char* lpszAltitude)
{
char szTempStr[MAX_PATH];
HKEY hKey;
DWORD dwData;
char szDriverImagePath[MAX_PATH];
if( NULL==lpszDriverName || NULL==lpszDriverPath )
{
return FALSE;
}
//得到完整的驅動路徑
GetFullPathName(lpszDriverPath, MAX_PATH, szDriverImagePath, NULL);
SC_HANDLE hServiceMgr=NULL;// SCM管理器的句柄
SC_HANDLE hService=NULL;// NT驅動程序的服務句柄
//打開服務控制管理器
hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
if( hServiceMgr == NULL )
{
// OpenSCManager失敗
CloseServiceHandle(hServiceMgr);
return FALSE;
}
// OpenSCManager成功
//創建驅動所對應的服務
hService = CreateService( hServiceMgr,
lpszDriverName, // 驅動程序的在註冊表中的名字
lpszDriverName, // 註冊表驅動程序的DisplayName 值
SERVICE_ALL_ACCESS, // 加載驅動程序的訪問權限
SERVICE_FILE_SYSTEM_DRIVER, // 表示加載的服務是文件系統驅動程序
SERVICE_DEMAND_START, // 註冊表驅動程序的Start 值
SERVICE_ERROR_IGNORE, // 註冊表驅動程序的ErrorControl 值
szDriverImagePath, // 註冊表驅動程序的ImagePath 值
"FSFilter Activity Monitor",// 註冊表驅動程序的Group 值
NULL,
"FltMgr", // 註冊表驅動程序的DependOnService 值
NULL,
NULL);
if( hService == NULL )
{
if( GetLastError() == ERROR_SERVICE_EXISTS )
{
//服務創建失敗,是由於服務已經創立過
CloseServiceHandle(hService); // 服務句柄
CloseServiceHandle(hServiceMgr); // SCM句柄
return TRUE;
}
else
{
CloseServiceHandle(hService); // 服務句柄
CloseServiceHandle(hServiceMgr); // SCM句柄
return FALSE;
}
}
CloseServiceHandle(hService); // 服務句柄
CloseServiceHandle(hServiceMgr); // SCM句柄
//---------------------------------------------------------
// SYSTEM\\CurrentControlSet\\Services\\DriverName\\Instances子健下的鍵值項
//---------------------------------------------------------
strcpy(szTempStr,"SYSTEM\\CurrentControlSet\\Services\\");
strcat(szTempStr,lpszDriverName);
strcat(szTempStr,"\\Instances");
if(RegCreateKeyEx(HKEY_LOCAL_MACHINE,szTempStr,0,"",TRUE,KEY_ALL_ACCESS,NULL,&hKey,(LPDWORD)&dwData)!=ERROR_SUCCESS)
{
return FALSE;
}
// 註冊表驅動程序的DefaultInstance 值
strcpy(szTempStr,lpszDriverName);
strcat(szTempStr," Instance");
if(RegSetValueEx(hKey,"DefaultInstance",0,REG_SZ,(CONST BYTE*)szTempStr,(DWORD)strlen(szTempStr))!=ERROR_SUCCESS)
{
return FALSE;
}
RegFlushKey(hKey);//刷新註冊表
RegCloseKey(hKey);
//---------------------------------------------------------
//---------------------------------------------------------
// SYSTEM\\CurrentControlSet\\Services\\DriverName\\Instances\\DriverName Instance子健下的鍵值項
//---------------------------------------------------------
strcpy(szTempStr,"SYSTEM\\CurrentControlSet\\Services\\");
strcat(szTempStr,lpszDriverName);
strcat(szTempStr,"\\Instances\\");
strcat(szTempStr,lpszDriverName);
strcat(szTempStr," Instance");
if(RegCreateKeyEx(HKEY_LOCAL_MACHINE,szTempStr,0,"",TRUE,KEY_ALL_ACCESS,NULL,&hKey,(LPDWORD)&dwData)!=ERROR_SUCCESS)
{
return FALSE;
}
// 註冊表驅動程序的Altitude 值
strcpy(szTempStr,lpszAltitude);
if(RegSetValueEx(hKey,"Altitude",0,REG_SZ,(CONST BYTE*)szTempStr,(DWORD)strlen(szTempStr))!=ERROR_SUCCESS)
{
return FALSE;
}
// 註冊表驅動程序的Flags 值
dwData=0x0;
if(RegSetValueEx(hKey,"Flags",0,REG_DWORD,(CONST BYTE*)&dwData,sizeof(DWORD))!=ERROR_SUCCESS)
{
return FALSE;
}
RegFlushKey(hKey);//刷新註冊表
RegCloseKey(hKey);
//---------------------------------------------------------
return TRUE;
}
BOOL StartDriver(const char* lpszDriverName)
{
SC_HANDLE schManager;
SC_HANDLE schService;
SERVICE_STATUS svcStatus;
if(NULL==lpszDriverName)
{
return FALSE;
}
schManager=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(NULL==schManager)
{
CloseServiceHandle(schManager);
return FALSE;
}
schService=OpenService(schManager,lpszDriverName,SERVICE_ALL_ACCESS);
if(NULL==schService)
{
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
return FALSE;
}
if(!StartService(schService,0,NULL))
{
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
if( GetLastError() == ERROR_SERVICE_ALREADY_RUNNING )
{
// 服務已經開啓
return TRUE;
}
return FALSE;
}
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
return TRUE;
}
BOOL StopDriver(const char* lpszDriverName)
{
SC_HANDLE schManager;
SC_HANDLE schService;
SERVICE_STATUS svcStatus;
bool bStopped=false;
schManager=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(NULL==schManager)
{
return FALSE;
}
schService=OpenService(schManager,lpszDriverName,SERVICE_ALL_ACCESS);
if(NULL==schService)
{
CloseServiceHandle(schManager);
return FALSE;
}
if(!ControlService(schService,SERVICE_CONTROL_STOP,&svcStatus) && (svcStatus.dwCurrentState!=SERVICE_STOPPED))
{
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
return FALSE;
}
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
return TRUE;
}
BOOL DeleteDriver(const char* lpszDriverName)
{
SC_HANDLE schManager;
SC_HANDLE schService;
SERVICE_STATUS svcStatus;
schManager=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(NULL==schManager)
{
return FALSE;
}
schService=OpenService(schManager,lpszDriverName,SERVICE_ALL_ACCESS);
if(NULL==schService)
{
CloseServiceHandle(schManager);
return FALSE;
}
ControlService(schService,SERVICE_CONTROL_STOP,&svcStatus);
if(!DeleteService(schService))
{
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
return FALSE;
}
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
return TRUE;
}
#include "SysLoader.h"
//================ 動態加載/卸載sys驅動 ======================
// SYS文件跟程序放在同個目錄下
// 如果產生的SYS名爲HelloDDK.sys,那麼安裝驅動InstallDriver("HelloDDK",".\\HelloDDK.sys","370030"/*Altitude*/);
// 啓動驅動服務 StartDriver("HelloDDK");
// 停止驅動服務 StopDriver("HelloDDK");
// 卸載SYS也是類似的調用過程, DeleteDriver("HelloDDK");
//==========================================================
BOOL InstallDriver(const char* lpszDriverName,const char* lpszDriverPath,const char* lpszAltitude)
{
char szTempStr[MAX_PATH];
HKEY hKey;
DWORD dwData;
char szDriverImagePath[MAX_PATH];
if( NULL==lpszDriverName || NULL==lpszDriverPath )
{
return FALSE;
}
//得到完整的驅動路徑
GetFullPathName(lpszDriverPath, MAX_PATH, szDriverImagePath, NULL);
SC_HANDLE hServiceMgr=NULL;// SCM管理器的句柄
SC_HANDLE hService=NULL;// NT驅動程序的服務句柄
//打開服務控制管理器
hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
if( hServiceMgr == NULL )
{
// OpenSCManager失敗
CloseServiceHandle(hServiceMgr);
return FALSE;
}
// OpenSCManager成功
//創建驅動所對應的服務
hService = CreateService( hServiceMgr,
lpszDriverName, // 驅動程序的在註冊表中的名字
lpszDriverName, // 註冊表驅動程序的DisplayName 值
SERVICE_ALL_ACCESS, // 加載驅動程序的訪問權限
SERVICE_FILE_SYSTEM_DRIVER, // 表示加載的服務是文件系統驅動程序
SERVICE_DEMAND_START, // 註冊表驅動程序的Start 值
SERVICE_ERROR_IGNORE, // 註冊表驅動程序的ErrorControl 值
szDriverImagePath, // 註冊表驅動程序的ImagePath 值
"FSFilter Activity Monitor",// 註冊表驅動程序的Group 值
NULL,
"FltMgr", // 註冊表驅動程序的DependOnService 值
NULL,
NULL);
if( hService == NULL )
{
if( GetLastError() == ERROR_SERVICE_EXISTS )
{
//服務創建失敗,是由於服務已經創立過
CloseServiceHandle(hService); // 服務句柄
CloseServiceHandle(hServiceMgr); // SCM句柄
return TRUE;
}
else
{
CloseServiceHandle(hService); // 服務句柄
CloseServiceHandle(hServiceMgr); // SCM句柄
return FALSE;
}
}
CloseServiceHandle(hService); // 服務句柄
CloseServiceHandle(hServiceMgr); // SCM句柄
//---------------------------------------------------------
// SYSTEM\\CurrentControlSet\\Services\\DriverName\\Instances子健下的鍵值項
//---------------------------------------------------------
strcpy(szTempStr,"SYSTEM\\CurrentControlSet\\Services\\");
strcat(szTempStr,lpszDriverName);
strcat(szTempStr,"\\Instances");
if(RegCreateKeyEx(HKEY_LOCAL_MACHINE,szTempStr,0,"",TRUE,KEY_ALL_ACCESS,NULL,&hKey,(LPDWORD)&dwData)!=ERROR_SUCCESS)
{
return FALSE;
}
// 註冊表驅動程序的DefaultInstance 值
strcpy(szTempStr,lpszDriverName);
strcat(szTempStr," Instance");
if(RegSetValueEx(hKey,"DefaultInstance",0,REG_SZ,(CONST BYTE*)szTempStr,(DWORD)strlen(szTempStr))!=ERROR_SUCCESS)
{
return FALSE;
}
RegFlushKey(hKey);//刷新註冊表
RegCloseKey(hKey);
//---------------------------------------------------------
//---------------------------------------------------------
// SYSTEM\\CurrentControlSet\\Services\\DriverName\\Instances\\DriverName Instance子健下的鍵值項
//---------------------------------------------------------
strcpy(szTempStr,"SYSTEM\\CurrentControlSet\\Services\\");
strcat(szTempStr,lpszDriverName);
strcat(szTempStr,"\\Instances\\");
strcat(szTempStr,lpszDriverName);
strcat(szTempStr," Instance");
if(RegCreateKeyEx(HKEY_LOCAL_MACHINE,szTempStr,0,"",TRUE,KEY_ALL_ACCESS,NULL,&hKey,(LPDWORD)&dwData)!=ERROR_SUCCESS)
{
return FALSE;
}
// 註冊表驅動程序的Altitude 值
strcpy(szTempStr,lpszAltitude);
if(RegSetValueEx(hKey,"Altitude",0,REG_SZ,(CONST BYTE*)szTempStr,(DWORD)strlen(szTempStr))!=ERROR_SUCCESS)
{
return FALSE;
}
// 註冊表驅動程序的Flags 值
dwData=0x0;
if(RegSetValueEx(hKey,"Flags",0,REG_DWORD,(CONST BYTE*)&dwData,sizeof(DWORD))!=ERROR_SUCCESS)
{
return FALSE;
}
RegFlushKey(hKey);//刷新註冊表
RegCloseKey(hKey);
//---------------------------------------------------------
return TRUE;
}
BOOL StartDriver(const char* lpszDriverName)
{
SC_HANDLE schManager;
SC_HANDLE schService;
SERVICE_STATUS svcStatus;
if(NULL==lpszDriverName)
{
return FALSE;
}
schManager=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(NULL==schManager)
{
CloseServiceHandle(schManager);
return FALSE;
}
schService=OpenService(schManager,lpszDriverName,SERVICE_ALL_ACCESS);
if(NULL==schService)
{
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
return FALSE;
}
if(!StartService(schService,0,NULL))
{
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
if( GetLastError() == ERROR_SERVICE_ALREADY_RUNNING )
{
// 服務已經開啓
return TRUE;
}
return FALSE;
}
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
return TRUE;
}
BOOL StopDriver(const char* lpszDriverName)
{
SC_HANDLE schManager;
SC_HANDLE schService;
SERVICE_STATUS svcStatus;
bool bStopped=false;
schManager=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(NULL==schManager)
{
return FALSE;
}
schService=OpenService(schManager,lpszDriverName,SERVICE_ALL_ACCESS);
if(NULL==schService)
{
CloseServiceHandle(schManager);
return FALSE;
}
if(!ControlService(schService,SERVICE_CONTROL_STOP,&svcStatus) && (svcStatus.dwCurrentState!=SERVICE_STOPPED))
{
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
return FALSE;
}
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
return TRUE;
}
BOOL DeleteDriver(const char* lpszDriverName)
{
SC_HANDLE schManager;
SC_HANDLE schService;
SERVICE_STATUS svcStatus;
schManager=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(NULL==schManager)
{
return FALSE;
}
schService=OpenService(schManager,lpszDriverName,SERVICE_ALL_ACCESS);
if(NULL==schService)
{
CloseServiceHandle(schManager);
return FALSE;
}
ControlService(schService,SERVICE_CONTROL_STOP,&svcStatus);
if(!DeleteService(schService))
{
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
return FALSE;
}
CloseServiceHandle(schService);
CloseServiceHandle(schManager);
return TRUE;
}