驅動中對文件的創建和寫入,涉及對象的創建和初始化。
有個坑:原以爲下面這三行代碼可以方便自己調試,能夠自動區分調試狀態和非調試狀態,結果被坑了一下,如果直接加載驅動,會藍屏。調試模式下不藍。。所以,如果不調試的話得注掉。
#if DBG:
_asm int 3;
#endif // DBG:
驅動關於文件的簡單創建和寫入代碼如下:
#include <ntddk.h>
void Unload(PDRIVER_OBJECT driver)
{
DbgPrint("unload driver success.....\n");
}
NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
{
//#if DBG:
// _asm int 3;
//#endif // DBG:
DbgPrint("load driver success.....\n");
HANDLE hFile = NULL;
IO_STATUS_BLOCK ioStatus;
NTSTATUS ntStatus;
//創建對象
OBJECT_ATTRIBUTES oa;
UNICODE_STRING file_path;
RtlInitUnicodeString(&file_path, L"\\??\\c:\\test.log");
//初始化對象
InitializeObjectAttributes(&oa, &file_path, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL);
//創建文件
ntStatus = ZwCreateFile(
&hFile,
GENERIC_READ | GENERIC_WRITE,
&oa,
&ioStatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OPEN_IF,
FILE_NON_DIRECTORY_FILE|FILE_RANDOM_ACCESS|FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
//寫文件
ntStatus = ZwWriteFile(
hFile,
NULL,
NULL,
NULL,
&ioStatus,
file_path.Buffer,
file_path.Length,
NULL,
NULL
);
ZwClose(hFile);
DbgPrint("create file success.....\n");
driver->DriverUnload = Unload;
return STATUS_SUCCESS;
}
