Windows下编程实现驱动程序的安装和卸载.doc

Windows下编程实现驱动程序的安装和卸载看到CreateService没有？那就就是安装驱动程序的过程。#加载一个驱动程序，主要就是，在SYSTEMCurrentControlSetServices 建一个键。如：SYSTEMCurrentControlSetServicesTwdm1Type(1)ErrorControl(0)Start(3)多数驱动程序都是通过设置 Start 的值为 0, 1, 2 。在系统启动的过程中加载驱动程序。在 win2k 下驱动程序的加载处理上述方式外，还可以在应用程序里用 Service Api 实现，驱动程序的动态加载。这时候的 Start 为 3 。所用到的 Api 为:OpenSCManager, CreateService, OpenService, StartServiceControlService, DeleteService, CloseServiceHandle其中需要说明的是：CreateService ：他通过参数在注册表里自动创建驱动程序需要的键值。DeleteService ：他自动删除驱动程序在注册表里创的键值。下面是一个，简单的例子：应用程序：#include stdafx.h#include #include #include void DelSvr( char * szSvrName ); /自动卸载驱动程序。int main(int argc, char* argv)HANDLE hWdm;printf(Hello World!n);SC_HANDLE hServiceMgr, hServiceTwdm;BOOL bRtn;DWORD dwRtn, dwSize = 256;char szDir256;if( argc 1 ) /加任一个参数表示卸载驱动程序。DelSvr( Twdm1 );return 0;GetCurrentDirectory( dwSize, szDir );/取当前目录strcat( szDir, Twdm.sys ); /取驱动程序的全路径LPCTSTR lpszBinaryPathName = TEXT(szDir);hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS ); /打开服务控制管理器if( hServiceMgr = NULL )printf( OpenSCManager() Faild %d ! n, GetLastError() );return 0;elseprintf( OpenSCManager() ok ! n );hServiceTwdm = CreateService( hServiceMgr,TEXT(Twdm1), /SYSTEMCurrentControlSetServices 驱动程序的在注册表中的名字TEXT(Twdm1), / 注册表驱动程序的 DisplayName 值SERVICE_ALL_ACCESS, / 加载驱动程序的访问权限SERVICE_KERNEL_DRIVER,/ 表示加载的服务是驱动程序SERVICE_DEMAND_START, / 注册表驱动程序的 Start 值SERVICE_ERROR_IGNORE, / 注册表驱动程序的 ErrorControl 值lpszBinaryPathName, / 注册表驱动程序的 ImagePath 值NULL,NULL,NULL,NULL,NULL);if( hServiceTwdm = NULL )dwRtn = GetLastError();if( dwRtn != ERROR_IO_PENDING & dwRtn != ERROR_SERVICE_EXISTS )CloseServiceHandle( hServiceMgr );printf( CrateService() Faild %d ! n, dwRtn );return 0;elseprintf( CrateService() Faild Service is ERROR_IO_PENDING or ERROR_SERVICE_EXISTS! n );/ 驱动程序已经加载，只需要打开hServiceTwdm = OpenService( hServiceMgr, TEXT(Twdm1), SERVICE_ALL_ACCESS );if( hServiceTwdm = NULL )dwRtn = GetLastError();CloseServiceHandle( hServiceMgr );printf( OpenService() Faild %d ! n, dwRtn );return 0;elseprintf( OpenService() ok ! n );elseprintf( CrateService() ok ! n );/ 启动驱动程序，调用驱动程序的 DriverEntry 函数bRtn = StartService( hServiceTwdm, NULL, NULL );if( !bRtn )dwRtn = GetLastError();if( dwRtn != ERROR_IO_PENDING & dwRtn != ERROR_SERVICE_ALREADY_RUNNING )printf( StartService() Faild %d ! n, dwRtn );CloseServiceHandle( hServiceTwdm );CloseServiceHandle( hServiceMgr );return 0;elseif( dwRtn != ERROR_IO_PENDING )printf( StartService() Faild ERROR_IO_PENDING ! n);elseprintf( StartService() Faild ERROR_SERVICE_ALREADY_RUNNING ! n);/测试驱动程序hWdm = CreateFile(file:/./Twdm1,GENERIC_WRITE | GENERIC_READ,0,NULL,OPEN_EXISTING,0,NULL);if( hWdm != INVALID_HANDLE_VALUE )printf( Open Driver Twdm ok ! n );elseprintf( Open Driver Twdm faild %d ! n, GetLastError() );CloseHandle( hWdm );CloseServiceHandle( hServiceTwdm );CloseServiceHandle( hServiceMgr );/这时候你可以通过注册表，或其他查看符号连接的软件验证。printf( 按任意键 卸载驱动程序 !n );getch();/卸载驱动程序。DelSvr( Twdm1 );return 0;? /接上面的/卸载驱动程序。void DelSvr( char * szSvrName )SC_HANDLE hServiceMgr, hServiceTwdm;SERVICE_STATUS SvrSta;hServiceMgr = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );if( hServiceMgr = NULL )printf( DelSvr:OpenSCManager() Faild %d ! n, GetLastError() );return;elseprintf( DelSvr:OpenSCManager() ok ! n );hServiceTwdm = OpenService( hServiceMgr, TEXT(szSvrName), SERVICE_ALL_ACCESS );if( hServiceTwdm = NULL )CloseServiceHandle( hServiceMgr );printf( DelSvr:OpenService() Faild %d ! n, GetLastError() );return;elseprintf( DelSvr:OpenService() ok ! n );/停止驱动程序，如果停止失败，只有重新启动才能，再动态加载。if( !ControlService( hServiceTwdm, SERVICE_CONTROL_STOP , &SvrSta ) )printf( DelSvr:ControlService() Faild %d !n, GetLastError() );elseprintf( DelSvr:ControlService() ok !n );/动态卸载驱动程序。if( !DeleteService( hServiceTwdm ) )printf( DelSvr:eleteSrevice() Faild %d !n, GetLastError() );elseprintf( DelSvr:eleteSrevice() ok !n );CloseServiceHandle( hServiceTwdm );CloseServiceHandle( hServiceMgr );return;驱动程序：驱动程序很简单，只有一个文件，实现了DriverEntry，DispatchCreate，DispatchClose，GpdUnload 四个函数。#include #define NT_DEVICE_NAME LDeviceTwdm1#define DOS_DEVICE_NAME LDosDevicesTwdm1NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath );NTSTATUS DispatchCreate(PDEVICE_OBJECT fdo, PIRP Irp);NTSTATUS DispatchClose(PDEVICE_OBJECT fdo, PIRP Irp);VOID GpdUnload(PDRIVER_OBJECT DriverObject);/PDEVICE_OBJECT fdo;BOOLEAN fSymbolicLink;NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath )/UNREFERENCED_PARAMETER (RegistryPath);NTSTATUS status;UNICODE_STRING ntDeviceName;UNICODE_STRING win32DeviceName;DbgPrint( TWDM: DriverEntry for Twdm.sys . n );fSymbolicLink = FALSE;/ Create dispatch points for the IRPs./DriverObject-MajorFunctionIRP_MJ_CREATE = DispatchCreate;DriverObject-MajorFunctionIRP_MJ_CLOSE = DispatchClose;/DriverObject-MajorFunctionIRP_MJ_DEVICE_CONTROL = GpdDispatch;DriverObject-DriverUnload = GpdUnload;/DriverObject-MajorFunctionIRP_MJ_PNP = GpdDispatchPnp;/DriverObject-MajorFunctionIRP_MJ_POWER = GpdDispatchPower;/DriverObject-MajorFunctionIRP_MJ_SYSTEM_CONTROL = GpdDispatchSystemControl;/DriverObject-DriverExtension-AddDevice = GpdAddDevice;RtlInitUnicodeString(&ntDeviceName, NT_DEVICE_NAME);/创建设备status = IoCreateDevice(DriverObject,0,&ntDeviceName,FILE_DEVICE_UNKNOWN,FILE_DEVICE_SECURE_OPEN,FALSE,&fdo);if (!NT_SUCCESS (status)DbgPrint( TWDM: IoCreateDevice() faild ! n );elseDbgPrint( TWDM: IoCreateDevice() ok ! n );RtlInitUnicodeString(&win32DeviceName, DOS_DEVICE_NAME);/创建符号连接status = IoCreateSymbolicLink( &win32DeviceName, &ntDeviceName );if (!NT_SUCCESS(status)DbgPrint( TWDM: IoCreateSymbolicLink() faild ! n );elseDbgPrint( TWDM: IoCreateSymbolicLink() ok ! n );fSymbolicLink = TRUE;fdo-Flags &= DO_DEVICE_INITIALIZING;if (!NT_SUCCESS(status)if(fdo)IoDeleteDevice(fdo);if(fSymbolicLink)IoDeleteSymbolicLink(&win32DeviceName);return status;NTSTATUS DispatchCreate(PDEVICE_OBJECT fdo, PIRP Irp)NTSTATUS status;DbgPrint( TWDM: IRP_MJ_CREATE for Twdm.sys . n );status = STATUS_SUCCESS;return status; / DispatchCreateNTSTATUS DispatchClose(PDEVICE_OBJECT fdo, PIRP Irp) / DispatchCloseNTSTATUS status;DbgP