|
阅读:3299回复:9
如何对串口接收、发送数据进行侦听
基于调试需要,想要一个串口侦听程序。现成的程序是有的,好象是在内核中作个驱动,所以想自己研究一下。
但串口是独占的,不能共享,所以不明白怎么作? 哪位也感兴趣或有相关资料的,请回个帖,:-)若有开源的源码就好了 |
|
|
沙发#
发布于:2005-08-01 19:53
IoGetDeviceObjectPointer(L"COM1",...)
IoCreateDevice(); IoAttachDeviceToDeviceStackSafe(...); :D :D |
|
|
板凳#
发布于:2005-08-02 10:40
sysinternal.com有个Portmon的程序,但只有四个文件,且全是用户态的程序。
它是这样解释的: How it Works: WinNT The Portmon GUI is responsible for identifying serial and parallel ports. It does so by enumerating the serial ports that are configured under HKEY_LOCAL_MACHINE\Hardware\DeviceMap\SerialComm and the parallel ports defined under HKEY_LOCAL_MACHINE\Hardware\DeviceMap\Parallel Ports. These keys contain the mappings between serial and parallel port device names and the Win32-accessible names. When you select a port to monitor, Portmon sends a request to its device driver that includes the NT name (e.g. \device\serial0) that you are interested in. The driver uses standard filtering APIs to attach its own filter device object to the target device object. First, it uses ZwCreateFile to open the target device. Then it translates the handle it receives back from ZwCreateFile to a device object pointer. After creating its own filter device object that matches the characteristics of the target, the driver calls IoAttachDeviceByPointer to establish the filter. From that point on the Portmon driver will see all requests aimed at the target device. Portmon has built-in knowledge of all standard serial and parallel port IOCTLs, which are the primary way that applications and drivers configure and read status information from ports. The IOCTLs are defined in the DDK file \ddk\src\comm\inc\ntddser.h and \ddk\src\comm\inc\ntddpar.h, and some are documented in the DDK. 不清楚它只在用户态是怎么作的,不知谁有源程序。 TO:arthurtu 你是说过滤COM1的IRP,截取数据吗? |
|
|
地板#
发布于:2005-08-02 11:52
blue老大啊,没有仔细的看E文吗?PortMon当然有驱动的,不过是放在exe文件里面了。The driver uses standard filtering APIs to attach its own filter device object to the target device object
|
|
|
地下室#
发布于:2005-08-02 14:20
我就是没看到*.sys文件,所以才不明白。
arthurtu,你所说的驱动放在exe文件中,是怎么样的技术? 1. 将驱动程序的PE结构的二进制代码放到EXE文件的某个部分? 2. 在用户态程序中调用内核API? 有没有此方面的技术文章,麻烦给出相关的网址。 |
|
|
5楼#
发布于:2005-08-02 15:41
非常感谢arthurtu!
经过分析,这个PortMon.exe文件确实包含四个PE结构。 分别是:Portmon.exe PortMsys.sys(portm.sys) PortmVxd.Vxd PortMSVC.exe 第一个是主程序,用来显示界面,执行主功能; 第二个是WDM的驱动程序,用来截取串口的IRP数据,并创建了名为 Portmon 设备; 第三个是win9x下的VXD驱动; 第四个是用来创建服务的,具体功能不清楚; 但正常工作时,可能的流程是在当前目录创建Portmsys.sys文件(但查不到此文件),然后执行,... |
|
|
6楼#
发布于:2005-08-02 18:48
按照sysinternals一贯的做法,应该是将sys、vxd等文件作为portmon的资源存放的,在运行的时候释放出来,应该是直接在内存中使用他们了,使用NtLoadDrive等加载驱动,没有存为文件。
|
|
|
7楼#
发布于:2005-08-06 08:48
没有,仍然是先释放成文件,然后再,但是一加载完成就删除了。
如果不生成文件就能加载就舒服了,可以让Cracker们郁闷很长时间了~~~~~~ |
|
|
8楼#
发布于:2005-08-10 12:01
这个也可以用APIHOOK来实现,这样比较简单。
|
|
|
|
9楼#
发布于:2007-01-08 11:47
You need to modify common filter driver to adapt to COM
|
|
