|
阅读:1542回复:1
看过sysinternal.com的ctrl2cap键盘过滤驱动的哥们请进!!
NTSTATUS Ctrl2capInit(
IN PDRIVER_OBJECT DriverObject ) { ...... status = IoCreateDevice( DriverObject, sizeof(DEVICE_EXTENSION), NULL, FILE_DEVICE_KEYBOARD, 0, FALSE, &device ); ...... status = IoAttachDevice( device, &ntUnicodeString, &devExt->TopOfStack ); ...... } //---------------------------------------------------------nastATUS Ctrl2capAddDevice( IN PDRIVER_OBJECT Driver, IN PDEVICE_OBJECT PDO ) { ....... status = IoCreateDevice(Driver, sizeof(DEVICE_EXTENSION), NULL, FILE_DEVICE_KEYBOARD, 0, FALSE, &device ); ....... devExt->TopOfStack = IoAttachDeviceToDeviceStack(device, PDO); ....... } !!! 看不懂,为什么还要加Ctrl2capInit这样的函数,这不就两次家了过滤驱动了吗? 请高手指教!!!!!!!!!! |
|
|
沙发#
发布于:2002-05-30 21:45
兄弟可看见下面代码
#if WIN2K // // Power IRPs are the only ones we have to handle specially under // Win2k since they require the special PoCallDriver and // PoStartNextPowerIrp function calls. // DriverObject->MajorFunction [IRP_MJ_POWER] = Ctrl2capPower; // // The only reason we need to handle PnP IRPs is to know when // a device we\'ve attached to disappears (is removed). // DriverObject->MajorFunction [IRP_MJ_PNP] = Ctrl2capPnP; // // Under Win2K we get told about the presence of keyboard // devices through our AddDevice entry point. // DriverObject->DriverUnload = Ctrl2capUnload; DriverObject->DriverExtension->AddDevice = Ctrl2capAddDevice; return STATUS_SUCCESS; #else // WIN2K // // Under NT 4 we go out and hook the keyboard class device for // keyboard 0. // return Ctrl2capInit( DriverObject ); #endif // WIN2K 他是用于区别WIN2K和NT的,所以Ctrl2capInit是用语NT4,而Ctrl2capAddDevice用于2000 |
|
|
