|
阅读:1354回复:0
求教,驱动卸载不了
filter.h头文件
#ifdef __cplusplus extern "C"{ #endif #include <ntddk.h> #include <ntddkbd.h> #ifdef __cplusplus } #endif #define KEY_UP 1 #define KEY_DOWN 0 typedef struct _MYDEVICE_EXTENSION{ PDEVICE_OBJECT TopOfDevice; }MYDEVICE_EXTENSION,*PMYDEVICE_EXTENSION; extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING RegistryPath); NTSTATUS FilterInit(IN PDRIVER_OBJECT DriverObject); NTSTATUS FilterDispatchGeneral(IN PDEVICE_OBJECT,IN PIRP); NTSTATUS FilterDispatchRead(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp); NTSTATUS FilterCompleteRead(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp,IN PVOID Context); VOID FilterUnload(IN PDRIVER_OBJECT DriverObject); filter.cpp源文件 #include "filter.h" //#pragma INITEDCODE extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING RegistryPath){ //ULONG i; KdPrint(("Enter DriverEntry...")); __try{ for(int i = 0;i < IRP_MJ_MAXIMUM_FUNCTION;i++){ DriverObject->MajorFunction = FilterDispatchGeneral; } DriverObject->MajorFunction[IRP_MJ_READ] = FilterDispatchRead; DriverObject->DriverUnload = FilterUnload; NTSTATUS status2 = FilterInit(DriverObject); if(NT_SUCCESS(status2)){ KdPrint(("初始化成功")); } KdPrint(("Leave DriverEntry...")); }__except(EXCEPTION_EXECUTE_HANDLER){ KdPrint(("加载失败")); } return STATUS_SUCCESS; } //#pragma INITEDCODE NTSTATUS FilterInit(IN PDRIVER_OBJECT DriverObject){ KdPrint(("Enter FilterInit")); __try{ PDEVICE_OBJECT DeviceObject; PMYDEVICE_EXTENSION devExt; NTSTATUS status; UNICODE_STRING attachDeviceName; RtlInitUnicodeString(&attachDeviceName,L"\\Device\\KeyboardClass0"); status = IoCreateDevice(DriverObject, sizeof(MYDEVICE_EXTENSION), NULL, FILE_DEVICE_KEYBOARD, 0, FALSE, &DeviceObject); if(!NT_SUCCESS(status)){ KdPrint(("Create Device Fail...")); return STATUS_SUCCESS; } RtlZeroMemory(DeviceObject->DeviceExtension,sizeof(MYDEVICE_EXTENSION)); DeviceObject->Flags |= DO_BUFFERED_IO; DeviceObject->Flags &= ~DO_DEVICE_INITIALIZING; devExt = (PMYDEVICE_EXTENSION) DeviceObject->DeviceExtension; status = IoAttachDevice(DeviceObject,&attachDeviceName,&devExt->TopOfDevice); if(!NT_SUCCESS(status)){ KdPrint(("Attach Device Fail...")); IoDeleteDevice(DeviceObject); return STATUS_SUCCESS; } }__except(EXCEPTION_EXECUTE_HANDLER){ KdPrint(("在生成驱动时出问题")); } KdPrint(("Leave FilterInit...")); return STATUS_SUCCESS; } //#pragma PAGEDCODE NTSTATUS FilterCompleteRead(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp,IN PVOID Context){ KdPrint(("Enter FilterCompleteRead...\n")); PKEYBOARD_INPUT_DATA keyData; int numKeys; if(NT_SUCCESS(Irp->IoStatus.Status)){ KdPrint(("push Keyborad...\n")); keyData = (PKEYBOARD_INPUT_DATA)Irp->AssociatedIrp.SystemBuffer; numKeys = Irp->IoStatus.Information / sizeof(KEYBOARD_INPUT_DATA); for(int i = 0; i < numKeys ; i++){ KdPrint(("Key Num Was: %x\n",keyData.MakeCode)); KdPrint(("Key Status Was: %s\n",keyData.Flags?"Up" : "Down")); //过滤可以做一些动作,比如把键盘按下的操作输入到一个日志文件中 } } if(Irp->PendingReturned){ IoMarkIrpPending(Irp); } KdPrint(("Leave FilterCompleteRead...\n")); return Irp->IoStatus.Status; } //#pragma PAGEDCODE NTSTATUS FilterDispatchGeneral(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp){ IoSkipCurrentIrpStackLocation(Irp); PMYDEVICE_EXTENSION devExt = (PMYDEVICE_EXTENSION) DeviceObject->DeviceExtension; return IoCallDriver(devExt->TopOfDevice,Irp); } //#pragma PAGEDCODE NTSTATUS FilterDispatchRead(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp){ PMYDEVICE_EXTENSION devExt = (PMYDEVICE_EXTENSION) DeviceObject->DeviceExtension; PIO_STACK_LOCATION currentStack; PIO_STACK_LOCATION nextStack; currentStack = IoGetCurrentIrpStackLocation(Irp); nextStack = IoGetNextIrpStackLocation(Irp); *nextStack = *currentStack; IoSetCompletionRoutine(Irp,FilterCompleteRead,DeviceObject,TRUE,TRUE,TRUE); return IoCallDriver(devExt->TopOfDevice,Irp); } //#pragma PAGEDCODE VOID FilterUnload(IN PDRIVER_OBJECT DriverObject){ KdPrint(("Unload Driver...")); PDEVICE_OBJECT OldDeviceObject; OldDeviceObject = DriverObject->DeviceObject; while(OldDeviceObject != NULL){ PMYDEVICE_EXTENSION devExt = (PMYDEVICE_EXTENSION)OldDeviceObject->DeviceExtension; if(devExt->TopOfDevice){ IoDetachDevice(devExt->TopOfDevice); } IoDeleteDevice(OldDeviceObject); OldDeviceObject = OldDeviceObject->NextDevice; } KdPrint(("Leave FilterUnload...")); } 这是一个键盘过滤驱动,安装与使用都没有问题,当我把驱动停止之后(调用了Unload函数之后),如果我再按键盘就会蓝屏,如果不按键盘直接卸载它没有问题,但如果我再次按安装,安装没有问题,但启动不了,卸载没有问题,请大虾帮帮解答一下啊 |
|
