Windows驱动(加载驱动)

之前我们是使用驱动工具加载驱动，本次实验内容是使用代码实现驱动加载和卸载

加载过程

打开SCM服务管理器 -> 创建驱动服务 -> 启动服务 -> 关闭句柄

//加载驱动 输入 驱动名称和驱动文件名 如果不写路径 驱动要跟exe同级
#include"pch.h"
#include<winsvc.h>
BOOL LoadDriver(const char* lpszDriverName,const char* lpszDriverPath)
{char szDriverImagePath[256] = {0};  //驱动路径+驱动名GetFullPathNameA(lpszDriverPath,256, szDriverImagePath,NULL);char buf[2048] = {0};sprintf_s(buf,"zxxx 驱动文件输入路径：%s  全路径：%s \n",lpszDriverPath,szDriverImagePath);OutputDebugStringA(buf);BOOL bRet = FALSE;SC_HANDLE hServiceMgr = NULL;	//SCM管理器的句柄SC_HANDLE hServiceDDK = NULL;	//驱动程序的句柄//1.打开SCM服务管理器hServiceMgr = OpenSCManagerA(NULL,NULL,SC_MANAGER_ALL_ACCESS);	//使用所有权限打开sprintf_s(buf, "zxxx 打开SCM %p GetLastError=%d \n", hServiceMgr,GetLastError());OutputDebugStringA(buf);//2.创建驱动服务hServiceDDK = CreateServiceA(hServiceMgr,				//SCM管理器句柄lpszDriverName,				//驱动程序在注册表中的名字lpszDriverName,				//注册表驱动程序的 DisplayName值SERVICE_START,				//加载驱动程序的访问权限 SERVICE_START 或 SERVICE_ALL_ACCESSSERVICE_KERNEL_DRIVER,		//加载的服务是驱动程序SERVICE_DEMAND_START,		//注册表驱动程序的Start值SERVICE_ERROR_NORMAL,		//注册表驱动程序的ERRORControl值szDriverImagePath,			//注册表驱动程序的路径NULL,						NULL,NULL,NULL,NULL);sprintf_s(buf, "zxxx 创建驱动服务 %d  驱动路径：%s \n", hServiceDDK, szDriverImagePath);OutputDebugStringA(buf);//3.判断服务是否存在if (GetLastError() == ERROR_SERVICE_EXISTS){hServiceDDK = OpenServiceA(hServiceMgr,lpszDriverName,SERVICE_START);sprintf_s(buf, "zxxx 服务已存在 %d \n", hServiceDDK);OutputDebugStringA(buf);}Sleep(1200);//4.启动服务bRet = StartService(hServiceDDK,NULL,NULL);sprintf_s(buf, "zxxx 启动服务 加载驱动 %d GetlastError=%d \n", bRet,GetLastError());OutputDebugStringA(buf);//5.关闭句柄if (hServiceDDK){CloseServiceHandle(hServiceDDK);}if (hServiceMgr){CloseServiceHandle(hServiceMgr);}return bRet;
}

卸载过程

打开SCM服务管理器 -> 打开驱动服务 -> 停止驱动程序 -> 卸载驱动 -> 关闭句柄

//卸载驱动 输入驱动名
BOOL UnLoadDriver(const char* lpszDriverName)
{BOOL bRet = FALSE;SC_HANDLE hServiceMgr = NULL;	//SCM管理器的句柄SC_HANDLE hServiceDDK = NULL;	//驱动程序的句柄SERVICE_STATUS SvrSta;char buf[2048] = { 0 };//1.打开SCM服务管理器hServiceMgr = OpenSCManagerA(NULL, NULL, SC_MANAGER_ALL_ACCESS);	//使用所有权限打开if (hServiceMgr == NULL){sprintf_s(buf, "zxxx 打开SCM ERROR %p GetLastError=%d \n", hServiceMgr, GetLastError());OutputDebugStringA(buf);bRet = FALSE;goto BeforeLeave; //返回前 关闭句柄}else{sprintf_s(buf, "zxxx 打开SCM SUCCESS %p GetLastError=%d \n", hServiceMgr, GetLastError());OutputDebugStringA(buf);}//2.打开驱动服务hServiceDDK = OpenServiceA(hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS);if (hServiceDDK == NULL){sprintf_s(buf, "zxxx 打开驱动服务 ERROR  GetLastError=%d \n", GetLastError());OutputDebugStringA(buf);bRet = FALSE;goto BeforeLeave; //返回前 关闭句柄}else{sprintf_s(buf, "zxxx 打开驱动服务 SUCCESS  GetLastError=%d \n", GetLastError());OutputDebugStringA(buf);}//3.停止驱动程序if (!ControlService(hServiceDDK,SERVICE_CONTROL_STOP,&SvrSta)){sprintf_s(buf, "zxxx 停止驱动 ERROR  GetLastError=%d \n", GetLastError());OutputDebugStringA(buf);}else{sprintf_s(buf, "zxxx 停止驱动 SUCCESS  GetLastError=%d \n", GetLastError());OutputDebugStringA(buf);}//4.卸载驱动if (!DeleteService(hServiceDDK)){sprintf_s(buf, "zxxx 卸载驱动 ERROR  GetLastError=%d \n", GetLastError());OutputDebugStringA(buf);}else{sprintf_s(buf, "zxxx 卸载驱动 SUCCESS  GetLastError=%d \n", GetLastError());OutputDebugStringA(buf);}bRet = TRUE;
BeforeLeave://5.关闭句柄if (hServiceDDK){CloseServiceHandle(hServiceDDK);}if (hServiceMgr){CloseServiceHandle(hServiceMgr);}return bRet;
}