一个简单的NT驱动框架
#include <ntddk.h> VOID DriverUnload(PDRIVER_OBJECT DriverObject) { UNICODE_STRING dosDevName; RtlInitUnicodeString(&dosDevName, L"\\DosDevices\\Snark"); IoDeleteSymbolicLink(&dosDevName); if (DriverObject->DeviceObject != NULL) { IoDeleteDevice(DriverObject->DeviceObject); } KdPrint(("DriverUnload success\n")); } NTSTATUS IODispatch(PDEVICE_OBJECT DeviceObject, PIRP irp) { irp->IoStatus.Status = STATUS_SUCCESS; IoCompleteRequest(irp, IO_NO_INCREMENT); return STATUS_SUCCESS; } NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) { NTSTATUS status; UNICODE_STRING devName, dosDevName; PDEVICE_OBJECT DeviceObject; RtlInitUnicodeString(&devName, L"\\Device\\Snark"); RtlInitUnicodeString(&dosDevName, L"\\DosDevices\\Snark"); //创建设备 status = IoCreateDevice(DriverObject, 0, &devName, FILE_DEVICE_UNKNOWN, 0, FALSE, &DeviceObject); if (!NT_SUCCESS(status)) { return status; } DeviceObject->Flags |= DO_DIRECT_IO; DeviceObject->AlignmentRequirement |= FILE_WORD_ALIGNMENT; //创建符号链接 status = IoCreateSymbolicLink(&dosDevName, &devName); if (!NT_SUCCESS(status)) { IoDeleteDevice(DeviceObject); return status; } DriverObject->MajorFunction[IRP_MJ_CREATE] = IODispatch; DriverObject->MajorFunction[IRP_MJ_CLOSE] = IODispatch; //与应用层通讯 DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = IODispatch; DriverObject->DriverUnload = DriverUnload; KdPrint(("DriverEntry Success\n")); return STATUS_SUCCESS; }