1 // encryptServiceManage.cpp: 定义控制台应用程序的入口点。 2 // 3 4 #include "stdafx.h" 5 #include <Windows.h> 6 #include <winsvc.h> 7 #include <winioctl.h> 8 9 10 #define DRIVER_NAME "HelloDDK" 11 #define DRIVER_PATH ".\HelloDDK.sys" 12 13 //typedef bool BOOL; 14 15 BOOL InstallDriver(LPCTSTR lpszDriverName, LPCTSTR lpszDriverPath, LPCTSTR lpszAltitude); 16 17 BOOL StartDriver(LPCTSTR lpszDriverName); 18 19 BOOL StopDriver(LPCTSTR lpszDriverName); 20 21 BOOL DeleteDriver(LPCTSTR lpszDriverName); 22 23 int _tmain(DWORD argc, PWCHAR* argv) 24 { 25 for (DWORD i = 0; i < argc; i++) 26 { 27 printf("argv[%d] = %ls ", i, argv[i]); 28 } 29 printf(" "); 30 if (argc == 4) 31 { 32 if (0 != lstrcmp(argv[1], TEXT("install"))) 33 { 34 printf("Usage: argv[0] install ServiceName Altitude "); 35 return 1; 36 } 37 TCHAR imageName[MAX_PATH] = { 0 }; 38 lstrcpy(imageName, argv[2]); 39 lstrcat(imageName, TEXT(".sys")); 40 if (InstallDriver(argv[2], imageName, TEXT("145120"))) 41 { 42 printf("服务安装成功! "); 43 } 44 else { 45 printf("服务安装失败 "); 46 return 2; 47 } 48 } 49 50 else if (argc == 3) 51 { 52 if (0 != lstrcmp(argv[1], TEXT("start")) && 53 0 != lstrcmp(argv[1], TEXT("stop")) && 54 0 != lstrcmp(argv[1], TEXT("delete"))) 55 { 56 printf("Usage: argv[0] start|stop|delete ServiceName "); 57 return 3; 58 } 59 if (0 == lstrcmp(argv[1], TEXT("start"))) 60 { 61 if (StartDriver(argv[2])) 62 { 63 printf("服务启动成功! "); 64 } 65 else { 66 printf("服务启动失败 "); 67 return 4; 68 } 69 } 70 else if (0 == lstrcmp(argv[1], TEXT("stop"))) 71 { 72 if (StopDriver(argv[2])) 73 { 74 printf("服务关闭成功! "); 75 } 76 else { 77 printf("服务关闭失败 "); 78 return 5; 79 } 80 } 81 else if((0 == lstrcmp(argv[1], TEXT("delete")))) 82 { 83 if (DeleteDriver(argv[2])) 84 { 85 printf("服务卸载成功! "); 86 } 87 else { 88 printf("服务卸载失败 "); 89 return 6; 90 } 91 } 92 } 93 else { 94 printf("unknown command "); 95 } 96 97 return 0; 98 } 99 100 101 //======================================== 动态加载/卸载sys驱动 ====================================== 102 // SYS文件跟程序放在同个目录下 103 // 如果产生的SYS名为HelloDDK.sys,那么安装驱动InstallDriver("HelloDDK",".\HelloDDK.sys","370030"/*Altitude*/); 104 // 启动驱动服务 StartDriver("HelloDDK"); 105 // 停止驱动服务 StopDriver("HelloDDK"); 106 // 卸载SYS也是类似的调用过程, DeleteDriver("HelloDDK"); 107 //==================================================================================================== 108 109 BOOL InstallDriver(LPCTSTR lpszDriverName, LPCTSTR lpszDriverPath, LPCTSTR lpszAltitude) 110 { 111 TCHAR szTempStr[MAX_PATH] = {0}; 112 HKEY hKey = 0; 113 DWORD dwData = 0; 114 TCHAR szDriverImagePath[MAX_PATH] = {0}; 115 TCHAR szDriverSysImagePath[MAX_PATH] = { 0 }; 116 117 if (NULL == lpszDriverName || NULL == lpszDriverPath) 118 { 119 return FALSE; 120 } 121 //得到当前完整的驱动路径 122 GetFullPathName(lpszDriverPath, MAX_PATH, szDriverImagePath, NULL); 123 //得到系统驱动存放目录 124 lstrcpy(szDriverSysImagePath, TEXT("C:\Windows\System32\drivers\")); 125 lstrcat(szDriverSysImagePath, lpszDriverPath); 126 127 //将当前驱动文件复制到系统驱动目录 128 if (!CopyFile(szDriverImagePath, szDriverSysImagePath, FALSE)) 129 { 130 printf("szDriverImagePath = %ls ", szDriverImagePath); 131 printf("szDriverSysImagePath = %ls ", szDriverSysImagePath); 132 printf("copy failure! "); 133 return 8; 134 } 135 136 SC_HANDLE hServiceMgr = NULL;// SCM管理器的句柄 137 SC_HANDLE hService = NULL;// NT驱动程序的服务句柄 138 139 //打开服务控制管理器 140 hServiceMgr = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); 141 if (hServiceMgr == NULL) 142 { 143 // OpenSCManager失败 144 CloseServiceHandle(hServiceMgr); 145 return FALSE; 146 } 147 148 // OpenSCManager成功 149 150 //创建驱动所对应的服务 151 hService = CreateService(hServiceMgr, 152 lpszDriverName, // 驱动程序的在注册表中的名字 153 lpszDriverName, // 注册表驱动程序的DisplayName 值 154 SERVICE_ALL_ACCESS, // 加载驱动程序的访问权限 155 SERVICE_FILE_SYSTEM_DRIVER, // 表示加载的服务是文件系统驱动程序 156 SERVICE_DEMAND_START, // 注册表驱动程序的Start 值 157 SERVICE_ERROR_IGNORE, // 注册表驱动程序的ErrorControl 值 158 szDriverSysImagePath, // 注册表驱动程序的ImagePath 值 159 TEXT("FSFilter Activity Monitor"),// 注册表驱动程序的Group 值 160 NULL, 161 TEXT("FltMgr"), // 注册表驱动程序的DependOnService 值 162 NULL, 163 NULL); 164 165 if (hService == NULL) 166 { 167 if (GetLastError() == ERROR_SERVICE_EXISTS) 168 { 169 //服务创建失败,是由于服务已经创立过 170 CloseServiceHandle(hService); // 服务句柄 171 CloseServiceHandle(hServiceMgr); // SCM句柄 172 return TRUE; 173 } 174 else 175 { 176 CloseServiceHandle(hService); // 服务句柄 177 CloseServiceHandle(hServiceMgr); // SCM句柄 178 return FALSE; 179 } 180 } 181 CloseServiceHandle(hService); // 服务句柄 182 CloseServiceHandle(hServiceMgr); // SCM句柄 183 184 //------------------------------------------------------------------------------------------------------- 185 // SYSTEM\CurrentControlSet\Services\DriverName\Instances子健下的键值项 186 //------------------------------------------------------------------------------------------------------- 187 lstrcpy(szTempStr, TEXT("SYSTEM\CurrentControlSet\Services\")); 188 lstrcat(szTempStr, lpszDriverName); 189 lstrcat(szTempStr, TEXT("\Instances")); 190 if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, szTempStr, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, (LPDWORD)&dwData) != ERROR_SUCCESS) 191 { 192 return FALSE; 193 } 194 // 注册表驱动程序的DefaultInstance 值 195 lstrcpy(szTempStr, lpszDriverName); 196 lstrcat(szTempStr, TEXT(" Instance")); 197 printf("%ls length = %d ", szTempStr, lstrlen(szTempStr)); 198 if (RegSetValueEx(hKey, TEXT("DefaultInstance"), 0, REG_SZ, (CONST BYTE*)szTempStr, (DWORD)lstrlen(szTempStr) * sizeof(TCHAR)) != ERROR_SUCCESS) 199 { 200 return FALSE; 201 } 202 RegFlushKey(hKey);//刷新注册表 203 RegCloseKey(hKey); 204 //------------------------------------------------------------------------------------------------------- 205 206 //------------------------------------------------------------------------------------------------------- 207 // SYSTEM\CurrentControlSet\Services\DriverName\Instances\DriverName Instance子健下的键值项 208 //------------------------------------------------------------------------------------------------------- 209 lstrcpy(szTempStr, TEXT("SYSTEM\CurrentControlSet\Services\")); 210 lstrcat(szTempStr, lpszDriverName); 211 lstrcat(szTempStr, TEXT("\Instances\")); 212 lstrcat(szTempStr, lpszDriverName); 213 lstrcat(szTempStr, TEXT(" Instance")); 214 if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, szTempStr, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, (LPDWORD)&dwData) != ERROR_SUCCESS) 215 { 216 return FALSE; 217 } 218 // 注册表驱动程序的Altitude 值 219 lstrcpy(szTempStr, lpszAltitude); 220 //注意此处最后一个参数指的是字节为单位的长度 221 if (RegSetValueEx(hKey, TEXT("Altitude"), 0, REG_SZ, (CONST BYTE*)szTempStr, (DWORD)lstrlen(szTempStr) * sizeof(TCHAR)) != ERROR_SUCCESS) 222 { 223 return FALSE; 224 } 225 // 注册表驱动程序的Flags 值 226 dwData = 0x0; 227 if (RegSetValueEx(hKey, TEXT("Flags"), 0, REG_DWORD, (CONST BYTE*)&dwData, sizeof(DWORD)) != ERROR_SUCCESS) 228 { 229 return FALSE; 230 } 231 RegFlushKey(hKey);//刷新注册表 232 RegCloseKey(hKey); 233 //------------------------------------------------------------------------------------------------------- 234 235 return TRUE; 236 } 237 238 BOOL StartDriver(LPCTSTR lpszDriverName) 239 { 240 SC_HANDLE schManager; 241 SC_HANDLE schService; 242 // SERVICE_STATUS svcStatus; 243 244 if (NULL == lpszDriverName) 245 { 246 return FALSE; 247 } 248 249 schManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); 250 if (NULL == schManager) 251 { 252 CloseServiceHandle(schManager); 253 return FALSE; 254 } 255 schService = OpenService(schManager, lpszDriverName, SERVICE_ALL_ACCESS); 256 if (NULL == schService) 257 { 258 CloseServiceHandle(schService); 259 CloseServiceHandle(schManager); 260 return FALSE; 261 } 262 263 if (!StartService(schService, 0, NULL)) 264 { 265 CloseServiceHandle(schService); 266 CloseServiceHandle(schManager); 267 if (GetLastError() == ERROR_SERVICE_ALREADY_RUNNING) 268 { 269 // 服务已经开启 270 return TRUE; 271 } 272 return FALSE; 273 } 274 275 CloseServiceHandle(schService); 276 CloseServiceHandle(schManager); 277 278 return TRUE; 279 } 280 281 BOOL StopDriver(LPCTSTR lpszDriverName) 282 { 283 SC_HANDLE schManager; 284 SC_HANDLE schService; 285 SERVICE_STATUS svcStatus; 286 bool bStopped = false; 287 288 schManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); 289 if (NULL == schManager) 290 { 291 return FALSE; 292 } 293 schService = OpenService(schManager, lpszDriverName, SERVICE_ALL_ACCESS); 294 if (NULL == schService) 295 { 296 CloseServiceHandle(schManager); 297 return FALSE; 298 } 299 if (!ControlService(schService, SERVICE_CONTROL_STOP, &svcStatus) && (svcStatus.dwCurrentState != SERVICE_STOPPED)) 300 { 301 CloseServiceHandle(schService); 302 CloseServiceHandle(schManager); 303 return FALSE; 304 } 305 306 CloseServiceHandle(schService); 307 CloseServiceHandle(schManager); 308 309 return TRUE; 310 } 311 312 BOOL DeleteDriver(LPCTSTR lpszDriverName) 313 { 314 SC_HANDLE schManager; 315 SC_HANDLE schService; 316 SERVICE_STATUS svcStatus; 317 318 schManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); 319 if (NULL == schManager) 320 { 321 return FALSE; 322 } 323 schService = OpenService(schManager, lpszDriverName, SERVICE_ALL_ACCESS); 324 if (NULL == schService) 325 { 326 CloseServiceHandle(schManager); 327 return FALSE; 328 } 329 ControlService(schService, SERVICE_CONTROL_STOP, &svcStatus); 330 if (!DeleteService(schService)) 331 { 332 CloseServiceHandle(schService); 333 CloseServiceHandle(schManager); 334 return FALSE; 335 } 336 CloseServiceHandle(schService); 337 CloseServiceHandle(schManager); 338 339 //删除驱动文件 340 TCHAR imagePath[MAX_PATH] = { 0 }; 341 lstrcpy(imagePath, TEXT("C:\Windows\System32\drivers\")); 342 lstrcat(imagePath, lpszDriverName); 343 lstrcat(imagePath, TEXT(".sys")); 344 DeleteFile(imagePath); 345 return TRUE; 346 }