3

我编写了一个简单的驱动程序,它只将“Hello World”打印到调试中。我使用带有 WDK 8 的 Visual Studio 2012 RC 来创建一个空的驱动程序项目并编写了以下代码:

#include <NTDDK.h>

extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath) 
{
    pRegistryPath = pRegistryPath; //unused
    DbgPrint("Hello World!");
    pDriverObject->DriverUnload = NULL;
    return STATUS_SUCCESS;
}

我已经将它编译为win7 x64。我已经读过,为了安装和运行这个驱动程序,我需要编写一个 .inf 文件,但我似乎无法做到这一点。我从 WDK 8 中获取了一个示例 .inf 文件并将其更改为与我的 .sys 文件匹配,但它破坏了我的虚拟机 win7 x64 :-)。因此,我在 VS2012 中创建了一个过滤器驱动程序项目,获取了 .inf 文件并将其更改为匹配我的 .sys 文件,当我安装它时没有发生任何事情。我试图运行它创建的新服务

net start MyDriver

但调试时没有打印任何内容,而且我在计算机->管理->服务中也看不到 MyDriver。我正在使用 DebugView 查看打印到调试的内容 (http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx)。

当然,我想及时编写一个驱动程序来实际执行某些操作,但同时我只想知道如何运行它。

我从 VS2012 获取并更改的 .inf 文件是这样的:

;;;
;;; MyDriver2
;;;

[Version]
Signature   = "$Windows NT$"
; TODO - Change the Class and ClassGuid to match the Load Order Group value, see http://msdn.microsoft.com/en-us/windows/hardware/gg462963
; Class       = "ActivityMonitor"                         ;This is determined by the work this filter driver does
; ClassGuid   = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}    ;This value is determined by the Load Order Group value
Class = "ActivityMonitor" 
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}
Provider    = %ManufacturerName%
DriverVer   = 08/13/2012,1.0.0.0
;CatalogFile = MyDriver2.cat

[DestinationDirs]
DefaultDestDir          = 12
MiniFilter.DriverFiles  = 12            ;%windir%\system32\drivers

;;
;; Default install sections
;;

[DefaultInstall]
OptionDesc          = %ServiceDescription%
CopyFiles           = MiniFilter.DriverFiles

[DefaultInstall.Services]
AddService          = %ServiceName%,,MiniFilter.Service

;;
;; Default uninstall sections
;;

[DefaultUninstall]
DelFiles   = MiniFilter.DriverFiles

[DefaultUninstall.Services]
DelService = %ServiceName%,0x200      ;Ensure service is stopped before deleting

;
; Services Section
;

[MiniFilter.Service]
DisplayName      = %ServiceName%
Description      = %ServiceDescription%
ServiceBinary    = %12%\%DriverName%.sys        ;%windir%\system32\drivers\
Dependencies     = "FltMgr"
ServiceType      = 2                            ;SERVICE_FILE_SYSTEM_DRIVER
StartType        = 3                            ;SERVICE_DEMAND_START
ErrorControl     = 1                            ;SERVICE_ERROR_NORMAL
; TODO - Change the Load Order Group value, see http://connect.microsoft.com/site221/content/content.aspx?ContentID=2512
; LoadOrderGroup = "FSFilter Activity Monitor"
LoadOrderGroup   = "filter"
AddReg           = MiniFilter.AddRegistry

;
; Registry Modifications
;

[MiniFilter.AddRegistry]
HKR,,"DebugFlags",0x00010001 ,0x0
HKR,,"SupportedFeatures",0x00010001,0x3
HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%

;
; Copy Files
;

[MiniFilter.DriverFiles]
%DriverName%.sys

[SourceDisksFiles]
MyDriver2.sys = 1,,

[SourceDisksNames]
1 = %DiskId1%,,,

;;
;; String Section
;;

[Strings]
; TODO - Add your manufacturer
ManufacturerName        = "Template"
ServiceDescription      = "MyDriver2 Mini-Filter Driver"
ServiceName             = "MyDriver2"
DriverName              = "MyDriver2"
DiskId1                 = "MyDriver2 Device Installation Disk"

;Instances specific information.
DefaultInstance         = "MyDriver2 Instance"
Instance1.Name          = "MyDriver2 Instance"
; TODO - Change the altitude value, see http://connect.microsoft.com/site221/content/content.aspx?ContentID=2512
;Instance1.Altitude      = "370030"
Instance.Altitude       = "370030"
Instance1.Flags         = 0x0              ; Allow all attachments

当我尝试使用 wdreg.exe 安装和运行我的驱动程序时,它显示“无法在 INF 文件中定位制造商部分”。(来自http://www.jungo.com/st/support/documentation/windriver/10.3.0/wdpci_manual.mhtml/dyn_windows.html)我读了很多关于 .inf 文件的内容(来自一些微软的书和很多谷歌) 我仍然不知道如何修复我的 .inf 文件。

如果有更简单的方法来运行我的驱动程序,我很想听听。一旦我知道如何运行它,调试真正的产品就很容易了。

谢谢!

编辑:我还在测试模式(http://www.ngohq.com/home.php?page=dseo)下使用驱动程序签名强制覆盖器来烧写 .sys 文件。

4

2 回答 2

4

事实证明,罗汉是对的。我无法找到在win7中查看调试打印的方法(Rohan链接用于vista),所以我只是创建了一个文件。

#include <wdm.h>
#include <Ntstrsafe.h>

extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath) 
{
    UNICODE_STRING     uniName;
    OBJECT_ATTRIBUTES  objAttr;

    RtlInitUnicodeString(&uniName, L"\\SystemRoot\\example12345.txt");
    InitializeObjectAttributes(&objAttr, &uniName,
                               OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
                               NULL, NULL);

    HANDLE   handle;
    NTSTATUS ntstatus;
    IO_STATUS_BLOCK    ioStatusBlock;

    // Do not try to perform any file operations at higher IRQL levels.
    // Instead, you may use a work item or a system worker thread to perform file operations.

    if(KeGetCurrentIrql() != PASSIVE_LEVEL){
        return STATUS_INVALID_DEVICE_STATE; 
    }

    ntstatus = ZwCreateFile(&handle,
                            GENERIC_WRITE,
                            &objAttr, &ioStatusBlock, NULL,
                            FILE_ATTRIBUTE_NORMAL,
                            0,
                            FILE_OVERWRITE_IF, 
                            FILE_SYNCHRONOUS_IO_NONALERT,
                            NULL, 0);


    CHAR     buffer[30];
    size_t  cb;

    if(NT_SUCCESS(ntstatus)) {
        ntstatus = RtlStringCbPrintfA(buffer, sizeof(buffer), "This is a test\r\n");
        if(NT_SUCCESS(ntstatus)) {
            ntstatus = RtlStringCbLengthA(buffer, sizeof(buffer), &cb);
            if(NT_SUCCESS(ntstatus)) {
                ntstatus = ZwWriteFile(handle, NULL, NULL, NULL, &ioStatusBlock, buffer, (ULONG)cb, NULL, NULL);
            }
        }
        ZwClose(handle);
    }


    pRegistryPath = pRegistryPath;
    pDriverObject = pDriverObject;

    return STATUS_SUCCESS;
}

我使用了我在问题中写的相同的 .inf,然后输入了 cmd

net start MyDriver2

并且文件 example12345.txt 是在 C:/Windows 中创建的。

于 2012-08-21T11:36:57.653 回答
2

当您加载/启动驱动程序时,它已在内核中加载并运行,因此很可能您的驱动程序已加载。但是DbgPrint您可能看不到的消息是因为在 Vista 发布后,记录的调试消息DbgPrint被过滤并且未显示在输出中。

你可以参考这个来启用显示DbgPrint消息。让 DbgPrint 输出出现在 Vista 及更高版本中

另一种方法是使用DbgPrintEx适当的组件和级别。

于 2012-08-15T07:21:06.813 回答