Se agradece el aporte pero este tipo de post solo se permiten en este hilo y yo luego los agrego al post principal del mismo.
Saludos!
Saludos!
Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.
Mostrar Mensajes Menúhttp://wiki.elhacker.net/programacion/cc/articulos/principios-basicos-de-desarrollo-de-drivers-en-windows
CitarNATIVE
Device drivers for Windows NT. If /DRIVER:WDM is specified, NATIVE is the default.
CitarThe UPONLY keyword causes the linker to add the IMAGE_FILE_UP_SYSTEM_ONLY bit to the characteristics in the output header to specify that it is a uniprocessor (UP) driver. The operating system will refuse to load a UP driver on a multiprocessor (MP) system.
The WDM keyword causes the linker to set the IMAGE_DLLCHARACTERISTICS_WDM_DRIVER bit in the optional header's DllCharacteristics field. WDM video capture was designed to resolve the problems inherent in the Video for Windows architecture.
/SUBSYSTEM:NATIVE /DRIVER:WDM -entry:DriverEntry
CitarThe priority ranking of an interrupt. A processor has an IRQL setting that threads can raise or lower. Interrupts that occur at or below the processor's IRQL setting are masked and will not interfere with the current operation. Interrupts that occur above the processor's IRQL setting take precedence over the current operation.
The particular IRQL at which a piece of kernel-mode code executes determines its hardware priority. Kernel-mode code is always interruptible: an interrupt with a higher IRQL value can occur at any time, thereby causing another piece of kernel-mode code with the system-assigned higher IRQL to be run immediately on that processor. In other words, when a piece of code runs at a given IRQL, the Kernel masks off all interrupt vectors with a lesser or equal IRQL value on the microprocessor.
Citar
1) PASSIVE_LEVEL
Interrupts Masked Off — None.
Driver Routines Called at PASSIVE_LEVEL — DriverEntry, AddDevice, Reinitialize, Unload routines, most dispatch routines, driver-created threads, worker-thread callbacks.
Citar2) APC_LEVEL
Interrupts Masked Off — APC_LEVEL interrupts are masked off.
Driver Routines Called at APC_LEVEL — Some dispatch routines (see Dispatch Routines and IRQLs).
Citar3) DISPATCH_LEVEL
Interrupts Masked Off — DISPATCH_LEVEL and APC_LEVEL interrupts are masked off. Device, clock, and power failure interrupts can occur.
Driver Routines Called at DISPATCH_LEVEL — StartIo, AdapterControl, AdapterListControl, ControllerControl, IoTimer, Cancel (while holding the cancel spin lock), DpcForIsr, CustomTimerDpc, CustomDpc routines.
Citar4) DIRQL
Interrupts Masked Off — All interrupts at IRQL<= DIRQL of driver's interrupt object. Device interrupts with a higher DIRQL value can occur, along with clock and power failure interrupts.
Driver Routines Called at DIRQL — InterruptService, SynchCritSection routines.
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath);
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
{
NTSTATUS NtStatus = STATUS_SUCCESS;
UINT uiIndex = 0;
PDEVICE_OBJECT pDeviceObject = NULL;
UNICODE_STRING DriverName, DosDeviceName;
DbgPrint("DriverEntry!\n");
RtlInitUnicodeString(&DriverName, L"\\Device\\ehn");
RtlInitUnicodeString(&DosDeviceName, L"\\DosDevices\\ehn");
NtStatus = IoCreateDevice(pDriverObject, 0,
&DriverName,
FILE_DEVICE_UNKNOWN,//No asociado a ningun dispositivo en particular
FILE_DEVICE_SECURE_OPEN,
FALSE, &pDeviceObject);
typedef struct _LSA_UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING;
for(uiIndex = 0; uiIndex < IRP_MJ_MAXIMUM_FUNCTION; uiIndex++)
pDriverObject->MajorFunction[uiIndex] = ehn_UnSupportedFunction;
pDriverObject->MajorFunction[IRP_MJ_CLOSE] = ehn_Close;
pDriverObject->MajorFunction[IRP_MJ_CREATE] = ehn_Create;
pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ehn_DeviceControl;
pDriverObject->MajorFunction[IRP_MJ_READ] = ehn_Read;
pDriverObject->MajorFunction[IRP_MJ_WRITE] = ehn_Write;
pDriverObject->DriverUnload = ehn_Unload;
void Example_Unload(PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING DosDeviceName;
DbgPrint("Unload!!\n");
RtlInitUnicodeString(&DosDeviceName, L"\\DosDevices\\ehn");
IoDeleteSymbolicLink(&DosDeviceName);
IoDeleteDevice(DriverObject->DeviceObject);
}
int _cdecl main()
{
HANDLE HSmng,HServ;
SERVICE_STATUS Sstatus;
HSmng = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
printf("Cargando el driver!\n");
if(HSmng)
{
HServ = CreateService(HSmng, "ehn",
"ehn driver",
SERVICE_START | DELETE | SERVICE_STOP,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_IGNORE,
"C:\\ehn.sys",
NULL, NULL, NULL, NULL, NULL);
if(!HServ)
HServ = OpenService(HSmng, "ehn", SERVICE_START | DELETE | SERVICE_STOP);
if(HServ)
{
printf("Iniciando servicio\n");
StartService(HServ, 0, NULL);
printf("Presione una tecla para cerrar el servicio\n");
getchar();
ControlService(HServ, SERVICE_CONTROL_STOP, &Sstatus);
DeleteService(HServ);
CloseServiceHandle(HServ);
}
CloseServiceHandle(HSmng);
}
return EXIT_SUCESS;
}
CitarNever return STATUS_PENDING from a dispatch routine without marking the I/O request packet (IRP) pending (IoMarkIrpPending).
Never call KeSynchronizeExecution from an interrupt service routine (ISR). It will deadlock your system.
Never set DeviceObject->Flags to both DO_BUFFERED_IO and DO_DIRECT_IO. It can confuse the system and eventually lead to fatal error. Also, never set METHOD_BUFFERED, METHOD_NEITHER, METHOD_IN_DIRECT or METHOD_OUT_DIRECT in DeviceObject->Flags, because these values are only used in defining IOCTLs.
Never allocate dispatcher objects from a paged pool. If you do, it will cause occasional system bugchecks.
Never allocate memory from paged pool, or access memory in paged pool, while running at IRQL >= DISPATCH_LEVEL. It is a fatal error.
Never wait on a kernel dispatcher object for a nonzero interval at IRQL >= DISPATCH_LEVEL. It is a fatal error.
Never call any function that causes the calling thread to wait directly or indirectly while executing at IRQL >= DISPATCH_LEVEL. It is a fatal error.
Never lower the interrupt request level (IRQL) below the level at which your top-level routine has been invoked.
Never call KeLowerIrql() if you haven't called KeRaiseIrql().
Never stall a processor (KeStallExecutionProcessor) longer than 50 microseconds.
cin >> cadena[10];
cin >> cadena[10];