我最近半抄了一个nt驱动。头文件
#define FILE_DEVICE_ASUPIO 0x00008040
#define ASUPIO_IOCTL_INDEX 0x840
//define our own private ioctl
#define IOCTL_ASUPIO_MAPPHYSTOLIN CTL_CODE(FILE_DEVICE_ASUPIO, \
ASUPIO_IOCTL_INDEX, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
其中驱动中符号链接名和设备名都为RtlInitUnicodeString(&DeviceNameUnicodeString,L"\\Device\\ASUpBiosIo");和RtlInitUnicodeString(&DeviceLinkUnicodeString,L"\\??\\ASUpBiosIo");我用ddk编译成功生成名字为AsUpIO;
在应用层引用了他的头文件,然后创建服务启动服务代码如下 hService = CreateService(hSCManager,
"AsUpIO",
"AsUpIO",
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
(IsDemandLoaded == TRUE) ? SERVICE_DEMAND_START : SERVICE_SYSTEM_START,
SERVICE_ERROR_NORMAL,
pszWinIoDriverPath,
NULL,
NULL,
NULL,
NULL,
NULL);
bResult = StartService(hService, 0, NULL) || GetLastError() == ERROR_SERVICE_ALREADY_RUNNING;
的时候返回getlasterror为2很是奇怪。我用mointor加载说service database entry 什么的不对。希望大家给我说说创建驱动创建服务windows做了些什么。比如service database entry我在哪里可以看。在服务管理器中看不到。在注册表中的位置我知道。要原理!!!
67 个解决方案
#1
老兄,你先别急。你现在想知道什么?就是关于service database entry么?
#2
帮你顶了
本来是沙发,可惜被楼上抢了
本来是沙发,可惜被楼上抢了
#3
恩先从这个开始把。我用工具加载的时候说imagepath specified in the driver's sevice database entry is incorrect,or the file is missing.
#4
兔子说,大家看就行了。
#5
你100分只够听一个科普
Windows服务依赖于三样,APP本身(也就是你的PE),SCP和SCM。
我们很多时候都是用SCM系列的函数在操作服务,就像你调用的 CreateService
创建服务的时候,会向系统中注册服务,这是必须的。Advapi32.dll 中都实现了SCM系列API
HKLM\SYSTEM\CurrentControlSet\Services中为你进行了记录,维护了一个Services的数据库。
系统启动的时候,会直接通过SCP启动你的某些自动服务,通过那个数据库。
服务的入口点最先调用 RegisterServiceCtrlHandler ,这不和SCM讲话的,而是在内存里为 StartServiceCtrlDispatcher服务,这是服务分发例程。
然后就是检索那个数据库了
|--------------------------------|
|此处内容需加分可见 |
|--------------------------------|
Windows服务依赖于三样,APP本身(也就是你的PE),SCP和SCM。
我们很多时候都是用SCM系列的函数在操作服务,就像你调用的 CreateService
创建服务的时候,会向系统中注册服务,这是必须的。Advapi32.dll 中都实现了SCM系列API
HKLM\SYSTEM\CurrentControlSet\Services中为你进行了记录,维护了一个Services的数据库。
系统启动的时候,会直接通过SCP启动你的某些自动服务,通过那个数据库。
服务的入口点最先调用 RegisterServiceCtrlHandler ,这不和SCM讲话的,而是在内存里为 StartServiceCtrlDispatcher服务,这是服务分发例程。
然后就是检索那个数据库了
|--------------------------------|
|此处内容需加分可见 |
|--------------------------------|
#6
我也来顶!
那个是楼主你本人的相片吗?
那个是楼主你本人的相片吗?
#7
结合驱动和我的代码来说好吧。你那个我在网上早看到了。不过还是谢谢你。
#8
你还想知道什么?
#9
。。。。不用你回答了。
#10
你问什么我答什么呀
#11
切。多几年工作经验而已。
#12
我还没毕业。。。。
#13
总之你最牛可以了把。
#14
咋了,是解决了还是?
#15
晕。
我只是为了分。。。其他我没任何意思,我想你误解了。
你想知道什么但说无妨,我看你顶楼的帖子,不知道你想表达什么,所以才想知道清楚你的问题。
我只是为了分。。。其他我没任何意思,我想你误解了。
你想知道什么但说无妨,我看你顶楼的帖子,不知道你想表达什么,所以才想知道清楚你的问题。
#16
我想LZ有误会
#17
希望大家给我说说创建驱动创建服务windows做了些什么。比如service database entry我在哪里可以看。在服务管理器中看不到。在注册表中的位置我知道。要原理!!!
----------------------------
就是在注册表里面看。
ScCreateServiceDB被SvcCtrlMain用来创建SCM服务数据库。
ScCreateServiceDB 扫描HKLM\SYSTEM\CurrentControlSet\Services,如果没有重复,就创建分发入口
#18
谢谢楼上的,这才像个程序员。不过我说了在注册表中的位置我知道,那个项是创建成功的。AsupIO.你说的创建分发入口什么意思?就进入驱动中的DriverEntry了吗?
#19
我之前的话只要把#define FILE_DEVICE_ASUPIO 0x00008040
#define ASUPIO_IOCTL_INDEX 0x840改成其他未定义的值就可以创建服务成功了。 今天又做尝试发现不行了。所以才有此问
#define ASUPIO_IOCTL_INDEX 0x840改成其他未定义的值就可以创建服务成功了。 今天又做尝试发现不行了。所以才有此问
#20
不完全对。
这个流程不知道你清楚不清楚,
StartServiceCtrlDispatcher ->Service Thread->RegisterServiceCtrlHandler ->Service Control Handle->连接到Service Client
PS:你表达问题不清楚,怪我不像程序员?
这个流程不知道你清楚不清楚,
StartServiceCtrlDispatcher ->Service Thread->RegisterServiceCtrlHandler ->Service Control Handle->连接到Service Client
PS:你表达问题不清楚,怪我不像程序员?
#21
#define IOCTL_ASUPIO_MAPPHYSTOLIN CTL_CODE(FILE_DEVICE_ASUPIO, \
ASUPIO_IOCTL_INDEX, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
这个FILE_DEVICE_ASUPIO真诡异啊。你为什么要这么写???
ASUPIO_IOCTL_INDEX, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
这个FILE_DEVICE_ASUPIO真诡异啊。你为什么要这么写???
#22
谁让你这么说的啊。好了。是我不好,和解了。谢谢你。那什么时候才进入到我的驱动driverentry入口中?
#23
你第一个参数写FILE_DEVICE_UNKNOWN,把FILE_DEVICE_ASUPIO换成FILE_DEVICE_UNKNOWN
我估计你新来的,看不懂我开的玩笑
我估计你新来的,看不懂我开的玩笑
#24
为什么啊。我看winio的驱动也是FILE_DEVICE_WINIO啊,加载他一点问题没有。我确实是新来的。以前很少进论坛
#25
先试试看行不行,不行再分析
#26
不对我尝试了。还是一样的错误报的
#27
而且服务 CreateService之后需要OpenService,然后再StartService
参见http://topic.csdn.net/u/20090915/12/7e372d1a-6304-496d-8b4e-44d26b354c36.html
参见http://topic.csdn.net/u/20090915/12/7e372d1a-6304-496d-8b4e-44d26b354c36.html
#28
错误码2,ERROR_FILE_NOT_FOUND
pszWinIoDriverPath是多少?
pszWinIoDriverPath是多少?
#29
我用DriverMointor加载也报这个啊。pszWinIoDriverPath路径e:\biosupdate\output\debug\i386\AsUpIO.sys
#30
我也来顶。只是我不太懂。。。呵呵,
#31
你确认地址没问题?你的代码看起来没什么错误
#32
地址没问题。相同目录下我放的winio加载他一点问题没有。补充一句我是改写的winio的驱动的实例代码。把他有关的改成了我的。
#33
把全部的代码传上来我看看
#34
#ifndef ASUPIO_H
#define ASUPIO_H
#define FILE_DEVICE_UNKNOWN 0x00008050
#define ASUPIO_IOCTL_INDEX 0x850
//define our own private ioctl
#define IOCTL_ASUPIO_MAPPHYSTOLIN CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_UNMAPPHYSADDR CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 1, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_ENABLEDIRECTIO CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 2, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_DISABLEDIRECTIO CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 3, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_GETPHYSDATA CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 4, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_SETPHYSDATA CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 5, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_ALLOCPHYSMEMORY CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 6, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_FREEPHYSMEMORY CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 7, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#pragma pack(push)
#pragma pack(1)
struct tagPhys32Struct
{
HANDLE PhysicalMemoryHandle;
ULONG dwPhysMemSizeInBytes;
PVOID pvPhysAddress;
PVOID pvPhyMemLin;
};
#pragma pack(pop)
extern struct tagPhys32Struct Phys32Struct;
#endif
#define ASUPIO_H
#define FILE_DEVICE_UNKNOWN 0x00008050
#define ASUPIO_IOCTL_INDEX 0x850
//define our own private ioctl
#define IOCTL_ASUPIO_MAPPHYSTOLIN CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_UNMAPPHYSADDR CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 1, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_ENABLEDIRECTIO CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 2, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_DISABLEDIRECTIO CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 3, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_GETPHYSDATA CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 4, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_SETPHYSDATA CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 5, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_ALLOCPHYSMEMORY CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 6, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_FREEPHYSMEMORY CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 7, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#pragma pack(push)
#pragma pack(1)
struct tagPhys32Struct
{
HANDLE PhysicalMemoryHandle;
ULONG dwPhysMemSizeInBytes;
PVOID pvPhysAddress;
PVOID pvPhyMemLin;
};
#pragma pack(pop)
extern struct tagPhys32Struct Phys32Struct;
#endif
#35
#include <ntddk.h>
#include <ntdef.h>
#include <wdm.h>
#include "AsUpIO.h"
#define OutputDebugString DbgPrint
#define IOPM_SIZE 0x2000
typedef char IOPM[IOPM_SIZE];
IOPM *pIOPM = NULL;
NTSTATUS ASUPIODispatch(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
void AsUpIOUnload(IN PDRIVER_OBJECT DriverObject);
NTSTATUS UnmapPhysicalMemory(HANDLE PhysicalMemoryHandle, PVOID pPhysMemLin);
NTSTATUS MapPhysicalMemoryToLinearSpace(PVOID pPhysAddress,
ULONG PhysMemSizeInBytes,
PVOID *ppPhysMemLin,
HANDLE *pPhysicalMemoryHandle);
void Ke386SetIoAccessMap(int,IOPM *);
void Ke386QueryIoAccessMap(int, IOPM *);
void Ke386IoSetAccessProcess(PEPROCESS, int);
//global buffer
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
{
UNICODE_STRING DeviceNameUnicodeString;
UNICODE_STRING DeviceLinkUnicodeString;
NTSTATUS ntStatus;
PDEVICE_OBJECT DeviceObject = NULL;
DbgPrint("Entering DriverEntry");
RtlInitUnicodeString(&DeviceNameUnicodeString,L"\\Device\\ASUpBiosIo");
ntStatus = IoCreateDevice(DriverObject,
0,
&DeviceNameUnicodeString,
FILE_DEVICE_UNKNOWN,
0,
TRUE,
&DeviceObject);
if (NT_SUCCESS(ntStatus))
{
DriverObject->MajorFunction[IRP_MJ_CREATE]=
DriverObject->MajorFunction[IRP_MJ_CLOSE]=
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ASUPIODispatch;
DriverObject->DriverUnload = AsUpIOUnload;
RtlInitUnicodeString(&DeviceLinkUnicodeString,L"\\??\\ASUpBiosIo");
ntStatus = IoCreateSymbolicLink(&DeviceLinkUnicodeString,
&DeviceNameUnicodeString);
if (!NT_SUCCESS(ntStatus))
{
OutputDebugString ("ERROR: IoCreateSymbolicLink failed");
IoDeleteDevice(DeviceObject);
}
}
else
{
OutputDebugString("ERROR: IoCreateDevice failed");
}
OutputDebugString ("Leaving DriverEntry");
return ntStatus;
}
NTSTATUS ASUPIODispatch(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
PIO_STACK_LOCATION IrpStack;
ULONG dwInputBufferLength;
ULONG dwOutPutBufferLength;
ULONG dwIoControlCode;
PVOID pvIOBuffer;
NTSTATUS ntStatus;
struct tagPhys32Struct Phys32Struct;
PHYSICAL_ADDRESS phyAddress;
PVOID pvBufferAddress;
MDL *pMDL;
OutputDebugString ("Entering ASUPIODispatch");
// Init to default settings
Irp->IoStatus.Status =STATUS_SUCCESS;
Irp->IoStatus.Information =0;
IrpStack = IoGetCurrentIrpStackLocation(Irp);
pvIOBuffer = Irp->AssociatedIrp.SystemBuffer;
dwInputBufferLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
dwOutPutBufferLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
switch(IrpStack->MajorFunction)
{
case IRP_MJ_CREATE:
OutputDebugString("IRP_MJ_Create");
break;
case IRP_MJ_CLOSE:
OutputDebugString("IRP_MJ_CLOSE");
break;
case IRP_MJ_DEVICE_CONTROL:
OutputDebugString("IRP_MJ_DEVICE_CONTROL");
dwIoControlCode = IrpStack->Parameters.DeviceIoControl.IoControlCode;
switch (dwIoControlCode)
{
case IOCTL_ASUPIO_ENABLEDIRECTIO:
pIOPM = MmAllocateNonCachedMemory(sizeof(IOPM));
if (pIOPM)
{
RtlZeroMemory(pIOPM,sizeof(IOPM));
Ke386IoSetAccessProcess(PsGetCurrentProcess(),1);
Ke386SetIoAccessMap(1,pIOPM);
}
else
Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
break;
case IOCTL_ASUPIO_DISABLEDIRECTIO:
OutputDebugString("IOCTL_WINIO_DISABLEDIRECTIO");
if (pIOPM)
{
Ke386IoSetAccessProcess(PsGetCurrentProcess(),0);
Ke386SetIoAccessMap(1,pIOPM);
MmFreeNonCachedMemory(pIOPM,sizeof(IOPM));
pIOPM = NULL;
}
break;
case IOCTL_ASUPIO_ALLOCPHYSMEMORY:
OutputDebugString("IOCTL_WINIO_ALLOCPHYSMEMORY");
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
phyAddress.QuadPart = 0x00000000FFFFFFFF;
Phys32Struct.pvPhyMemLin = MmAllocateContiguousMemory( (SIZE_T)Phys32Struct.dwPhysMemSizeInBytes,
phyAddress );
Phys32Struct.pvPhysAddress = (PVOID)MmGetPhysicalAddress( Phys32Struct.pvPhyMemLin ).LowPart;
memcpy (pvIOBuffer, &Phys32Struct, dwInputBufferLength);
Irp->IoStatus.Information = dwInputBufferLength;
Irp->IoStatus.Status = STATUS_SUCCESS;
break;
case IOCTL_ASUPIO_FREEPHYSMEMORY:
OutputDebugString("IOCTL_ASUPIO_FREEPHYSMEMORY");
memcpy(&Phys32Struct,pvIOBuffer,dwInputBufferLength);
MmFreeContiguousMemory(Phys32Struct.pvPhyMemLin);
Irp->IoStatus.Status = STATUS_SUCCESS;
break;
case IOCTL_ASUPIO_MAPPHYSTOLIN:
OutputDebugString("IOCTL_WINIO_MAPPHYSTOLIN");
if (dwInputBufferLength)
{
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
ntStatus = MapPhysicalMemoryToLinearSpace(Phys32Struct.pvPhysAddress,
Phys32Struct.dwPhysMemSizeInBytes,
&Phys32Struct.pvPhyMemLin,
&Phys32Struct.PhysicalMemoryHandle);
if (NT_SUCCESS(ntStatus))
{
memcpy(pvIOBuffer,&Phys32Struct,dwInputBufferLength);
Irp->IoStatus.Information = dwInputBufferLength;
}
Irp->IoStatus.Status = ntStatus;
}
else
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
case IOCTL_ASUPIO_UNMAPPHYSADDR:
OutputDebugString("IOCTL_WINIO_UNMAPPHYSADDR");
if (dwInputBufferLength)
{
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
ntStatus = UnmapPhysicalMemory(Phys32Struct.PhysicalMemoryHandle, Phys32Struct.pvPhyMemLin);
Irp->IoStatus.Status = ntStatus;
}
else
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
default:
OutputDebugString("ERROR: Unknown IRP_MJ_DEVICE_CONTROL");
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
}
}
ntStatus = Irp->IoStatus.Status;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
// We never have pending operation so always return the status code.
OutputDebugString("Leaving ASUPIODispatch");
return ntStatus;
}
void AsUpIOUnload(IN PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING DeviceLinkUnicodeString;
NTSTATUS ntStatus;
OutputDebugString ("Entering WinIoUnload");
RtlInitUnicodeString(&DeviceLinkUnicodeString,L"\\DosDevice\\ASUpBiosIo");
ntStatus = IoDeleteSymbolicLink(&DeviceLinkUnicodeString);
if (NT_SUCCESS(ntStatus))
{
IoDeleteDevice(DriverObject->DeviceObject);
}
else
{
OutputDebugString ("ERROR: IoDeleteSymbolicLink");
}
OutputDebugString ("Leaving WinIoUnload");
}
#include <ntdef.h>
#include <wdm.h>
#include "AsUpIO.h"
#define OutputDebugString DbgPrint
#define IOPM_SIZE 0x2000
typedef char IOPM[IOPM_SIZE];
IOPM *pIOPM = NULL;
NTSTATUS ASUPIODispatch(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
void AsUpIOUnload(IN PDRIVER_OBJECT DriverObject);
NTSTATUS UnmapPhysicalMemory(HANDLE PhysicalMemoryHandle, PVOID pPhysMemLin);
NTSTATUS MapPhysicalMemoryToLinearSpace(PVOID pPhysAddress,
ULONG PhysMemSizeInBytes,
PVOID *ppPhysMemLin,
HANDLE *pPhysicalMemoryHandle);
void Ke386SetIoAccessMap(int,IOPM *);
void Ke386QueryIoAccessMap(int, IOPM *);
void Ke386IoSetAccessProcess(PEPROCESS, int);
//global buffer
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
{
UNICODE_STRING DeviceNameUnicodeString;
UNICODE_STRING DeviceLinkUnicodeString;
NTSTATUS ntStatus;
PDEVICE_OBJECT DeviceObject = NULL;
DbgPrint("Entering DriverEntry");
RtlInitUnicodeString(&DeviceNameUnicodeString,L"\\Device\\ASUpBiosIo");
ntStatus = IoCreateDevice(DriverObject,
0,
&DeviceNameUnicodeString,
FILE_DEVICE_UNKNOWN,
0,
TRUE,
&DeviceObject);
if (NT_SUCCESS(ntStatus))
{
DriverObject->MajorFunction[IRP_MJ_CREATE]=
DriverObject->MajorFunction[IRP_MJ_CLOSE]=
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ASUPIODispatch;
DriverObject->DriverUnload = AsUpIOUnload;
RtlInitUnicodeString(&DeviceLinkUnicodeString,L"\\??\\ASUpBiosIo");
ntStatus = IoCreateSymbolicLink(&DeviceLinkUnicodeString,
&DeviceNameUnicodeString);
if (!NT_SUCCESS(ntStatus))
{
OutputDebugString ("ERROR: IoCreateSymbolicLink failed");
IoDeleteDevice(DeviceObject);
}
}
else
{
OutputDebugString("ERROR: IoCreateDevice failed");
}
OutputDebugString ("Leaving DriverEntry");
return ntStatus;
}
NTSTATUS ASUPIODispatch(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
PIO_STACK_LOCATION IrpStack;
ULONG dwInputBufferLength;
ULONG dwOutPutBufferLength;
ULONG dwIoControlCode;
PVOID pvIOBuffer;
NTSTATUS ntStatus;
struct tagPhys32Struct Phys32Struct;
PHYSICAL_ADDRESS phyAddress;
PVOID pvBufferAddress;
MDL *pMDL;
OutputDebugString ("Entering ASUPIODispatch");
// Init to default settings
Irp->IoStatus.Status =STATUS_SUCCESS;
Irp->IoStatus.Information =0;
IrpStack = IoGetCurrentIrpStackLocation(Irp);
pvIOBuffer = Irp->AssociatedIrp.SystemBuffer;
dwInputBufferLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
dwOutPutBufferLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
switch(IrpStack->MajorFunction)
{
case IRP_MJ_CREATE:
OutputDebugString("IRP_MJ_Create");
break;
case IRP_MJ_CLOSE:
OutputDebugString("IRP_MJ_CLOSE");
break;
case IRP_MJ_DEVICE_CONTROL:
OutputDebugString("IRP_MJ_DEVICE_CONTROL");
dwIoControlCode = IrpStack->Parameters.DeviceIoControl.IoControlCode;
switch (dwIoControlCode)
{
case IOCTL_ASUPIO_ENABLEDIRECTIO:
pIOPM = MmAllocateNonCachedMemory(sizeof(IOPM));
if (pIOPM)
{
RtlZeroMemory(pIOPM,sizeof(IOPM));
Ke386IoSetAccessProcess(PsGetCurrentProcess(),1);
Ke386SetIoAccessMap(1,pIOPM);
}
else
Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
break;
case IOCTL_ASUPIO_DISABLEDIRECTIO:
OutputDebugString("IOCTL_WINIO_DISABLEDIRECTIO");
if (pIOPM)
{
Ke386IoSetAccessProcess(PsGetCurrentProcess(),0);
Ke386SetIoAccessMap(1,pIOPM);
MmFreeNonCachedMemory(pIOPM,sizeof(IOPM));
pIOPM = NULL;
}
break;
case IOCTL_ASUPIO_ALLOCPHYSMEMORY:
OutputDebugString("IOCTL_WINIO_ALLOCPHYSMEMORY");
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
phyAddress.QuadPart = 0x00000000FFFFFFFF;
Phys32Struct.pvPhyMemLin = MmAllocateContiguousMemory( (SIZE_T)Phys32Struct.dwPhysMemSizeInBytes,
phyAddress );
Phys32Struct.pvPhysAddress = (PVOID)MmGetPhysicalAddress( Phys32Struct.pvPhyMemLin ).LowPart;
memcpy (pvIOBuffer, &Phys32Struct, dwInputBufferLength);
Irp->IoStatus.Information = dwInputBufferLength;
Irp->IoStatus.Status = STATUS_SUCCESS;
break;
case IOCTL_ASUPIO_FREEPHYSMEMORY:
OutputDebugString("IOCTL_ASUPIO_FREEPHYSMEMORY");
memcpy(&Phys32Struct,pvIOBuffer,dwInputBufferLength);
MmFreeContiguousMemory(Phys32Struct.pvPhyMemLin);
Irp->IoStatus.Status = STATUS_SUCCESS;
break;
case IOCTL_ASUPIO_MAPPHYSTOLIN:
OutputDebugString("IOCTL_WINIO_MAPPHYSTOLIN");
if (dwInputBufferLength)
{
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
ntStatus = MapPhysicalMemoryToLinearSpace(Phys32Struct.pvPhysAddress,
Phys32Struct.dwPhysMemSizeInBytes,
&Phys32Struct.pvPhyMemLin,
&Phys32Struct.PhysicalMemoryHandle);
if (NT_SUCCESS(ntStatus))
{
memcpy(pvIOBuffer,&Phys32Struct,dwInputBufferLength);
Irp->IoStatus.Information = dwInputBufferLength;
}
Irp->IoStatus.Status = ntStatus;
}
else
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
case IOCTL_ASUPIO_UNMAPPHYSADDR:
OutputDebugString("IOCTL_WINIO_UNMAPPHYSADDR");
if (dwInputBufferLength)
{
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
ntStatus = UnmapPhysicalMemory(Phys32Struct.PhysicalMemoryHandle, Phys32Struct.pvPhyMemLin);
Irp->IoStatus.Status = ntStatus;
}
else
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
default:
OutputDebugString("ERROR: Unknown IRP_MJ_DEVICE_CONTROL");
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
}
}
ntStatus = Irp->IoStatus.Status;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
// We never have pending operation so always return the status code.
OutputDebugString("Leaving ASUPIODispatch");
return ntStatus;
}
void AsUpIOUnload(IN PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING DeviceLinkUnicodeString;
NTSTATUS ntStatus;
OutputDebugString ("Entering WinIoUnload");
RtlInitUnicodeString(&DeviceLinkUnicodeString,L"\\DosDevice\\ASUpBiosIo");
ntStatus = IoDeleteSymbolicLink(&DeviceLinkUnicodeString);
if (NT_SUCCESS(ntStatus))
{
IoDeleteDevice(DriverObject->DeviceObject);
}
else
{
OutputDebugString ("ERROR: IoDeleteSymbolicLink");
}
OutputDebugString ("Leaving WinIoUnload");
}
#36
NTSTATUS MapPhysicalMemoryToLinearSpace(PVOID pPhysAddress,
ULONG PhysMemSizeInBytes,
PVOID *ppPhysMemLin,
HANDLE *pPhysicalMemoryHandle)
{
UNICODE_STRING PhysicalMemoryUnicodeString;
PVOID PhysicalMemorySection = NULL;
OBJECT_ATTRIBUTES ObjectAttributes;
PHYSICAL_ADDRESS ViewBase;
NTSTATUS ntStatus;
PHYSICAL_ADDRESS pStartPhysAddress;
PHYSICAL_ADDRESS pEndPhysAddress;
PHYSICAL_ADDRESS MappingLength;
BOOLEAN Result1, Result2;
ULONG IsIOSpace;
unsigned char *pbPhysMemLin = NULL;
OutputDebugString ("\nEntering MapPhysicalMemoryToLinearSpace\n");
RtlInitUnicodeString (&PhysicalMemoryUnicodeString,
L"\\Device\\PhysicalMemory");
InitializeObjectAttributes (&ObjectAttributes,
&PhysicalMemoryUnicodeString,
OBJ_CASE_INSENSITIVE,
(HANDLE) NULL,
(PSECURITY_DESCRIPTOR) NULL);
*pPhysicalMemoryHandle = NULL;
ntStatus = ZwOpenSection (pPhysicalMemoryHandle,
SECTION_ALL_ACCESS,
&ObjectAttributes);
if (NT_SUCCESS(ntStatus))
{
ntStatus = ObReferenceObjectByHandle (*pPhysicalMemoryHandle,
SECTION_ALL_ACCESS,
(POBJECT_TYPE) NULL,
KernelMode,
&PhysicalMemorySection,
(POBJECT_HANDLE_INFORMATION) NULL);
if (NT_SUCCESS(ntStatus))
{
pStartPhysAddress = RtlConvertUlongToLargeInteger((ULONG)pPhysAddress);
pEndPhysAddress = RtlLargeIntegerAdd( pStartPhysAddress, RtlConvertUlongToLargeInteger(PhysMemSizeInBytes) );
IsIOSpace = 0;
Result1 = HalTranslateBusAddress (1, 0, pStartPhysAddress, &IsIOSpace, &pStartPhysAddress);
IsIOSpace = 0;
Result2 = HalTranslateBusAddress (1, 0, pEndPhysAddress, &IsIOSpace, &pEndPhysAddress);
if (Result1 && Result2)
{
MappingLength = RtlLargeIntegerSubtract (pEndPhysAddress, pStartPhysAddress);
if (MappingLength.LowPart)
{
// bug of ZwMapViewOfSection
// The ending address could never be equal to or greater than 0x100000000 while starting address is page alignment
// Reduce ViewSize to force maximum EndingAddress to 0xFFFFFFFF to break such buggy condition.
// Actually the view size will still be mutiply of page size, that is , address 0xFFFFFFFF is still accessible
if( RtlLargeIntegerGreaterThan( pEndPhysAddress, RtlConvertUlongToLargeInteger((ULONG)0xFFFFFFFF) ) )
PhysMemSizeInBytes = RtlLargeIntegerSubtract( RtlConvertUlongToLargeInteger((ULONG)0xFFFFFFFF), pStartPhysAddress ).LowPart;
else
PhysMemSizeInBytes = MappingLength.LowPart;
ViewBase.QuadPart = pStartPhysAddress.QuadPart;
OutputDebugString("IN HANDLE SectionHandle: %016lX\n", *pPhysicalMemoryHandle);
OutputDebugString("IN HANDLE ProcessHandle: -1\n");
OutputDebugString("IN OUT PVOID *BaseAddress: %016lX\n", pbPhysMemLin);
OutputDebugString("IN ULONG_PTR ZeroBits: 0\n");
OutputDebugString("IN SIZE_T CommitSize: %016lX\n", PhysMemSizeInBytes);
OutputDebugString("IN OUT PLARGE_INTEGER SectionOffset OPTIONAL: %016lX\n", ViewBase);
OutputDebugString("IN OUT PSIZE_T ViewSize: %016lX\n", PhysMemSizeInBytes);
// Let ZwMapViewOfSection pick a linear address
ntStatus = ZwMapViewOfSection (*pPhysicalMemoryHandle,
(HANDLE) -1,
&pbPhysMemLin,
0L,
PhysMemSizeInBytes,
&ViewBase,
&PhysMemSizeInBytes,
ViewShare,
0,
PAGE_READWRITE );
// PAGE_READWRITE | PAGE_NOCACHE);
OutputDebugString(" ##output## ntStatus:%08lX\n", ntStatus );
if (!NT_SUCCESS(ntStatus))
{
// Beyond Memory Space
OutputDebugString ("ERROR: ZwMapViewOfSection failed\n");
}
else
{
OutputDebugString("OUT PVOID *BaseAddress: %016lX\n", pbPhysMemLin);
OutputDebugString("OUT PLARGE_INTEGER SectionOffset OPTIONAL: %016lX\n", ViewBase);
OutputDebugString("OUT PSIZE_T ViewSize: %016lX\n", PhysMemSizeInBytes);
// User required, not aligned // ZwMapView allocated, aligned
pbPhysMemLin += (ULONG)pStartPhysAddress.LowPart - (ULONG)ViewBase.LowPart;
*ppPhysMemLin = pbPhysMemLin;
}
}
else
OutputDebugString ("ERROR: RtlLargeIntegerSubtract failed\n");
}
else
OutputDebugString ("ERROR: MappingLength = 0");
}
else
OutputDebugString ("ERROR: ObReferenceObjectByHandle failed\n");
}
else
OutputDebugString ("ERROR: ZwOpenSection failed\n");
if (!NT_SUCCESS(ntStatus))
ZwClose(*pPhysicalMemoryHandle);
OutputDebugString ("\nLeaving MapPhysicalMemoryToLinearSpace\n");
return ntStatus;
}
NTSTATUS UnmapPhysicalMemory(HANDLE PhysicalMemoryHandle, PVOID pPhysMemLin)
{
NTSTATUS ntStatus;
OutputDebugString ("Entering UnmapPhysicalMemory");
ntStatus = ZwUnmapViewOfSection((HANDLE)-1, pPhysMemLin);
if (!NT_SUCCESS(ntStatus))
OutputDebugString ("ERROR: UnmapViewOfSection failed");
ZwClose(PhysicalMemoryHandle);
OutputDebugString ("Leaving UnmapPhysicalMemory");
return ntStatus;
}
ULONG PhysMemSizeInBytes,
PVOID *ppPhysMemLin,
HANDLE *pPhysicalMemoryHandle)
{
UNICODE_STRING PhysicalMemoryUnicodeString;
PVOID PhysicalMemorySection = NULL;
OBJECT_ATTRIBUTES ObjectAttributes;
PHYSICAL_ADDRESS ViewBase;
NTSTATUS ntStatus;
PHYSICAL_ADDRESS pStartPhysAddress;
PHYSICAL_ADDRESS pEndPhysAddress;
PHYSICAL_ADDRESS MappingLength;
BOOLEAN Result1, Result2;
ULONG IsIOSpace;
unsigned char *pbPhysMemLin = NULL;
OutputDebugString ("\nEntering MapPhysicalMemoryToLinearSpace\n");
RtlInitUnicodeString (&PhysicalMemoryUnicodeString,
L"\\Device\\PhysicalMemory");
InitializeObjectAttributes (&ObjectAttributes,
&PhysicalMemoryUnicodeString,
OBJ_CASE_INSENSITIVE,
(HANDLE) NULL,
(PSECURITY_DESCRIPTOR) NULL);
*pPhysicalMemoryHandle = NULL;
ntStatus = ZwOpenSection (pPhysicalMemoryHandle,
SECTION_ALL_ACCESS,
&ObjectAttributes);
if (NT_SUCCESS(ntStatus))
{
ntStatus = ObReferenceObjectByHandle (*pPhysicalMemoryHandle,
SECTION_ALL_ACCESS,
(POBJECT_TYPE) NULL,
KernelMode,
&PhysicalMemorySection,
(POBJECT_HANDLE_INFORMATION) NULL);
if (NT_SUCCESS(ntStatus))
{
pStartPhysAddress = RtlConvertUlongToLargeInteger((ULONG)pPhysAddress);
pEndPhysAddress = RtlLargeIntegerAdd( pStartPhysAddress, RtlConvertUlongToLargeInteger(PhysMemSizeInBytes) );
IsIOSpace = 0;
Result1 = HalTranslateBusAddress (1, 0, pStartPhysAddress, &IsIOSpace, &pStartPhysAddress);
IsIOSpace = 0;
Result2 = HalTranslateBusAddress (1, 0, pEndPhysAddress, &IsIOSpace, &pEndPhysAddress);
if (Result1 && Result2)
{
MappingLength = RtlLargeIntegerSubtract (pEndPhysAddress, pStartPhysAddress);
if (MappingLength.LowPart)
{
// bug of ZwMapViewOfSection
// The ending address could never be equal to or greater than 0x100000000 while starting address is page alignment
// Reduce ViewSize to force maximum EndingAddress to 0xFFFFFFFF to break such buggy condition.
// Actually the view size will still be mutiply of page size, that is , address 0xFFFFFFFF is still accessible
if( RtlLargeIntegerGreaterThan( pEndPhysAddress, RtlConvertUlongToLargeInteger((ULONG)0xFFFFFFFF) ) )
PhysMemSizeInBytes = RtlLargeIntegerSubtract( RtlConvertUlongToLargeInteger((ULONG)0xFFFFFFFF), pStartPhysAddress ).LowPart;
else
PhysMemSizeInBytes = MappingLength.LowPart;
ViewBase.QuadPart = pStartPhysAddress.QuadPart;
OutputDebugString("IN HANDLE SectionHandle: %016lX\n", *pPhysicalMemoryHandle);
OutputDebugString("IN HANDLE ProcessHandle: -1\n");
OutputDebugString("IN OUT PVOID *BaseAddress: %016lX\n", pbPhysMemLin);
OutputDebugString("IN ULONG_PTR ZeroBits: 0\n");
OutputDebugString("IN SIZE_T CommitSize: %016lX\n", PhysMemSizeInBytes);
OutputDebugString("IN OUT PLARGE_INTEGER SectionOffset OPTIONAL: %016lX\n", ViewBase);
OutputDebugString("IN OUT PSIZE_T ViewSize: %016lX\n", PhysMemSizeInBytes);
// Let ZwMapViewOfSection pick a linear address
ntStatus = ZwMapViewOfSection (*pPhysicalMemoryHandle,
(HANDLE) -1,
&pbPhysMemLin,
0L,
PhysMemSizeInBytes,
&ViewBase,
&PhysMemSizeInBytes,
ViewShare,
0,
PAGE_READWRITE );
// PAGE_READWRITE | PAGE_NOCACHE);
OutputDebugString(" ##output## ntStatus:%08lX\n", ntStatus );
if (!NT_SUCCESS(ntStatus))
{
// Beyond Memory Space
OutputDebugString ("ERROR: ZwMapViewOfSection failed\n");
}
else
{
OutputDebugString("OUT PVOID *BaseAddress: %016lX\n", pbPhysMemLin);
OutputDebugString("OUT PLARGE_INTEGER SectionOffset OPTIONAL: %016lX\n", ViewBase);
OutputDebugString("OUT PSIZE_T ViewSize: %016lX\n", PhysMemSizeInBytes);
// User required, not aligned // ZwMapView allocated, aligned
pbPhysMemLin += (ULONG)pStartPhysAddress.LowPart - (ULONG)ViewBase.LowPart;
*ppPhysMemLin = pbPhysMemLin;
}
}
else
OutputDebugString ("ERROR: RtlLargeIntegerSubtract failed\n");
}
else
OutputDebugString ("ERROR: MappingLength = 0");
}
else
OutputDebugString ("ERROR: ObReferenceObjectByHandle failed\n");
}
else
OutputDebugString ("ERROR: ZwOpenSection failed\n");
if (!NT_SUCCESS(ntStatus))
ZwClose(*pPhysicalMemoryHandle);
OutputDebugString ("\nLeaving MapPhysicalMemoryToLinearSpace\n");
return ntStatus;
}
NTSTATUS UnmapPhysicalMemory(HANDLE PhysicalMemoryHandle, PVOID pPhysMemLin)
{
NTSTATUS ntStatus;
OutputDebugString ("Entering UnmapPhysicalMemory");
ntStatus = ZwUnmapViewOfSection((HANDLE)-1, pPhysMemLin);
if (!NT_SUCCESS(ntStatus))
OutputDebugString ("ERROR: UnmapViewOfSection failed");
ZwClose(PhysicalMemoryHandle);
OutputDebugString ("Leaving UnmapPhysicalMemory");
return ntStatus;
}
#37
贴了3次没法贴了吧?
#38
BOOL GetDriverPath()
{
PSTR pszSlash;
if (!GetModuleFileName(GetModuleHandle(NULL), szWinIoDriverPath, sizeof(szWinIoDriverPath)))
return false;
pszSlash = strrchr(szWinIoDriverPath, '\\');
if (pszSlash)
pszSlash[1] = 0;
else
return false;
strcat_s(szWinIoDriverPath, "i386\\AsUpIO.sys");
return true;
}
BOOL _stdcall InitializeWinIo()
{
BOOL bResult;
DWORD dwBytesReturned;
IsNT = IsWinNT();
if (IsNT)
{
hDriver = CreateFile("\\\\.\\ASUpBiosIo",
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
// If the driver is not running, install it
if (hDriver == INVALID_HANDLE_VALUE)
{
GetDriverPath();
bResult = InstallWinIoDriver(szWinIoDriverPath, true);
if (!bResult)
return false;
bResult = StartWinIoDriver();
if (!bResult)
return false;
hDriver = CreateFile("\\\\.\\ASUpBiosIo",
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hDriver == INVALID_HANDLE_VALUE)
{
int itt = GetLastError();
return false;
}
}
// Enable I/O port access for this process
if (!DeviceIoControl(hDriver, IOCTL_ASUPIO_ENABLEDIRECTIO, NULL,
0, NULL, 0, &dwBytesReturned, NULL))
return false;
}
/*else
{
VxDCall = (DWORD (WINAPI *)(DWORD,DWORD,DWORD))GetK32ProcAddress(1);
hDriver = CreateFile("\\\\.\\WINIO.VXD", 0, 0, 0, CREATE_NEW, FILE_FLAG_DELETE_ON_CLOSE, 0);
if (hDriver == INVALID_HANDLE_VALUE)
return false;
}*/
IsWinIoInitialized = true;
return true;
}
void _stdcall ShutdownWinIo()
{
DWORD dwBytesReturned;
if (IsNT)
{
if (hDriver != INVALID_HANDLE_VALUE)
{
// Disable I/O port access
DeviceIoControl(hDriver, IOCTL_ASUPIO_DISABLEDIRECTIO, NULL,
0, NULL, 0, &dwBytesReturned, NULL);
CloseHandle(hDriver);
}
RemoveWinIoDriver();
}
else
CloseHandle(hDriver);
IsWinIoInitialized = false;
}
BOOL _stdcall InstallWinIoDriver(PSTR pszWinIoDriverPath, BOOL IsDemandLoaded)
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
// Remove any previous instance of the driver
RemoveWinIoDriver();
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
// Install the driver
hService = CreateService(hSCManager,
"AsUpIO",
"AsUpIO",
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
(IsDemandLoaded == TRUE) ? SERVICE_DEMAND_START : SERVICE_SYSTEM_START,
SERVICE_ERROR_NORMAL,
pszWinIoDriverPath,
NULL,
NULL,
NULL,
NULL,
NULL);
CloseServiceHandle(hSCManager);
if (hService == NULL)
return false;
}
else
return false;
CloseServiceHandle(hService);
return true;
}
BOOL _stdcall RemoveWinIoDriver()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
BOOL bResult;
StopWinIoDriver();
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
hService = OpenService(hSCManager, "AsUpIO", SERVICE_ALL_ACCESS);
CloseServiceHandle(hSCManager);
if (hService)
{
bResult = DeleteService(hService);
CloseServiceHandle(hService);
}
else
return false;
}
else
return false;
return bResult;
}
BOOL _stdcall StartWinIoDriver()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
BOOL bResult;
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
hService = OpenService(hSCManager, "AsUpIO", SERVICE_ALL_ACCESS);
CloseServiceHandle(hSCManager);
if (hService)
{
bResult = StartService(hService, 0, NULL) || GetLastError() == ERROR_SERVICE_ALREADY_RUNNING;
CloseServiceHandle(hService);
}
else
return false;
}
else
return false;
return bResult;
}
BOOL _stdcall StopWinIoDriver()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
SERVICE_STATUS ServiceStatus;
BOOL bResult;
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
hService = OpenService(hSCManager, "AsUpIO", SERVICE_ALL_ACCESS);
CloseServiceHandle(hSCManager);
if (hService)
{
bResult = ControlService(hService, SERVICE_CONTROL_STOP, &ServiceStatus);
CloseServiceHandle(hService);
}
else
return false;
}
else
return false;
return bResult;
}
{
PSTR pszSlash;
if (!GetModuleFileName(GetModuleHandle(NULL), szWinIoDriverPath, sizeof(szWinIoDriverPath)))
return false;
pszSlash = strrchr(szWinIoDriverPath, '\\');
if (pszSlash)
pszSlash[1] = 0;
else
return false;
strcat_s(szWinIoDriverPath, "i386\\AsUpIO.sys");
return true;
}
BOOL _stdcall InitializeWinIo()
{
BOOL bResult;
DWORD dwBytesReturned;
IsNT = IsWinNT();
if (IsNT)
{
hDriver = CreateFile("\\\\.\\ASUpBiosIo",
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
// If the driver is not running, install it
if (hDriver == INVALID_HANDLE_VALUE)
{
GetDriverPath();
bResult = InstallWinIoDriver(szWinIoDriverPath, true);
if (!bResult)
return false;
bResult = StartWinIoDriver();
if (!bResult)
return false;
hDriver = CreateFile("\\\\.\\ASUpBiosIo",
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hDriver == INVALID_HANDLE_VALUE)
{
int itt = GetLastError();
return false;
}
}
// Enable I/O port access for this process
if (!DeviceIoControl(hDriver, IOCTL_ASUPIO_ENABLEDIRECTIO, NULL,
0, NULL, 0, &dwBytesReturned, NULL))
return false;
}
/*else
{
VxDCall = (DWORD (WINAPI *)(DWORD,DWORD,DWORD))GetK32ProcAddress(1);
hDriver = CreateFile("\\\\.\\WINIO.VXD", 0, 0, 0, CREATE_NEW, FILE_FLAG_DELETE_ON_CLOSE, 0);
if (hDriver == INVALID_HANDLE_VALUE)
return false;
}*/
IsWinIoInitialized = true;
return true;
}
void _stdcall ShutdownWinIo()
{
DWORD dwBytesReturned;
if (IsNT)
{
if (hDriver != INVALID_HANDLE_VALUE)
{
// Disable I/O port access
DeviceIoControl(hDriver, IOCTL_ASUPIO_DISABLEDIRECTIO, NULL,
0, NULL, 0, &dwBytesReturned, NULL);
CloseHandle(hDriver);
}
RemoveWinIoDriver();
}
else
CloseHandle(hDriver);
IsWinIoInitialized = false;
}
BOOL _stdcall InstallWinIoDriver(PSTR pszWinIoDriverPath, BOOL IsDemandLoaded)
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
// Remove any previous instance of the driver
RemoveWinIoDriver();
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
// Install the driver
hService = CreateService(hSCManager,
"AsUpIO",
"AsUpIO",
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
(IsDemandLoaded == TRUE) ? SERVICE_DEMAND_START : SERVICE_SYSTEM_START,
SERVICE_ERROR_NORMAL,
pszWinIoDriverPath,
NULL,
NULL,
NULL,
NULL,
NULL);
CloseServiceHandle(hSCManager);
if (hService == NULL)
return false;
}
else
return false;
CloseServiceHandle(hService);
return true;
}
BOOL _stdcall RemoveWinIoDriver()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
BOOL bResult;
StopWinIoDriver();
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
hService = OpenService(hSCManager, "AsUpIO", SERVICE_ALL_ACCESS);
CloseServiceHandle(hSCManager);
if (hService)
{
bResult = DeleteService(hService);
CloseServiceHandle(hService);
}
else
return false;
}
else
return false;
return bResult;
}
BOOL _stdcall StartWinIoDriver()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
BOOL bResult;
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
hService = OpenService(hSCManager, "AsUpIO", SERVICE_ALL_ACCESS);
CloseServiceHandle(hSCManager);
if (hService)
{
bResult = StartService(hService, 0, NULL) || GetLastError() == ERROR_SERVICE_ALREADY_RUNNING;
CloseServiceHandle(hService);
}
else
return false;
}
else
return false;
return bResult;
}
BOOL _stdcall StopWinIoDriver()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
SERVICE_STATUS ServiceStatus;
BOOL bResult;
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
hService = OpenService(hSCManager, "AsUpIO", SERVICE_ALL_ACCESS);
CloseServiceHandle(hSCManager);
if (hService)
{
bResult = ControlService(hService, SERVICE_CONTROL_STOP, &ServiceStatus);
CloseServiceHandle(hService);
}
else
return false;
}
else
return false;
return bResult;
}
#39
代码中规中矩,看不出问题。
我还是觉得那个找不着路径很诡异。
我还是觉得那个找不着路径很诡异。
#40
谢谢你看一下。公司关门了。我明天再看回复。谢了
#41
我是来问你问题的。
驱动板块在哪?
驱动板块在哪?
#42
顶,学习…………………………
#43
mark
学习了。。。。。。。。。
学习了。。。。。。。。。
#44
貌似驱动板块很冷清,没有专门的windows 驱动板块
#45
咱新来的 不熟悉啊 没看到驱动版
#46
挖金啊,想下载一点资源参考一下。顶!顶!顶!
#47
看雪论坛和驱动之家。专门的驱动版。不过没有csdn开放。发个帖子都要比较高的权限
#48
.... 來 看 看
#49
UP up
#50
ding ding
#1
老兄,你先别急。你现在想知道什么?就是关于service database entry么?
#2
帮你顶了
本来是沙发,可惜被楼上抢了
本来是沙发,可惜被楼上抢了
#3
恩先从这个开始把。我用工具加载的时候说imagepath specified in the driver's sevice database entry is incorrect,or the file is missing.
#4
兔子说,大家看就行了。
#5
你100分只够听一个科普
Windows服务依赖于三样,APP本身(也就是你的PE),SCP和SCM。
我们很多时候都是用SCM系列的函数在操作服务,就像你调用的 CreateService
创建服务的时候,会向系统中注册服务,这是必须的。Advapi32.dll 中都实现了SCM系列API
HKLM\SYSTEM\CurrentControlSet\Services中为你进行了记录,维护了一个Services的数据库。
系统启动的时候,会直接通过SCP启动你的某些自动服务,通过那个数据库。
服务的入口点最先调用 RegisterServiceCtrlHandler ,这不和SCM讲话的,而是在内存里为 StartServiceCtrlDispatcher服务,这是服务分发例程。
然后就是检索那个数据库了
|--------------------------------|
|此处内容需加分可见 |
|--------------------------------|
Windows服务依赖于三样,APP本身(也就是你的PE),SCP和SCM。
我们很多时候都是用SCM系列的函数在操作服务,就像你调用的 CreateService
创建服务的时候,会向系统中注册服务,这是必须的。Advapi32.dll 中都实现了SCM系列API
HKLM\SYSTEM\CurrentControlSet\Services中为你进行了记录,维护了一个Services的数据库。
系统启动的时候,会直接通过SCP启动你的某些自动服务,通过那个数据库。
服务的入口点最先调用 RegisterServiceCtrlHandler ,这不和SCM讲话的,而是在内存里为 StartServiceCtrlDispatcher服务,这是服务分发例程。
然后就是检索那个数据库了
|--------------------------------|
|此处内容需加分可见 |
|--------------------------------|
#6
我也来顶!
那个是楼主你本人的相片吗?
那个是楼主你本人的相片吗?
#7
结合驱动和我的代码来说好吧。你那个我在网上早看到了。不过还是谢谢你。
#8
你还想知道什么?
#9
。。。。不用你回答了。
#10
你问什么我答什么呀
#11
切。多几年工作经验而已。
#12
我还没毕业。。。。
#13
总之你最牛可以了把。
#14
咋了,是解决了还是?
#15
晕。
我只是为了分。。。其他我没任何意思,我想你误解了。
你想知道什么但说无妨,我看你顶楼的帖子,不知道你想表达什么,所以才想知道清楚你的问题。
我只是为了分。。。其他我没任何意思,我想你误解了。
你想知道什么但说无妨,我看你顶楼的帖子,不知道你想表达什么,所以才想知道清楚你的问题。
#16
我想LZ有误会
#17
希望大家给我说说创建驱动创建服务windows做了些什么。比如service database entry我在哪里可以看。在服务管理器中看不到。在注册表中的位置我知道。要原理!!!
----------------------------
就是在注册表里面看。
ScCreateServiceDB被SvcCtrlMain用来创建SCM服务数据库。
ScCreateServiceDB 扫描HKLM\SYSTEM\CurrentControlSet\Services,如果没有重复,就创建分发入口
#18
谢谢楼上的,这才像个程序员。不过我说了在注册表中的位置我知道,那个项是创建成功的。AsupIO.你说的创建分发入口什么意思?就进入驱动中的DriverEntry了吗?
#19
我之前的话只要把#define FILE_DEVICE_ASUPIO 0x00008040
#define ASUPIO_IOCTL_INDEX 0x840改成其他未定义的值就可以创建服务成功了。 今天又做尝试发现不行了。所以才有此问
#define ASUPIO_IOCTL_INDEX 0x840改成其他未定义的值就可以创建服务成功了。 今天又做尝试发现不行了。所以才有此问
#20
不完全对。
这个流程不知道你清楚不清楚,
StartServiceCtrlDispatcher ->Service Thread->RegisterServiceCtrlHandler ->Service Control Handle->连接到Service Client
PS:你表达问题不清楚,怪我不像程序员?
这个流程不知道你清楚不清楚,
StartServiceCtrlDispatcher ->Service Thread->RegisterServiceCtrlHandler ->Service Control Handle->连接到Service Client
PS:你表达问题不清楚,怪我不像程序员?
#21
#define IOCTL_ASUPIO_MAPPHYSTOLIN CTL_CODE(FILE_DEVICE_ASUPIO, \
ASUPIO_IOCTL_INDEX, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
这个FILE_DEVICE_ASUPIO真诡异啊。你为什么要这么写???
ASUPIO_IOCTL_INDEX, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
这个FILE_DEVICE_ASUPIO真诡异啊。你为什么要这么写???
#22
谁让你这么说的啊。好了。是我不好,和解了。谢谢你。那什么时候才进入到我的驱动driverentry入口中?
#23
你第一个参数写FILE_DEVICE_UNKNOWN,把FILE_DEVICE_ASUPIO换成FILE_DEVICE_UNKNOWN
我估计你新来的,看不懂我开的玩笑
我估计你新来的,看不懂我开的玩笑
#24
为什么啊。我看winio的驱动也是FILE_DEVICE_WINIO啊,加载他一点问题没有。我确实是新来的。以前很少进论坛
#25
先试试看行不行,不行再分析
#26
不对我尝试了。还是一样的错误报的
#27
而且服务 CreateService之后需要OpenService,然后再StartService
参见http://topic.csdn.net/u/20090915/12/7e372d1a-6304-496d-8b4e-44d26b354c36.html
参见http://topic.csdn.net/u/20090915/12/7e372d1a-6304-496d-8b4e-44d26b354c36.html
#28
错误码2,ERROR_FILE_NOT_FOUND
pszWinIoDriverPath是多少?
pszWinIoDriverPath是多少?
#29
我用DriverMointor加载也报这个啊。pszWinIoDriverPath路径e:\biosupdate\output\debug\i386\AsUpIO.sys
#30
我也来顶。只是我不太懂。。。呵呵,
#31
你确认地址没问题?你的代码看起来没什么错误
#32
地址没问题。相同目录下我放的winio加载他一点问题没有。补充一句我是改写的winio的驱动的实例代码。把他有关的改成了我的。
#33
把全部的代码传上来我看看
#34
#ifndef ASUPIO_H
#define ASUPIO_H
#define FILE_DEVICE_UNKNOWN 0x00008050
#define ASUPIO_IOCTL_INDEX 0x850
//define our own private ioctl
#define IOCTL_ASUPIO_MAPPHYSTOLIN CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_UNMAPPHYSADDR CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 1, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_ENABLEDIRECTIO CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 2, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_DISABLEDIRECTIO CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 3, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_GETPHYSDATA CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 4, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_SETPHYSDATA CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 5, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_ALLOCPHYSMEMORY CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 6, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_FREEPHYSMEMORY CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 7, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#pragma pack(push)
#pragma pack(1)
struct tagPhys32Struct
{
HANDLE PhysicalMemoryHandle;
ULONG dwPhysMemSizeInBytes;
PVOID pvPhysAddress;
PVOID pvPhyMemLin;
};
#pragma pack(pop)
extern struct tagPhys32Struct Phys32Struct;
#endif
#define ASUPIO_H
#define FILE_DEVICE_UNKNOWN 0x00008050
#define ASUPIO_IOCTL_INDEX 0x850
//define our own private ioctl
#define IOCTL_ASUPIO_MAPPHYSTOLIN CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_UNMAPPHYSADDR CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 1, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_ENABLEDIRECTIO CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 2, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_DISABLEDIRECTIO CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 3, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_GETPHYSDATA CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 4, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_SETPHYSDATA CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 5, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_ALLOCPHYSMEMORY CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 6, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#define IOCTL_ASUPIO_FREEPHYSMEMORY CTL_CODE(FILE_DEVICE_UNKNOWN, \
ASUPIO_IOCTL_INDEX + 7, \
METHOD_BUFFERED, \
FILE_ANY_ACCESS)
#pragma pack(push)
#pragma pack(1)
struct tagPhys32Struct
{
HANDLE PhysicalMemoryHandle;
ULONG dwPhysMemSizeInBytes;
PVOID pvPhysAddress;
PVOID pvPhyMemLin;
};
#pragma pack(pop)
extern struct tagPhys32Struct Phys32Struct;
#endif
#35
#include <ntddk.h>
#include <ntdef.h>
#include <wdm.h>
#include "AsUpIO.h"
#define OutputDebugString DbgPrint
#define IOPM_SIZE 0x2000
typedef char IOPM[IOPM_SIZE];
IOPM *pIOPM = NULL;
NTSTATUS ASUPIODispatch(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
void AsUpIOUnload(IN PDRIVER_OBJECT DriverObject);
NTSTATUS UnmapPhysicalMemory(HANDLE PhysicalMemoryHandle, PVOID pPhysMemLin);
NTSTATUS MapPhysicalMemoryToLinearSpace(PVOID pPhysAddress,
ULONG PhysMemSizeInBytes,
PVOID *ppPhysMemLin,
HANDLE *pPhysicalMemoryHandle);
void Ke386SetIoAccessMap(int,IOPM *);
void Ke386QueryIoAccessMap(int, IOPM *);
void Ke386IoSetAccessProcess(PEPROCESS, int);
//global buffer
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
{
UNICODE_STRING DeviceNameUnicodeString;
UNICODE_STRING DeviceLinkUnicodeString;
NTSTATUS ntStatus;
PDEVICE_OBJECT DeviceObject = NULL;
DbgPrint("Entering DriverEntry");
RtlInitUnicodeString(&DeviceNameUnicodeString,L"\\Device\\ASUpBiosIo");
ntStatus = IoCreateDevice(DriverObject,
0,
&DeviceNameUnicodeString,
FILE_DEVICE_UNKNOWN,
0,
TRUE,
&DeviceObject);
if (NT_SUCCESS(ntStatus))
{
DriverObject->MajorFunction[IRP_MJ_CREATE]=
DriverObject->MajorFunction[IRP_MJ_CLOSE]=
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ASUPIODispatch;
DriverObject->DriverUnload = AsUpIOUnload;
RtlInitUnicodeString(&DeviceLinkUnicodeString,L"\\??\\ASUpBiosIo");
ntStatus = IoCreateSymbolicLink(&DeviceLinkUnicodeString,
&DeviceNameUnicodeString);
if (!NT_SUCCESS(ntStatus))
{
OutputDebugString ("ERROR: IoCreateSymbolicLink failed");
IoDeleteDevice(DeviceObject);
}
}
else
{
OutputDebugString("ERROR: IoCreateDevice failed");
}
OutputDebugString ("Leaving DriverEntry");
return ntStatus;
}
NTSTATUS ASUPIODispatch(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
PIO_STACK_LOCATION IrpStack;
ULONG dwInputBufferLength;
ULONG dwOutPutBufferLength;
ULONG dwIoControlCode;
PVOID pvIOBuffer;
NTSTATUS ntStatus;
struct tagPhys32Struct Phys32Struct;
PHYSICAL_ADDRESS phyAddress;
PVOID pvBufferAddress;
MDL *pMDL;
OutputDebugString ("Entering ASUPIODispatch");
// Init to default settings
Irp->IoStatus.Status =STATUS_SUCCESS;
Irp->IoStatus.Information =0;
IrpStack = IoGetCurrentIrpStackLocation(Irp);
pvIOBuffer = Irp->AssociatedIrp.SystemBuffer;
dwInputBufferLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
dwOutPutBufferLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
switch(IrpStack->MajorFunction)
{
case IRP_MJ_CREATE:
OutputDebugString("IRP_MJ_Create");
break;
case IRP_MJ_CLOSE:
OutputDebugString("IRP_MJ_CLOSE");
break;
case IRP_MJ_DEVICE_CONTROL:
OutputDebugString("IRP_MJ_DEVICE_CONTROL");
dwIoControlCode = IrpStack->Parameters.DeviceIoControl.IoControlCode;
switch (dwIoControlCode)
{
case IOCTL_ASUPIO_ENABLEDIRECTIO:
pIOPM = MmAllocateNonCachedMemory(sizeof(IOPM));
if (pIOPM)
{
RtlZeroMemory(pIOPM,sizeof(IOPM));
Ke386IoSetAccessProcess(PsGetCurrentProcess(),1);
Ke386SetIoAccessMap(1,pIOPM);
}
else
Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
break;
case IOCTL_ASUPIO_DISABLEDIRECTIO:
OutputDebugString("IOCTL_WINIO_DISABLEDIRECTIO");
if (pIOPM)
{
Ke386IoSetAccessProcess(PsGetCurrentProcess(),0);
Ke386SetIoAccessMap(1,pIOPM);
MmFreeNonCachedMemory(pIOPM,sizeof(IOPM));
pIOPM = NULL;
}
break;
case IOCTL_ASUPIO_ALLOCPHYSMEMORY:
OutputDebugString("IOCTL_WINIO_ALLOCPHYSMEMORY");
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
phyAddress.QuadPart = 0x00000000FFFFFFFF;
Phys32Struct.pvPhyMemLin = MmAllocateContiguousMemory( (SIZE_T)Phys32Struct.dwPhysMemSizeInBytes,
phyAddress );
Phys32Struct.pvPhysAddress = (PVOID)MmGetPhysicalAddress( Phys32Struct.pvPhyMemLin ).LowPart;
memcpy (pvIOBuffer, &Phys32Struct, dwInputBufferLength);
Irp->IoStatus.Information = dwInputBufferLength;
Irp->IoStatus.Status = STATUS_SUCCESS;
break;
case IOCTL_ASUPIO_FREEPHYSMEMORY:
OutputDebugString("IOCTL_ASUPIO_FREEPHYSMEMORY");
memcpy(&Phys32Struct,pvIOBuffer,dwInputBufferLength);
MmFreeContiguousMemory(Phys32Struct.pvPhyMemLin);
Irp->IoStatus.Status = STATUS_SUCCESS;
break;
case IOCTL_ASUPIO_MAPPHYSTOLIN:
OutputDebugString("IOCTL_WINIO_MAPPHYSTOLIN");
if (dwInputBufferLength)
{
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
ntStatus = MapPhysicalMemoryToLinearSpace(Phys32Struct.pvPhysAddress,
Phys32Struct.dwPhysMemSizeInBytes,
&Phys32Struct.pvPhyMemLin,
&Phys32Struct.PhysicalMemoryHandle);
if (NT_SUCCESS(ntStatus))
{
memcpy(pvIOBuffer,&Phys32Struct,dwInputBufferLength);
Irp->IoStatus.Information = dwInputBufferLength;
}
Irp->IoStatus.Status = ntStatus;
}
else
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
case IOCTL_ASUPIO_UNMAPPHYSADDR:
OutputDebugString("IOCTL_WINIO_UNMAPPHYSADDR");
if (dwInputBufferLength)
{
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
ntStatus = UnmapPhysicalMemory(Phys32Struct.PhysicalMemoryHandle, Phys32Struct.pvPhyMemLin);
Irp->IoStatus.Status = ntStatus;
}
else
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
default:
OutputDebugString("ERROR: Unknown IRP_MJ_DEVICE_CONTROL");
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
}
}
ntStatus = Irp->IoStatus.Status;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
// We never have pending operation so always return the status code.
OutputDebugString("Leaving ASUPIODispatch");
return ntStatus;
}
void AsUpIOUnload(IN PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING DeviceLinkUnicodeString;
NTSTATUS ntStatus;
OutputDebugString ("Entering WinIoUnload");
RtlInitUnicodeString(&DeviceLinkUnicodeString,L"\\DosDevice\\ASUpBiosIo");
ntStatus = IoDeleteSymbolicLink(&DeviceLinkUnicodeString);
if (NT_SUCCESS(ntStatus))
{
IoDeleteDevice(DriverObject->DeviceObject);
}
else
{
OutputDebugString ("ERROR: IoDeleteSymbolicLink");
}
OutputDebugString ("Leaving WinIoUnload");
}
#include <ntdef.h>
#include <wdm.h>
#include "AsUpIO.h"
#define OutputDebugString DbgPrint
#define IOPM_SIZE 0x2000
typedef char IOPM[IOPM_SIZE];
IOPM *pIOPM = NULL;
NTSTATUS ASUPIODispatch(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
void AsUpIOUnload(IN PDRIVER_OBJECT DriverObject);
NTSTATUS UnmapPhysicalMemory(HANDLE PhysicalMemoryHandle, PVOID pPhysMemLin);
NTSTATUS MapPhysicalMemoryToLinearSpace(PVOID pPhysAddress,
ULONG PhysMemSizeInBytes,
PVOID *ppPhysMemLin,
HANDLE *pPhysicalMemoryHandle);
void Ke386SetIoAccessMap(int,IOPM *);
void Ke386QueryIoAccessMap(int, IOPM *);
void Ke386IoSetAccessProcess(PEPROCESS, int);
//global buffer
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
{
UNICODE_STRING DeviceNameUnicodeString;
UNICODE_STRING DeviceLinkUnicodeString;
NTSTATUS ntStatus;
PDEVICE_OBJECT DeviceObject = NULL;
DbgPrint("Entering DriverEntry");
RtlInitUnicodeString(&DeviceNameUnicodeString,L"\\Device\\ASUpBiosIo");
ntStatus = IoCreateDevice(DriverObject,
0,
&DeviceNameUnicodeString,
FILE_DEVICE_UNKNOWN,
0,
TRUE,
&DeviceObject);
if (NT_SUCCESS(ntStatus))
{
DriverObject->MajorFunction[IRP_MJ_CREATE]=
DriverObject->MajorFunction[IRP_MJ_CLOSE]=
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ASUPIODispatch;
DriverObject->DriverUnload = AsUpIOUnload;
RtlInitUnicodeString(&DeviceLinkUnicodeString,L"\\??\\ASUpBiosIo");
ntStatus = IoCreateSymbolicLink(&DeviceLinkUnicodeString,
&DeviceNameUnicodeString);
if (!NT_SUCCESS(ntStatus))
{
OutputDebugString ("ERROR: IoCreateSymbolicLink failed");
IoDeleteDevice(DeviceObject);
}
}
else
{
OutputDebugString("ERROR: IoCreateDevice failed");
}
OutputDebugString ("Leaving DriverEntry");
return ntStatus;
}
NTSTATUS ASUPIODispatch(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
PIO_STACK_LOCATION IrpStack;
ULONG dwInputBufferLength;
ULONG dwOutPutBufferLength;
ULONG dwIoControlCode;
PVOID pvIOBuffer;
NTSTATUS ntStatus;
struct tagPhys32Struct Phys32Struct;
PHYSICAL_ADDRESS phyAddress;
PVOID pvBufferAddress;
MDL *pMDL;
OutputDebugString ("Entering ASUPIODispatch");
// Init to default settings
Irp->IoStatus.Status =STATUS_SUCCESS;
Irp->IoStatus.Information =0;
IrpStack = IoGetCurrentIrpStackLocation(Irp);
pvIOBuffer = Irp->AssociatedIrp.SystemBuffer;
dwInputBufferLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
dwOutPutBufferLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
switch(IrpStack->MajorFunction)
{
case IRP_MJ_CREATE:
OutputDebugString("IRP_MJ_Create");
break;
case IRP_MJ_CLOSE:
OutputDebugString("IRP_MJ_CLOSE");
break;
case IRP_MJ_DEVICE_CONTROL:
OutputDebugString("IRP_MJ_DEVICE_CONTROL");
dwIoControlCode = IrpStack->Parameters.DeviceIoControl.IoControlCode;
switch (dwIoControlCode)
{
case IOCTL_ASUPIO_ENABLEDIRECTIO:
pIOPM = MmAllocateNonCachedMemory(sizeof(IOPM));
if (pIOPM)
{
RtlZeroMemory(pIOPM,sizeof(IOPM));
Ke386IoSetAccessProcess(PsGetCurrentProcess(),1);
Ke386SetIoAccessMap(1,pIOPM);
}
else
Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
break;
case IOCTL_ASUPIO_DISABLEDIRECTIO:
OutputDebugString("IOCTL_WINIO_DISABLEDIRECTIO");
if (pIOPM)
{
Ke386IoSetAccessProcess(PsGetCurrentProcess(),0);
Ke386SetIoAccessMap(1,pIOPM);
MmFreeNonCachedMemory(pIOPM,sizeof(IOPM));
pIOPM = NULL;
}
break;
case IOCTL_ASUPIO_ALLOCPHYSMEMORY:
OutputDebugString("IOCTL_WINIO_ALLOCPHYSMEMORY");
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
phyAddress.QuadPart = 0x00000000FFFFFFFF;
Phys32Struct.pvPhyMemLin = MmAllocateContiguousMemory( (SIZE_T)Phys32Struct.dwPhysMemSizeInBytes,
phyAddress );
Phys32Struct.pvPhysAddress = (PVOID)MmGetPhysicalAddress( Phys32Struct.pvPhyMemLin ).LowPart;
memcpy (pvIOBuffer, &Phys32Struct, dwInputBufferLength);
Irp->IoStatus.Information = dwInputBufferLength;
Irp->IoStatus.Status = STATUS_SUCCESS;
break;
case IOCTL_ASUPIO_FREEPHYSMEMORY:
OutputDebugString("IOCTL_ASUPIO_FREEPHYSMEMORY");
memcpy(&Phys32Struct,pvIOBuffer,dwInputBufferLength);
MmFreeContiguousMemory(Phys32Struct.pvPhyMemLin);
Irp->IoStatus.Status = STATUS_SUCCESS;
break;
case IOCTL_ASUPIO_MAPPHYSTOLIN:
OutputDebugString("IOCTL_WINIO_MAPPHYSTOLIN");
if (dwInputBufferLength)
{
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
ntStatus = MapPhysicalMemoryToLinearSpace(Phys32Struct.pvPhysAddress,
Phys32Struct.dwPhysMemSizeInBytes,
&Phys32Struct.pvPhyMemLin,
&Phys32Struct.PhysicalMemoryHandle);
if (NT_SUCCESS(ntStatus))
{
memcpy(pvIOBuffer,&Phys32Struct,dwInputBufferLength);
Irp->IoStatus.Information = dwInputBufferLength;
}
Irp->IoStatus.Status = ntStatus;
}
else
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
case IOCTL_ASUPIO_UNMAPPHYSADDR:
OutputDebugString("IOCTL_WINIO_UNMAPPHYSADDR");
if (dwInputBufferLength)
{
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
ntStatus = UnmapPhysicalMemory(Phys32Struct.PhysicalMemoryHandle, Phys32Struct.pvPhyMemLin);
Irp->IoStatus.Status = ntStatus;
}
else
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
default:
OutputDebugString("ERROR: Unknown IRP_MJ_DEVICE_CONTROL");
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
}
}
ntStatus = Irp->IoStatus.Status;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
// We never have pending operation so always return the status code.
OutputDebugString("Leaving ASUPIODispatch");
return ntStatus;
}
void AsUpIOUnload(IN PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING DeviceLinkUnicodeString;
NTSTATUS ntStatus;
OutputDebugString ("Entering WinIoUnload");
RtlInitUnicodeString(&DeviceLinkUnicodeString,L"\\DosDevice\\ASUpBiosIo");
ntStatus = IoDeleteSymbolicLink(&DeviceLinkUnicodeString);
if (NT_SUCCESS(ntStatus))
{
IoDeleteDevice(DriverObject->DeviceObject);
}
else
{
OutputDebugString ("ERROR: IoDeleteSymbolicLink");
}
OutputDebugString ("Leaving WinIoUnload");
}
#36
NTSTATUS MapPhysicalMemoryToLinearSpace(PVOID pPhysAddress,
ULONG PhysMemSizeInBytes,
PVOID *ppPhysMemLin,
HANDLE *pPhysicalMemoryHandle)
{
UNICODE_STRING PhysicalMemoryUnicodeString;
PVOID PhysicalMemorySection = NULL;
OBJECT_ATTRIBUTES ObjectAttributes;
PHYSICAL_ADDRESS ViewBase;
NTSTATUS ntStatus;
PHYSICAL_ADDRESS pStartPhysAddress;
PHYSICAL_ADDRESS pEndPhysAddress;
PHYSICAL_ADDRESS MappingLength;
BOOLEAN Result1, Result2;
ULONG IsIOSpace;
unsigned char *pbPhysMemLin = NULL;
OutputDebugString ("\nEntering MapPhysicalMemoryToLinearSpace\n");
RtlInitUnicodeString (&PhysicalMemoryUnicodeString,
L"\\Device\\PhysicalMemory");
InitializeObjectAttributes (&ObjectAttributes,
&PhysicalMemoryUnicodeString,
OBJ_CASE_INSENSITIVE,
(HANDLE) NULL,
(PSECURITY_DESCRIPTOR) NULL);
*pPhysicalMemoryHandle = NULL;
ntStatus = ZwOpenSection (pPhysicalMemoryHandle,
SECTION_ALL_ACCESS,
&ObjectAttributes);
if (NT_SUCCESS(ntStatus))
{
ntStatus = ObReferenceObjectByHandle (*pPhysicalMemoryHandle,
SECTION_ALL_ACCESS,
(POBJECT_TYPE) NULL,
KernelMode,
&PhysicalMemorySection,
(POBJECT_HANDLE_INFORMATION) NULL);
if (NT_SUCCESS(ntStatus))
{
pStartPhysAddress = RtlConvertUlongToLargeInteger((ULONG)pPhysAddress);
pEndPhysAddress = RtlLargeIntegerAdd( pStartPhysAddress, RtlConvertUlongToLargeInteger(PhysMemSizeInBytes) );
IsIOSpace = 0;
Result1 = HalTranslateBusAddress (1, 0, pStartPhysAddress, &IsIOSpace, &pStartPhysAddress);
IsIOSpace = 0;
Result2 = HalTranslateBusAddress (1, 0, pEndPhysAddress, &IsIOSpace, &pEndPhysAddress);
if (Result1 && Result2)
{
MappingLength = RtlLargeIntegerSubtract (pEndPhysAddress, pStartPhysAddress);
if (MappingLength.LowPart)
{
// bug of ZwMapViewOfSection
// The ending address could never be equal to or greater than 0x100000000 while starting address is page alignment
// Reduce ViewSize to force maximum EndingAddress to 0xFFFFFFFF to break such buggy condition.
// Actually the view size will still be mutiply of page size, that is , address 0xFFFFFFFF is still accessible
if( RtlLargeIntegerGreaterThan( pEndPhysAddress, RtlConvertUlongToLargeInteger((ULONG)0xFFFFFFFF) ) )
PhysMemSizeInBytes = RtlLargeIntegerSubtract( RtlConvertUlongToLargeInteger((ULONG)0xFFFFFFFF), pStartPhysAddress ).LowPart;
else
PhysMemSizeInBytes = MappingLength.LowPart;
ViewBase.QuadPart = pStartPhysAddress.QuadPart;
OutputDebugString("IN HANDLE SectionHandle: %016lX\n", *pPhysicalMemoryHandle);
OutputDebugString("IN HANDLE ProcessHandle: -1\n");
OutputDebugString("IN OUT PVOID *BaseAddress: %016lX\n", pbPhysMemLin);
OutputDebugString("IN ULONG_PTR ZeroBits: 0\n");
OutputDebugString("IN SIZE_T CommitSize: %016lX\n", PhysMemSizeInBytes);
OutputDebugString("IN OUT PLARGE_INTEGER SectionOffset OPTIONAL: %016lX\n", ViewBase);
OutputDebugString("IN OUT PSIZE_T ViewSize: %016lX\n", PhysMemSizeInBytes);
// Let ZwMapViewOfSection pick a linear address
ntStatus = ZwMapViewOfSection (*pPhysicalMemoryHandle,
(HANDLE) -1,
&pbPhysMemLin,
0L,
PhysMemSizeInBytes,
&ViewBase,
&PhysMemSizeInBytes,
ViewShare,
0,
PAGE_READWRITE );
// PAGE_READWRITE | PAGE_NOCACHE);
OutputDebugString(" ##output## ntStatus:%08lX\n", ntStatus );
if (!NT_SUCCESS(ntStatus))
{
// Beyond Memory Space
OutputDebugString ("ERROR: ZwMapViewOfSection failed\n");
}
else
{
OutputDebugString("OUT PVOID *BaseAddress: %016lX\n", pbPhysMemLin);
OutputDebugString("OUT PLARGE_INTEGER SectionOffset OPTIONAL: %016lX\n", ViewBase);
OutputDebugString("OUT PSIZE_T ViewSize: %016lX\n", PhysMemSizeInBytes);
// User required, not aligned // ZwMapView allocated, aligned
pbPhysMemLin += (ULONG)pStartPhysAddress.LowPart - (ULONG)ViewBase.LowPart;
*ppPhysMemLin = pbPhysMemLin;
}
}
else
OutputDebugString ("ERROR: RtlLargeIntegerSubtract failed\n");
}
else
OutputDebugString ("ERROR: MappingLength = 0");
}
else
OutputDebugString ("ERROR: ObReferenceObjectByHandle failed\n");
}
else
OutputDebugString ("ERROR: ZwOpenSection failed\n");
if (!NT_SUCCESS(ntStatus))
ZwClose(*pPhysicalMemoryHandle);
OutputDebugString ("\nLeaving MapPhysicalMemoryToLinearSpace\n");
return ntStatus;
}
NTSTATUS UnmapPhysicalMemory(HANDLE PhysicalMemoryHandle, PVOID pPhysMemLin)
{
NTSTATUS ntStatus;
OutputDebugString ("Entering UnmapPhysicalMemory");
ntStatus = ZwUnmapViewOfSection((HANDLE)-1, pPhysMemLin);
if (!NT_SUCCESS(ntStatus))
OutputDebugString ("ERROR: UnmapViewOfSection failed");
ZwClose(PhysicalMemoryHandle);
OutputDebugString ("Leaving UnmapPhysicalMemory");
return ntStatus;
}
ULONG PhysMemSizeInBytes,
PVOID *ppPhysMemLin,
HANDLE *pPhysicalMemoryHandle)
{
UNICODE_STRING PhysicalMemoryUnicodeString;
PVOID PhysicalMemorySection = NULL;
OBJECT_ATTRIBUTES ObjectAttributes;
PHYSICAL_ADDRESS ViewBase;
NTSTATUS ntStatus;
PHYSICAL_ADDRESS pStartPhysAddress;
PHYSICAL_ADDRESS pEndPhysAddress;
PHYSICAL_ADDRESS MappingLength;
BOOLEAN Result1, Result2;
ULONG IsIOSpace;
unsigned char *pbPhysMemLin = NULL;
OutputDebugString ("\nEntering MapPhysicalMemoryToLinearSpace\n");
RtlInitUnicodeString (&PhysicalMemoryUnicodeString,
L"\\Device\\PhysicalMemory");
InitializeObjectAttributes (&ObjectAttributes,
&PhysicalMemoryUnicodeString,
OBJ_CASE_INSENSITIVE,
(HANDLE) NULL,
(PSECURITY_DESCRIPTOR) NULL);
*pPhysicalMemoryHandle = NULL;
ntStatus = ZwOpenSection (pPhysicalMemoryHandle,
SECTION_ALL_ACCESS,
&ObjectAttributes);
if (NT_SUCCESS(ntStatus))
{
ntStatus = ObReferenceObjectByHandle (*pPhysicalMemoryHandle,
SECTION_ALL_ACCESS,
(POBJECT_TYPE) NULL,
KernelMode,
&PhysicalMemorySection,
(POBJECT_HANDLE_INFORMATION) NULL);
if (NT_SUCCESS(ntStatus))
{
pStartPhysAddress = RtlConvertUlongToLargeInteger((ULONG)pPhysAddress);
pEndPhysAddress = RtlLargeIntegerAdd( pStartPhysAddress, RtlConvertUlongToLargeInteger(PhysMemSizeInBytes) );
IsIOSpace = 0;
Result1 = HalTranslateBusAddress (1, 0, pStartPhysAddress, &IsIOSpace, &pStartPhysAddress);
IsIOSpace = 0;
Result2 = HalTranslateBusAddress (1, 0, pEndPhysAddress, &IsIOSpace, &pEndPhysAddress);
if (Result1 && Result2)
{
MappingLength = RtlLargeIntegerSubtract (pEndPhysAddress, pStartPhysAddress);
if (MappingLength.LowPart)
{
// bug of ZwMapViewOfSection
// The ending address could never be equal to or greater than 0x100000000 while starting address is page alignment
// Reduce ViewSize to force maximum EndingAddress to 0xFFFFFFFF to break such buggy condition.
// Actually the view size will still be mutiply of page size, that is , address 0xFFFFFFFF is still accessible
if( RtlLargeIntegerGreaterThan( pEndPhysAddress, RtlConvertUlongToLargeInteger((ULONG)0xFFFFFFFF) ) )
PhysMemSizeInBytes = RtlLargeIntegerSubtract( RtlConvertUlongToLargeInteger((ULONG)0xFFFFFFFF), pStartPhysAddress ).LowPart;
else
PhysMemSizeInBytes = MappingLength.LowPart;
ViewBase.QuadPart = pStartPhysAddress.QuadPart;
OutputDebugString("IN HANDLE SectionHandle: %016lX\n", *pPhysicalMemoryHandle);
OutputDebugString("IN HANDLE ProcessHandle: -1\n");
OutputDebugString("IN OUT PVOID *BaseAddress: %016lX\n", pbPhysMemLin);
OutputDebugString("IN ULONG_PTR ZeroBits: 0\n");
OutputDebugString("IN SIZE_T CommitSize: %016lX\n", PhysMemSizeInBytes);
OutputDebugString("IN OUT PLARGE_INTEGER SectionOffset OPTIONAL: %016lX\n", ViewBase);
OutputDebugString("IN OUT PSIZE_T ViewSize: %016lX\n", PhysMemSizeInBytes);
// Let ZwMapViewOfSection pick a linear address
ntStatus = ZwMapViewOfSection (*pPhysicalMemoryHandle,
(HANDLE) -1,
&pbPhysMemLin,
0L,
PhysMemSizeInBytes,
&ViewBase,
&PhysMemSizeInBytes,
ViewShare,
0,
PAGE_READWRITE );
// PAGE_READWRITE | PAGE_NOCACHE);
OutputDebugString(" ##output## ntStatus:%08lX\n", ntStatus );
if (!NT_SUCCESS(ntStatus))
{
// Beyond Memory Space
OutputDebugString ("ERROR: ZwMapViewOfSection failed\n");
}
else
{
OutputDebugString("OUT PVOID *BaseAddress: %016lX\n", pbPhysMemLin);
OutputDebugString("OUT PLARGE_INTEGER SectionOffset OPTIONAL: %016lX\n", ViewBase);
OutputDebugString("OUT PSIZE_T ViewSize: %016lX\n", PhysMemSizeInBytes);
// User required, not aligned // ZwMapView allocated, aligned
pbPhysMemLin += (ULONG)pStartPhysAddress.LowPart - (ULONG)ViewBase.LowPart;
*ppPhysMemLin = pbPhysMemLin;
}
}
else
OutputDebugString ("ERROR: RtlLargeIntegerSubtract failed\n");
}
else
OutputDebugString ("ERROR: MappingLength = 0");
}
else
OutputDebugString ("ERROR: ObReferenceObjectByHandle failed\n");
}
else
OutputDebugString ("ERROR: ZwOpenSection failed\n");
if (!NT_SUCCESS(ntStatus))
ZwClose(*pPhysicalMemoryHandle);
OutputDebugString ("\nLeaving MapPhysicalMemoryToLinearSpace\n");
return ntStatus;
}
NTSTATUS UnmapPhysicalMemory(HANDLE PhysicalMemoryHandle, PVOID pPhysMemLin)
{
NTSTATUS ntStatus;
OutputDebugString ("Entering UnmapPhysicalMemory");
ntStatus = ZwUnmapViewOfSection((HANDLE)-1, pPhysMemLin);
if (!NT_SUCCESS(ntStatus))
OutputDebugString ("ERROR: UnmapViewOfSection failed");
ZwClose(PhysicalMemoryHandle);
OutputDebugString ("Leaving UnmapPhysicalMemory");
return ntStatus;
}
#37
贴了3次没法贴了吧?
#38
BOOL GetDriverPath()
{
PSTR pszSlash;
if (!GetModuleFileName(GetModuleHandle(NULL), szWinIoDriverPath, sizeof(szWinIoDriverPath)))
return false;
pszSlash = strrchr(szWinIoDriverPath, '\\');
if (pszSlash)
pszSlash[1] = 0;
else
return false;
strcat_s(szWinIoDriverPath, "i386\\AsUpIO.sys");
return true;
}
BOOL _stdcall InitializeWinIo()
{
BOOL bResult;
DWORD dwBytesReturned;
IsNT = IsWinNT();
if (IsNT)
{
hDriver = CreateFile("\\\\.\\ASUpBiosIo",
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
// If the driver is not running, install it
if (hDriver == INVALID_HANDLE_VALUE)
{
GetDriverPath();
bResult = InstallWinIoDriver(szWinIoDriverPath, true);
if (!bResult)
return false;
bResult = StartWinIoDriver();
if (!bResult)
return false;
hDriver = CreateFile("\\\\.\\ASUpBiosIo",
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hDriver == INVALID_HANDLE_VALUE)
{
int itt = GetLastError();
return false;
}
}
// Enable I/O port access for this process
if (!DeviceIoControl(hDriver, IOCTL_ASUPIO_ENABLEDIRECTIO, NULL,
0, NULL, 0, &dwBytesReturned, NULL))
return false;
}
/*else
{
VxDCall = (DWORD (WINAPI *)(DWORD,DWORD,DWORD))GetK32ProcAddress(1);
hDriver = CreateFile("\\\\.\\WINIO.VXD", 0, 0, 0, CREATE_NEW, FILE_FLAG_DELETE_ON_CLOSE, 0);
if (hDriver == INVALID_HANDLE_VALUE)
return false;
}*/
IsWinIoInitialized = true;
return true;
}
void _stdcall ShutdownWinIo()
{
DWORD dwBytesReturned;
if (IsNT)
{
if (hDriver != INVALID_HANDLE_VALUE)
{
// Disable I/O port access
DeviceIoControl(hDriver, IOCTL_ASUPIO_DISABLEDIRECTIO, NULL,
0, NULL, 0, &dwBytesReturned, NULL);
CloseHandle(hDriver);
}
RemoveWinIoDriver();
}
else
CloseHandle(hDriver);
IsWinIoInitialized = false;
}
BOOL _stdcall InstallWinIoDriver(PSTR pszWinIoDriverPath, BOOL IsDemandLoaded)
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
// Remove any previous instance of the driver
RemoveWinIoDriver();
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
// Install the driver
hService = CreateService(hSCManager,
"AsUpIO",
"AsUpIO",
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
(IsDemandLoaded == TRUE) ? SERVICE_DEMAND_START : SERVICE_SYSTEM_START,
SERVICE_ERROR_NORMAL,
pszWinIoDriverPath,
NULL,
NULL,
NULL,
NULL,
NULL);
CloseServiceHandle(hSCManager);
if (hService == NULL)
return false;
}
else
return false;
CloseServiceHandle(hService);
return true;
}
BOOL _stdcall RemoveWinIoDriver()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
BOOL bResult;
StopWinIoDriver();
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
hService = OpenService(hSCManager, "AsUpIO", SERVICE_ALL_ACCESS);
CloseServiceHandle(hSCManager);
if (hService)
{
bResult = DeleteService(hService);
CloseServiceHandle(hService);
}
else
return false;
}
else
return false;
return bResult;
}
BOOL _stdcall StartWinIoDriver()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
BOOL bResult;
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
hService = OpenService(hSCManager, "AsUpIO", SERVICE_ALL_ACCESS);
CloseServiceHandle(hSCManager);
if (hService)
{
bResult = StartService(hService, 0, NULL) || GetLastError() == ERROR_SERVICE_ALREADY_RUNNING;
CloseServiceHandle(hService);
}
else
return false;
}
else
return false;
return bResult;
}
BOOL _stdcall StopWinIoDriver()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
SERVICE_STATUS ServiceStatus;
BOOL bResult;
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
hService = OpenService(hSCManager, "AsUpIO", SERVICE_ALL_ACCESS);
CloseServiceHandle(hSCManager);
if (hService)
{
bResult = ControlService(hService, SERVICE_CONTROL_STOP, &ServiceStatus);
CloseServiceHandle(hService);
}
else
return false;
}
else
return false;
return bResult;
}
{
PSTR pszSlash;
if (!GetModuleFileName(GetModuleHandle(NULL), szWinIoDriverPath, sizeof(szWinIoDriverPath)))
return false;
pszSlash = strrchr(szWinIoDriverPath, '\\');
if (pszSlash)
pszSlash[1] = 0;
else
return false;
strcat_s(szWinIoDriverPath, "i386\\AsUpIO.sys");
return true;
}
BOOL _stdcall InitializeWinIo()
{
BOOL bResult;
DWORD dwBytesReturned;
IsNT = IsWinNT();
if (IsNT)
{
hDriver = CreateFile("\\\\.\\ASUpBiosIo",
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
// If the driver is not running, install it
if (hDriver == INVALID_HANDLE_VALUE)
{
GetDriverPath();
bResult = InstallWinIoDriver(szWinIoDriverPath, true);
if (!bResult)
return false;
bResult = StartWinIoDriver();
if (!bResult)
return false;
hDriver = CreateFile("\\\\.\\ASUpBiosIo",
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hDriver == INVALID_HANDLE_VALUE)
{
int itt = GetLastError();
return false;
}
}
// Enable I/O port access for this process
if (!DeviceIoControl(hDriver, IOCTL_ASUPIO_ENABLEDIRECTIO, NULL,
0, NULL, 0, &dwBytesReturned, NULL))
return false;
}
/*else
{
VxDCall = (DWORD (WINAPI *)(DWORD,DWORD,DWORD))GetK32ProcAddress(1);
hDriver = CreateFile("\\\\.\\WINIO.VXD", 0, 0, 0, CREATE_NEW, FILE_FLAG_DELETE_ON_CLOSE, 0);
if (hDriver == INVALID_HANDLE_VALUE)
return false;
}*/
IsWinIoInitialized = true;
return true;
}
void _stdcall ShutdownWinIo()
{
DWORD dwBytesReturned;
if (IsNT)
{
if (hDriver != INVALID_HANDLE_VALUE)
{
// Disable I/O port access
DeviceIoControl(hDriver, IOCTL_ASUPIO_DISABLEDIRECTIO, NULL,
0, NULL, 0, &dwBytesReturned, NULL);
CloseHandle(hDriver);
}
RemoveWinIoDriver();
}
else
CloseHandle(hDriver);
IsWinIoInitialized = false;
}
BOOL _stdcall InstallWinIoDriver(PSTR pszWinIoDriverPath, BOOL IsDemandLoaded)
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
// Remove any previous instance of the driver
RemoveWinIoDriver();
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
// Install the driver
hService = CreateService(hSCManager,
"AsUpIO",
"AsUpIO",
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
(IsDemandLoaded == TRUE) ? SERVICE_DEMAND_START : SERVICE_SYSTEM_START,
SERVICE_ERROR_NORMAL,
pszWinIoDriverPath,
NULL,
NULL,
NULL,
NULL,
NULL);
CloseServiceHandle(hSCManager);
if (hService == NULL)
return false;
}
else
return false;
CloseServiceHandle(hService);
return true;
}
BOOL _stdcall RemoveWinIoDriver()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
BOOL bResult;
StopWinIoDriver();
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
hService = OpenService(hSCManager, "AsUpIO", SERVICE_ALL_ACCESS);
CloseServiceHandle(hSCManager);
if (hService)
{
bResult = DeleteService(hService);
CloseServiceHandle(hService);
}
else
return false;
}
else
return false;
return bResult;
}
BOOL _stdcall StartWinIoDriver()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
BOOL bResult;
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
hService = OpenService(hSCManager, "AsUpIO", SERVICE_ALL_ACCESS);
CloseServiceHandle(hSCManager);
if (hService)
{
bResult = StartService(hService, 0, NULL) || GetLastError() == ERROR_SERVICE_ALREADY_RUNNING;
CloseServiceHandle(hService);
}
else
return false;
}
else
return false;
return bResult;
}
BOOL _stdcall StopWinIoDriver()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
SERVICE_STATUS ServiceStatus;
BOOL bResult;
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
hService = OpenService(hSCManager, "AsUpIO", SERVICE_ALL_ACCESS);
CloseServiceHandle(hSCManager);
if (hService)
{
bResult = ControlService(hService, SERVICE_CONTROL_STOP, &ServiceStatus);
CloseServiceHandle(hService);
}
else
return false;
}
else
return false;
return bResult;
}
#39
代码中规中矩,看不出问题。
我还是觉得那个找不着路径很诡异。
我还是觉得那个找不着路径很诡异。
#40
谢谢你看一下。公司关门了。我明天再看回复。谢了
#41
我是来问你问题的。
驱动板块在哪?
驱动板块在哪?
#42
顶,学习…………………………
#43
mark
学习了。。。。。。。。。
学习了。。。。。。。。。
#44
貌似驱动板块很冷清,没有专门的windows 驱动板块
#45
咱新来的 不熟悉啊 没看到驱动版
#46
挖金啊,想下载一点资源参考一下。顶!顶!顶!
#47
看雪论坛和驱动之家。专门的驱动版。不过没有csdn开放。发个帖子都要比较高的权限
#48
.... 來 看 看
#49
UP up
#50
ding ding