文章目录
- 前言
- WDF编程前的准备工作
- WDF编程
- 创建驱动对象
- 创建设备对象
- 设备对象的回调函数
- 链表操作
- 驱动的测试代码
- 其他
前言
注:本文的完整代码见仓库 18-WDF-reflect
代码参考自:junjiexing/libredirect
我不是从事驱动开发的专业人员,打酱油需要用到下驱动,故来了解下WDF编程。
我之前翻看的是《windows驱动开发技术详解》-张帆。书中的代码也敲了一点点,然后跑去看一些小项目的代码,发现还是没搞懂。
其中的一个原因在于,《windows驱动开发技术详解》书中的驱动是NT式驱动,而我看到的都是WDF框架开发的驱动。搞不清楚这些编程框架的本质区别,但是明显的一点是,从驱动开发框架出现的时间上来说,NT早于WDM, WDM早于WDF。ok,我再去补充下WDF编程接口。
windows驱动这块的中文书籍不多,这次翻看的是《Windows设备驱动程序WDF开发》。这本书似乎挺烂,因为我看明白。。网上有个入门视频,非常nice:【WDF驱动编程入门-哔哩哔哩】。如果有的NT驱动编程基础的话,非常容易入门。关于NT编程基础,可以参考我之前的博客:windows驱动开发环境搭建以及helloworld、windows内核编程-文件操作、windows驱动编程-应用与内核通信
WDF编程前的准备工作
需要NT编程基础,可以参考上面的链接。
WDF编程和NT编程差不多。NT编程中有的东西,WDF也有,只是调用的API不同。我们先看下驱动的组成部分:
- 创建驱动对象。一个驱动对象代表了一个驱动程序,或者说一个内核模块。
- 指定驱动对象的类型,驱动的卸载操作等。
- 创建设备对象。一个驱动对象可以有多个设备。设备是接收请求的实体。
- 为设备对象创建回调函数。打开/关闭设备执行的回调函数。接收DeviceIoControl发送的制代码,并执行相应的操作。(这里是重点)
WDF编程
这是一个demo。代码实现:从用户空间传递字符串给内核中的驱动;驱动将字符串保存在一个双向链表中;用户空间从驱动中提取字符串;
创建驱动对象
// 创建WDF驱动程序对象WDF_DRIVER_CONFIG config;WDF_DRIVER_CONFIG_INIT(&config, WDF_NO_EVENT_CALLBACK); // 非pnp驱动,不必提供EvtDriverDeviceAddconfig.DriverInitFlags |= WdfDriverInitNonPnpDriver;config.EvtDriverUnload = driver_unload;WDFDRIVER driver;NTSTATUS status = WdfDriverCreate(driver_obj, reg_path, WDF_NO_OBJECT_ATTRIBUTES, &config, &driver);if (!NT_SUCCESS(status)) {KdPrint(("wdf-demo: fail in WdfDriverCreate."));return status;}
创建设备对象
#include "device.h"NTSTATUS device_init(WDFDRIVER& driver, WDFDEVICE& device) {DECLARE_CONST_UNICODE_STRING(device_name, L"\\Device\\wdf_demo");DECLARE_CONST_UNICODE_STRING(dos_device_name, L"\\??\\wdf_demo");NTSTATUS status = STATUS_SUCCESS;// 创建一个设备对象 设置设备类型,设备缓冲模式,设备名PWDFDEVICE_INIT device_init = WdfControlDeviceInitAllocate(driver, &SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RW_RES_R);if (device_init == NULL) {status = STATUS_INSUFFICIENT_RESOURCES;KdPrint(("wdf-demo: fail in WdfControlDeviceInitAllocate."));return status;}WdfDeviceInitSetDeviceType(device_init, FILE_DEVICE_UNKNOWN);WdfDeviceInitSetIoType(device_init, WdfDeviceIoBuffered); // 缓冲模式,类似DO_BUFFERED_IOWdfDeviceInitAssignName(device_init, &device_name); 设置设备创建和关闭的回调函数WDF_FILEOBJECT_CONFIG file_config;WDF_FILEOBJECT_CONFIG_INIT(&file_config, file_create, file_close, file_cleanup);WdfDeviceInitSetFileObjectConfig(device_init, &file_config, WDF_NO_OBJECT_ATTRIBUTES);status = WdfDeviceCreate(&device_init, WDF_NO_OBJECT_ATTRIBUTES, &device);if (!NT_SUCCESS(status)) {KdPrint(("wdf-demo: fail in WdfDeviceCreate, ret status is %d", status));// WdfControlDeviceInitAllocate得到的WDFDEVICE_INIT 结构,在驱动程序初始化错误的时候必须调用 WdfDeviceInitFree// 成功调用 WdfDeviceCreate 后,驱动程序不得调用 WdfDeviceInitFreeWdfDeviceInitFree(device_init);return status;} 该设备的IO操作WDF_IO_QUEUE_CONFIG queue_config;WDF_IO_QUEUE_CONFIG_INIT_DEFAULT_QUEUE(&queue_config, WdfIoQueueDispatchSequential); // 请求串行处理queue_config.EvtIoDeviceControl = device_ioctl; // 请求的处理函数WDFQUEUE queue;status = WdfIoQueueCreate(device, &queue_config, WDF_NO_OBJECT_ATTRIBUTES, &queue);if (!NT_SUCCESS(status)) {KdPrint(("wdf-demo: fail in WdfIoQueueCreate, ret status is %d", status));return status;}// 创建设备的符号链接status = WdfDeviceCreateSymbolicLink(device, &dos_device_name);if (!NT_SUCCESS(status)) {KdPrint(("wdf-demo: fail in WdfDeviceCreateSymbolicLink, ret status is %d", status));return status;}WdfControlFinishInitializing(device);return status;
}
设备对象的回调函数
#include "io_callbacks.h"
#include "../libdemo/demo_common.h"
#include "list.h"VOID file_create(IN WDFDEVICE device, IN WDFREQUEST request, IN WDFFILEOBJECT object) {UNREFERENCED_PARAMETER(device);UNREFERENCED_PARAMETER(object);KdPrint(("wdf-demo: file_create."));WdfRequestComplete(request, STATUS_SUCCESS);
}VOID file_close(IN WDFFILEOBJECT object)
{KdPrint(("wdf-demo: file_close."));UNREFERENCED_PARAMETER(object);
}VOID file_cleanup(IN WDFFILEOBJECT object)
{KdPrint(("wdf-demo: file_cleanup."));UNREFERENCED_PARAMETER(object);
}VOID device_ioctl(IN WDFQUEUE queue, IN WDFREQUEST request,IN size_t out_length, IN size_t in_length, IN ULONG code)
{UNREFERENCED_PARAMETER(queue);UNREFERENCED_PARAMETER(out_length);UNREFERENCED_PARAMETER(in_length);NTSTATUS status;if (code == IOCTL_GET_MSG) {KdPrint(("wdf-demo:device_ioctl - IOCTL_GET_MSG"));void* outbuf;size_t outlen;status = WdfRequestRetrieveOutputBuffer(request, 0, &outbuf, &outlen);if (!NT_SUCCESS(status)) {KdPrint(("wdf-demo:device_ioctl - IOCTL_GET_MSG. get input buffer error: %d", status));WdfRequestComplete(request, STATUS_SUCCESS);return;}conn_item* node = remove_head();KdPrint(("wdf-demo:device_ioctl - IOCTL_SET_MSG. outbuf is %s", node->connect));if (node != NULL) {memcpy(outbuf, &node->connect, outlen);ExFreePoolWithTag(node, WDF_DEMO_TAG);WdfRequestCompleteWithInformation(request, status, strlen((char*)outbuf));}else {WdfRequestComplete(request, STATUS_SUCCESS);}return;}else if (code == IOCTL_SET_MSG) {KdPrint(("wdf-demo:device_ioctl - IOCTL_SET_MSG"));void *inbuf;size_t inlen;status = WdfRequestRetrieveInputBuffer(request, 0, &inbuf, &inlen);if (!NT_SUCCESS(status)) {KdPrint(("wdf-demo:device_ioctl - IOCTL_SET_MSG. get input buffer error: %d", status));WdfRequestComplete(request, STATUS_SUCCESS);return;}*((char*)inbuf + inlen) = '\0';KdPrint(("wdf-demo:device_ioctl - IOCTL_SET_MSG. in buf is %s", (char*)inbuf));add_tail(inbuf, inlen);WdfRequestComplete(request, STATUS_SUCCESS);return;}else {KdPrint(("wdf-demo:device_ioctl - UNKNOWS"));WdfRequestComplete(request, STATUS_UNSUCCESSFUL);}
}
链表操作
#include "list.h"LIST_ENTRY connect_list;
WDFWAITLOCK connect_list_lock;void init_list() {WdfWaitLockCreate(WDF_NO_OBJECT_ATTRIBUTES, &connect_list_lock);InitializeListHead(&connect_list);
}BOOLEAN add_tail(PVOID inbuf, size_t inlen) {if (inlen >= ENTER_MAX_SIZE) {return FALSE;}conn_item *node = (conn_item*)ExAllocatePool2(POOL_FLAG_NON_PAGED, sizeof(conn_item), WDF_DEMO_TAG);if (node == NULL) {KdPrint(("fail in ExAllocatePool2"));return FALSE;}memset(node, 0, sizeof(node));memcpy(&node->connect, inbuf, ENTER_MAX_SIZE);KdPrint(("wdf-demo:add tail . node->connect is %s", node->connect));WdfWaitLockAcquire(connect_list_lock, nullptr);InsertTailList(&connect_list, &node->list_entry);WdfWaitLockRelease(connect_list_lock);return TRUE;
}conn_item* remove_head() {WdfWaitLockAcquire(connect_list_lock, nullptr);conn_item* node = NULL;if (IsListEmpty(&connect_list)) {goto end;}PLIST_ENTRY item = RemoveHeadList(&connect_list);node = CONTAINING_RECORD(item, conn_item, list_entry);
end:WdfWaitLockRelease(connect_list_lock);return node;
}void clear_list() {WdfWaitLockAcquire(connect_list_lock, nullptr);while (!IsListEmpty(&connect_list)) {PLIST_ENTRY item = RemoveHeadList(&connect_list);conn_item* node = CONTAINING_RECORD(item, conn_item, list_entry);ExFreePoolWithTag(node, WDF_DEMO_TAG);}WdfWaitLockRelease(connect_list_lock);
}
驱动的测试代码
#include "../libdemo/demo_common.h"
#include <Windows.h>
#include <iostream>
#include <string>int main(int argc, char *argv[]) {HANDLE device = CreateFile("\\\\.\\wdf_demo", GENERIC_READ | GENERIC_WRITE,0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, NULL); if(device == INVALID_HANDLE_VALUE) {DWORD err_code = GetLastError();std::cerr << "fail to open device" << std::endl;std::cerr << "error code is: " << err_code << std::endl;return -1;}int ret_len = 0;std::string msg = "hello world";BOOL result = DeviceIoControl(device, IOCTL_SET_MSG, (LPVOID)(msg.c_str()), msg.size(), NULL, 0, (LPDWORD)&ret_len, NULL);if(result == 0) {DWORD err_code = GetLastError();std::cerr << "fail in DeviceIoControl-IOCTL_SET_MSG. error code is: " << err_code << std::endl;return 0;} std::string msg_2 = "dlrow olleh";result = DeviceIoControl(device, IOCTL_SET_MSG, (LPVOID)(msg_2.c_str()), msg_2.size(), NULL, 0, (LPDWORD)&ret_len, NULL);char get_msg[1024] = { 0 };result = DeviceIoControl(device, IOCTL_GET_MSG, NULL, 0, &get_msg, 1024, (LPDWORD)&ret_len, NULL);std::cout << ret_len << std::endl;std::cout << get_msg << std::endl;char get_msg_2[1024] = { 0 };result = DeviceIoControl(device, IOCTL_GET_MSG, NULL, 0, &get_msg_2, 1024, (LPDWORD)&ret_len, NULL);std::cout << ret_len << std::endl;std::cout << get_msg_2 << std::endl;return 0;
}
输出如下所示:
其他
编译报错处理,参考LNK2001无法解析的外部符号 SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RW_RES_R,需要链接$(DDK_LIB_PATH)\wdmsec.lib
LNK2001无法解析的外部符号 SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RW_RES_R
![图书管理系统(Java实现)[附完整代码]](https://img-blog.csdnimg.cn/8651e17c2432408bace6d890b7261734.png)
