首先要获取驱动模块的文件名字,根据每次文件名字的不同进行生成,名字可以从链表获得:
typedef struct _LDR_DATA_TABLE_ENTRY {
LIST_ENTRY InLoadOrderLinks;
LIST_ENTRY InMemoryOrderLinks;
LIST_ENTRY InInitializationOrderLinks;
PVOID DllBase;
PVOID EntryPoint;
ULONG SizeOfImage;
UNICODE_STRING FullDllName;
UNICODE_STRING BaseDllName;
}LDR_DATA_TABLE_ENTRY,*PLDR_DATA_TABLE_ENTRY;
//上面这个结构体需要自己定义
static PLDR_DATA_TABLE_ENTRY GetSysList(PDRIVER_OBJECT DriverObject)
{
PLDR_DATA_TABLE_ENTRY ldr = (PLDR_DATA_TABLE_ENTRY)DriverObject->DriverSection;
return ldr;
}
PLDR_DATA_TABLE_ENTRY pSysList = NULL;
pSysList = GetSysList(DriverObject);//从DriverEntry获取驱动链表的节点信息。
// 拼字符串创建服务名字
static NTSTATUS XCreateDriverName(IN PDRIVER_OBJECT DriverObject,UNICODE_STRING BaseDllName)
{
UNICODE_STRING DeviceName,Win32Device;
PDEVICE_OBJECT DeviceObject = NULL;
NTSTATUS status;
P_USTR(&BaseDllName);
WCHAR strDevice[256];
RtlInitEmptyUnicodeString(&DeviceName,strDevice,sizeof(strDevice));
RtlAppendUnicodeToString(&DeviceName,L"\\Device\\");
RtlAppendUnicodeStringToString(&DeviceName,&BaseDllName);
P_USTR(&DeviceName);
WCHAR strDosDevices[256];
RtlInitEmptyUnicodeString(&Win32Device,strDosDevices,sizeof(strDosDevices));
RtlAppendUnicodeToString(&Win32Device,L"\\DosDevices\\");
RtlAppendUnicodeStringToString(&Win32Device,&BaseDllName);
P_USTR(&Win32Device);
status = IoCreateDevice(DriverObject,
0,
&DeviceName,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&DeviceObject);
if (!NT_SUCCESS(status))
return status;
if (!DeviceObject)
return STATUS_UNEXPECTED_IO_ERROR;
DeviceObject->Flags |= DO_DIRECT_IO;
DeviceObject->AlignmentRequirement = FILE_WORD_ALIGNMENT;
status = IoCreateSymbolicLink(&Win32Device, &DeviceName);
DeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
return STATUS_SUCCESS;
}
更多请关注微信公众号:driverdevelop