收藏
下载资源 加入VIP,省得不是一点点

键盘过滤驱动学习.doc

上传人:sk****8 文档编号:3125120 上传时间:2019-05-22 格式:DOC 页数:4 大小:41.50KB
下载 相关 举报
键盘过滤驱动学习.doc_第1页
第1页 / 共4页
键盘过滤驱动学习.doc_第2页
第2页 / 共4页
键盘过滤驱动学习.doc_第3页
第3页 / 共4页
键盘过滤驱动学习.doc_第4页
第4页 / 共4页
亲,该文档总共4页,全部预览完了,如果喜欢就下载吧!
资源描述

1、http:/ IRP HOOK 键盘过滤之替换原键盘分发函数MajorFunction.h#ifndef _MAJORFUNCTION_HEADERS_#define _MAJORFUNCTION_HEADERS_#include #define DELAY_ONE_MILLISECOND 1000000extern POBJECT_TYPE *IoDriverObjectType;extern NTSTATUS ObReferenceObjectByName( IN PUNICODE_STRING ObjectPath, IN ULONG Attributes, IN PACCESS_STA

2、TE PassedAccessState OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, OUT PVOID *ObjectPtr); PDRIVER_DISPATCH OldMajorFunctionIRP_MJ_MAXIMUM_FUNCTION+1;#endif#include “MajorFunction.h“/ 原键盘驱动分发统一处理NTSTATUS

3、 OldKeyBoardDispath(PDEVICE_OBJECT DeviceObject, PIRP pIrp)NTSTATUS Status = STATUS_UNSUCCESSFUL;PIO_STACK_LOCATION irpStack = NULL;irpStack = IoGetCurrentIrpStackLocation(pIrp);Status = OldMajorFunctionirpStack-MajorFunction(DeviceObject, pIrp);DbgPrint(“IRP_MJ_FUNCTIOIN complete successful!n“);ret

4、urn Status;/ HOOK 函数, 替换键盘原来的 MajorFunctionNTSTATUS MajorFunctionHook(PDRIVER_OBJECT DriverObject)NTSTATUS Status = STATUS_UNSUCCESSFUL;PDRIVER_OBJECT KeyBoardDriverObject = NULL;UNICODE_STRING KeyBoardDriverName;PFILE_OBJECT pFileObject = NULL;int nIndex = 0;RtlInitUnicodeString(Status = ObReferenc

5、eObjectByName(if (!NT_SUCCESS(Status)DbgPrint(“in MajorFunctionHook Get ObReferenceObjectByName by KeyBoardDriverObject Errorn“);goto Exit0;/保存及设置新键盘的 MajorFunctionfor(nIndex = 0; nIndex MajorFunctionnIndex;InterlockedExchangePointer(DbgPrint(“IRP_MJ_FUNCTION Hook Successful!n“);/ 解除引用ObDereferenceO

6、bject(KeyBoardDriverObject);Exit0:return Status;/ 卸载函数NTSTATUS UnLoadDriver(PDRIVER_OBJECT DriverObject)NTSTATUS Status = STATUS_UNSUCCESSFUL;int nIndex = 0;PDRIVER_OBJECT KeyBoardDriverObject = NULL;UNICODE_STRING KeyBoardName;LARGE_INTEGER Delay;RtlInitUnicodeString(Status = ObReferenceObjectByNam

7、e(if (!NT_SUCCESS(Status)DbgPrint(“UnloadDriver Get Keyboard Driver Object Errorn“);goto Exit0;/ 交换原来的分发函数for (nIndex; nIndex MajorFunctionnIndex, OldMajorFunctionnIndex);DbgPrint(“Change MajorFunction Successful!n“);Delay = RtlConvertLongToLargeInteger(5* DELAY_ONE_MILLISECOND);/ 延时等待完成KeDelayExecu

8、tionThread(KernelMode, FALSE, ObReferenceObject(KeyBoardDriverObject);Exit0:return Status;NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegisterPath)NTSTATUS Status = STATUS_UNSUCCESSFUL;int nIndex = 0;/ 设置新的键盘分发函数for (nIndex; nIndex MajorFunctionnIndex = OldKeyBoardDispath;DriverObject-DriverUnload = UnLoadDriver;Status = MajorFunctionHook(DriverObject);return Status;

展开阅读全文
相关资源
相关搜索

当前位置:首页 > 教育教学资料库 > 精品笔记

Copyright © 2018-2021 Wenke99.com All rights reserved

工信部备案号浙ICP备20026746号-2  

公安局备案号:浙公网安备33038302330469号

本站为C2C交文档易平台,即用户上传的文档直接卖给下载用户,本站只是网络服务中间平台,所有原创文档下载所得归上传人所有,若您发现上传作品侵犯了您的权利,请立刻联系网站客服并提供证据,平台将在3个工作日内予以改正。