NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { NTSTATUS ntStatus; UNICODE_STRING uszDriverString; UNICODE_STRING uszDeviceString; UNICODE_STRING uszEventString; PDEVICE_OBJECT pDeviceObject; PDEVICE_EXTENSION extension; // 初始化设备对象名 RtlInitUnicodeString(&uszDriverString, L"\\Device\\ITSys"); // 创建并初始化对象 ntStatus = IoCreateDevice( DriverObject, sizeof(DEVICE_EXTENSION), &uszDriverString, FILE_DEVICE_UNKNOWN, 0, FALSE, &pDeviceObject ); if(ntStatus != STATUS_SUCCESS) return ntStatus; extension = pDeviceObject->DeviceExtension; RtlInitUnicodeString(&uszDeviceString, L"\\DosDevices\\ITSys"); // 创建用户可见连接名称 ntStatus = IoCreateSymbolicLink(&uszDeviceString, &uszDriverString); if(ntStatus != STATUS_SUCCESS) { // 创建失败,删除对象并返回错误值 IoDeleteDevice(pDeviceObject); return ntStatus; } // 赋值全局设备对象指针 // Assign global pointer to the device object for use by the callback functions g_pDeviceObject = pDeviceObject; // 设置所有可用的DeviceIoControl的处理IRP的函数 DriverObject->DriverUnload = UnloadDriver; DriverObject->MajorFunction[IRP_MJ_CREATE] = DispatchCreate; DriverObject->MajorFunction[IRP_MJ_CLOSE] = DispatchClose; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoCtrl; #if DBG KdPrint(("RegistryPath : %ws\n",RegistryPath->Buffer)); #endif //SDT挂接 StartHook(); return ntStatus; }
/* * Start the plugin. Calls start_hook() which can be over-ridden by the * derrived classes. * @returns true if started sucessfully, false otherwise. */ bool Plugin::Start() { string enabled; if (m_enabled) return false; // setup prefs if (!LoadPreferences()) return false; if (!StartHook()) { return false; } m_enabled = true; return true; }