NTSTATUS DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NTSTATUS ntStatus;
UNICODE_STRING uszDriverString;
UNICODE_STRING uszDeviceString;
UNICODE_STRING uszEventString;
PDEVICE_OBJECT pDeviceObject;
PDEVICE_EXTENSION extension;
// 初始化设备对象名
RtlInitUnicodeString(&uszDriverString, L"\\Device\\ITSys");
// 创建并初始化对象
ntStatus = IoCreateDevice(
DriverObject,
sizeof(DEVICE_EXTENSION),
&uszDriverString,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&pDeviceObject
);
if(ntStatus != STATUS_SUCCESS)
return ntStatus;
extension = pDeviceObject->DeviceExtension;
RtlInitUnicodeString(&uszDeviceString, L"\\DosDevices\\ITSys");
// 创建用户可见连接名称
ntStatus = IoCreateSymbolicLink(&uszDeviceString, &uszDriverString);
if(ntStatus != STATUS_SUCCESS)
{
// 创建失败,删除对象并返回错误值
IoDeleteDevice(pDeviceObject);
return ntStatus;
}
// 赋值全局设备对象指针
// Assign global pointer to the device object for use by the callback functions
g_pDeviceObject = pDeviceObject;
// 设置所有可用的DeviceIoControl的处理IRP的函数
DriverObject->DriverUnload = UnloadDriver;
DriverObject->MajorFunction[IRP_MJ_CREATE] = DispatchCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DispatchClose;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoCtrl;
#if DBG
KdPrint(("RegistryPath : %ws\n",RegistryPath->Buffer));
#endif
//SDT挂接
StartHook();
return ntStatus;
}
/*
* Start the plugin. Calls start_hook() which can be over-ridden by the
* derrived classes.
* @returns true if started sucessfully, false otherwise.
*/
bool Plugin::Start() {
string enabled;
if (m_enabled)
return false;
// setup prefs
if (!LoadPreferences())
return false;
if (!StartHook()) {
return false;
}
m_enabled = true;
return true;
}
