Driver-----


#include 
#include 
#include "PriorityBoosterCommon.h"

NTSTATUS BoosterCreateClose(PDEVICE_OBJECT DeviceObject, PIRP Irp);
NTSTATUS BoosterWrite(PDEVICE_OBJECT DeviceObject, PIRP Irp);
void BoosterUnload(PDRIVER_OBJECT DriverObject);


extern "C" NTSTATUS
DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)
{
        UNREFERENCED_PARAMETER(RegistryPath);
        KdPrint(("Boster: DriverEntry \n"));


        DriverObject->DriverUnload = BoosterUnload;

        DriverObject->MajorFunction[IRP_MJ_CREATE] = BoosterCreateClose;
        DriverObject->MajorFunction[IRP_MJ_CLOSE] = BoosterCreateClose;
        DriverObject->MajorFunction[IRP_MJ_WRITE] = BoosterWrite;


        UNICODE_STRING devName = RTL_CONSTANT_STRING(L"\\Device\\Booster");

        PDEVICE_OBJECT DeviceObject;
        NTSTATUS status = IoCreateDevice
        (
                DriverObject,                   // our driver object
                0,                                              // no need for extra bytes
                &devName,                           // the device name
                FILE_DEVICE_UNKNOWN,    // device type
                0,                                              // characteristics flags
                FALSE,                                  // not exclusive
                &DeviceObject                       // the resulting pointer
        );
        if (!NT_SUCCESS(status)) {
                KdPrint(("Failed to create device object (0x%08X)\n", status));
                return status;
        }

        UNICODE_STRING symLink = RTL_CONSTANT_STRING(L"\\??\\Booster");
        status = IoCreateSymbolicLink(&symLink, &devName);
        if (!NT_SUCCESS(status)) {
                KdPrint(("Failed to create symbolic link (0x%08X)\n", status));
                IoDeleteDevice(DeviceObject);                   // Very important!
                return status;
        }
        return STATUS_SUCCESS;
}

 
void BoosterUnload(PDRIVER_OBJECT DriverObject)
{
        KdPrint(("Boster: Driver unload\n"));

        UNICODE_STRING symLink = RTL_CONSTANT_STRING(L"\\??\\Booster");
        // delete symbolic link
        IoDeleteSymbolicLink(&symLink);

        // delete device object
        IoDeleteDevice(DriverObject->DeviceObject);
}


NTSTATUS BoosterCreateClose(PDEVICE_OBJECT DeviceObject, PIRP Irp)
{
        UNREFERENCED_PARAMETER(DeviceObject);

        Irp->IoStatus.Status = STATUS_SUCCESS;
        Irp->IoStatus.Information = 0;
        IoCompleteRequest(Irp, IO_NO_INCREMENT);
        return STATUS_SUCCESS;
}

NTSTATUS BoosterWrite(PDEVICE_OBJECT, PIRP Irp) {
        auto status = STATUS_SUCCESS;
        ULONG_PTR information = 0;


        auto irpSp = IoGetCurrentIrpStackLocation(Irp);
        do {
                if (irpSp->Parameters.Write.Length < sizeof(ThreadData)) {
                        status = STATUS_BUFFER_TOO_SMALL;
                        break;
                }

                auto data = static_cast(Irp->UserBuffer);
                if (data == nullptr || data->Priority < 1 || data->Priority > 31) {
                        status = STATUS_INVALID_PARAMETER;
                        break;
                }

                PETHREAD thread;
                status = PsLookupThreadByThreadId(ULongToHandle(data->ThreadId), &thread);
                if (!NT_SUCCESS(status))
                {
                        break;
                }
                auto oldPriority = KeSetPriorityThread(thread, data->Priority);
                KdPrint(("Priority change ofr thread %u from %d to %d succeeded!\n",
                        data->ThreadId, oldPriority, data->Priority));

                ObDereferenceObject(thread);
                information = sizeof(ThreadData);
        } while (false);

        Irp->IoStatus.Status = status;
        Irp->IoStatus.Information = information;

        IoCompleteRequest(Irp, IO_NO_INCREMENT);

        return status;

}






 

 

Eric 發表在 痞客邦 留言(0) 人氣()



// Beep.cpp : This file contains the 'main' function. Program execution begins and ends there.
//

#include 
#include 
#include 
#include 

#pragma comment(lib, "ntdll")

int main(int argc, const char* argv[]) {
        printf("beep [ ]\n");
        int freq = 800, duration = 1000;
        if (argc > 2) {
                freq = atoi(argv[1]);
                duration = atoi(argv[2]);
        }
        
        HANDLE hFile;
        OBJECT_ATTRIBUTES attr;
        UNICODE_STRING name;
        RtlInitUnicodeString(&name, DD_BEEP_DEVICE_NAME_U);
        InitializeObjectAttributes(&attr, &name, OBJ_CASE_INSENSITIVE, nullptr, nullptr);
        IO_STATUS_BLOCK ioStatus;
        auto status = ::NtOpenFile(&hFile, GENERIC_WRITE, &attr, &ioStatus, 0, 0);
        if (NT_SUCCESS(status)) {
                BEEP_SET_PARAMETERS params;
                params.Frequency = freq;
                params.Duration = duration;
                DWORD bytes;
                //
                // play the sound
                //
                printf("Playing freq: %u, duration: %u\n", freq, duration);
                ::DeviceIoControl(hFile, IOCTL_BEEP_SET, ¶ms, sizeof(params), nullptr, 0, &bytes, nullptr);

                //
                // the sound starts playing and the call returns immediately
                // Wait so that the app doesn't close
                //
                ::Sleep(duration);
                ::CloseHandle(hFile);
        }
        else {
                printf("Failed in NtOpenFile (status=0x%X)\n", status);
        }
        return 0;
}




Eric 發表在 痞客邦 留言(0) 人氣()

 

 

Eric 發表在 痞客邦 留言(0) 人氣()

 

image



// Analysis_CPU.cpp : This file contains the 'main' function. Program execution begins and ends there.
//

#include <iostream>
#include <vector>
#include <bitset>
#include <array>
#include <string>
#include <intrin.h>


/*
MSDN:
        https://docs.microsoft.com/en-us/cpp/intrinsics/cpuid-cpuidex?redirectedfrom=MSDN&view=msvc-160#Example
*/
using namespace std;

int main()
{
        int nIds_;
        arraycpui;
        std::vector> data_;
        data_.empty();
        std::string vendor_;

        bool isIntel_;
        bool isAMD_;

        // Calling __cpuid with 0x0 as the function_id argument
        // gets the number of the highest valid function ID.
        __cpuid(cpui.data(), 0);
        nIds_ = cpui[0];

        for (int i = 0; i <= nIds_; ++i)
        {
                __cpuidex(cpui.data(), i, 0);
                data_.push_back(cpui);
        }

        // Capture vendor string
        char vendor[0x20];
        int  nExIds;
        memset(vendor, 0, sizeof(vendor));
        *reinterpret_cast(vendor) = data_[0][1];
        *reinterpret_cast(vendor + 4) = data_[0][3];
        *reinterpret_cast(vendor + 8) = data_[0][2];
        vendor_ = vendor;
        if (vendor_ == "GenuineIntel")
        {
                isIntel_ = true;
        }
        else
        if (vendor_ == "AuthenticAMD") 
        {
                isAMD_ = true;
        }

        // Calling __cpuid with 0x80000000 as the function_id argument
        // gets the number of the highest valid extended ID.
        __cpuid(cpui.data(), 0x80000000);
        nExIds = cpui[0];
        char processor[0x40];
        std::vector> procData;
        procData.empty();
        memset(processor, 0, sizeof(processor));

        for (int i = 0x80000000; i <= nExIds; ++i)
        {
                __cpuidex(cpui.data(), i, 0);
                procData.push_back(cpui);
        }
        // Interpret CPU brand string if reported
        if (nExIds >= 0x80000004)
        {
                memcpy(processor, procData[2].data(), sizeof(cpui));
                memcpy(processor + 16, procData[3].data(), sizeof(cpui));
                memcpy(processor + 32, procData[4].data(), sizeof(cpui));
        }
        printf("Vendor: %s\n", vendor);
        printf("Processor: %s\n", processor);
}



}

Eric 發表在 痞客邦 留言(0) 人氣()

 

 

文章標籤

Eric 發表在 痞客邦 留言(0) 人氣()

這一整個月都在開始邊學寫Driver,除了每天BlueScreen之外,

還有更多的是只要一個細節沒處理好就葛屁的莫名其妙了,

Eric 發表在 痞客邦 留言(0) 人氣()

這兩天開始學習寫Windows driver,果不其然的發生很多環境變數下的問題,而原因是因為在Win10環境下開發Windows Driver會需要依賴WDK,而微軟在WDK7600以後就不再提供獨立的Kernl開發包了,而是必須先安裝Visual Studio。

好的,上面那段廢話的意思就是總而言之就是你要安裝Visual Studio不然不給開發。

文章標籤

Eric 發表在 痞客邦 留言(0) 人氣()

這邊文章的重點只有三個,
第一是取得IP、第二是取得MAC、第三是解決symbol inet_ntop referenced in function的問題。

文章標籤

Eric 發表在 痞客邦 留言(0) 人氣()

Cannot convert argument 1 from 'const wchar_t [16]' to 'LPTSTR'

 

 

文章標籤

Eric 發表在 痞客邦 留言(0) 人氣()

 

 

文章標籤

Eric 發表在 痞客邦 留言(0) 人氣()

Close

您尚未登入,將以訪客身份留言。亦可以上方服務帳號登入留言

請輸入暱稱 ( 最多顯示 6 個中文字元 )

請輸入標題 ( 最多顯示 9 個中文字元 )

請輸入內容 ( 最多 140 個中文字元 )

reload

請輸入左方認證碼:

看不懂,換張圖

請輸入驗證碼