效果
    image.png

    1. #include <ntddk.h>
    5. PDEVICE_OBJECT myKeyBoard;
    7. typedef struct {
    8.     PDEVICE_OBJECT LowKbdDevice;
    9. }DEVICE_EXTION,*PDEVICE_EXTENTION;
    11. typedef struct _KEYBOARD_INPUT_DATA {
    12.     USHORT UnitId;
    13.     USHORT MakeCode;
    14.     USHORT Flags;
    15.     USHORT Reserved;
    16.     ULONG  ExtraInformation;
    17. } KEYBOARD_INPUT_DATA, * PKEYBOARD_INPUT_DATA;
    20. int pendingkey = 0;
    22. VOID Unload(PDRIVER_OBJECT DriverObject) {
    24.     LARGE_INTEGER interval = { 0 };
    25.     PDEVICE_OBJECT DeviceObject = DriverObject->DeviceObject;
    26.     interval.QuadPart = -10 * 1000 * 1000;
    27.     IoDetachDevice(((PDEVICE_EXTENTION)DeviceObject->DeviceExtension)->LowKbdDevice);
    28.     if (pendingkey)
    29.     {
    30.         KeDelayExecutionThread(KernelMode,FALSE,&interval);
    31.     }
    32.     IoDeleteDevice(myKeyBoard);
    33.     KdPrint(("driver unloaded\r\n"));
    35. }
    36. NTSTATUS MyattachDevice(PDRIVER_OBJECT DriverObject) {
    38.     NTSTATUS status;
    39.     UNICODE_STRING TargatDevice = RTL_CONSTANT_STRING(L"\\Device\\KeyboardClass0");
    40.     status = IoCreateDevice(DriverObject,sizeof(DEVICE_EXTION),NULL,FILE_DEVICE_KEYBOARD,0,FALSE,&myKeyBoard);
    41.     if (!NT_SUCCESS(status))
    42.     {
    43.         return status;
    45.     }
    46.     myKeyBoard->Flags |= DO_BUFFERED_IO;
    47.     myKeyBoard->Flags &= ~DO_DEVICE_INITIALIZING;
    49.     RtlZeroMemory(myKeyBoard->DeviceExtension,sizeof(DEVICE_EXTION));
    50.     status = IoAttachDevice(myKeyBoard,&TargatDevice,&((PDEVICE_EXTENTION)myKeyBoard->DeviceExtension)->LowKbdDevice);
    51.     if (!NT_SUCCESS(status))
    52.     {
    53.         IoDeleteDevice(myKeyBoard);
    54.         return status;
    55.     }
    56.     return status;
    58. }
    59. NTSTATUS ReadComplete(PDEVICE_OBJECT DeviceObject,PIRP Irp,PVOID Context){
    61.     CHAR* KeyFlag[4] = {"keydown","keyup","e0","e1"};
    64.     PKEYBOARD_INPUT_DATA Keys = (PKEYBOARD_INPUT_DATA)Irp->AssociatedIrp.SystemBuffer;
    65.     int structnum = Irp->IoStatus.Information / sizeof(KEYBOARD_INPUT_DATA);
    67.     if (Irp->IoStatus.Status == STATUS_SUCCESS)
    68.     {
    69.         for (int i = 0; i < structnum; i++)
    70.         {
    71.             KdPrint(("the scan code is %x (%s)\n", Keys->MakeCode, KeyFlag[Keys->Flags]));
    74.         }
    76.     }
    77.     if (Irp->PendingReturned)
    78.     {
    79.         IoMarkIrpPending(Irp);
    80.     }
    81.     pendingkey--;
    82.     return Irp->IoStatus.Status;
    85. }
    88. NTSTATUS DispatchRead(IN PDEVICE_OBJECT DeviceObject,PIRP Irp) {
    91.     IoCopyCurrentIrpStackLocationToNext(Irp);
    92.     IoSetCompletionRoutine(Irp, ReadComplete, NULL, TRUE, TRUE, TRUE);
    94.     return IoCallDriver(((PDEVICE_EXTENTION)DeviceObject->DeviceExtension)->LowKbdDevice, Irp);
    96. }
    98. NTSTATUS DispatchPass(IN PDEVICE_OBJECT DeviceObject, PIRP Irp) {
    100.     IoCopyCurrentIrpStackLocationToNext(Irp);
    101.     pendingkey++;
    102.     return IoCallDriver(((PDEVICE_EXTENTION)DeviceObject->DeviceExtension)->LowKbdDevice,Irp);
    105. }
    109. NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING RegisteryPath) {
    111.     NTSTATUS status;
    112.     DriverObject->DriverUnload = Unload;
    113.     int i;
    114.     for (int i = 0; i <=IRP_MJ_MAXIMUM_FUNCTION; i++)
    115.     {
    116.         DriverObject->MajorFunction[i] = DispatchPass;
    119.     }
    120.     DriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead;
    121.     KdPrint(("driver loaded\r\n"));
    122.     status =  MyattachDevice(DriverObject);
    123.     if (!NT_SUCCESS(status))
    124.     {
    125.         KdPrint(("attach device fault\r\n"));
    126.     }else {
    128.         KdPrint(("attach device success\r\n"));
    130.     }
    134.     return STATUS_SUCCESS;
    135. }