注意:1.缓冲区一定要有大小!!!

· 2.遇到函数返回值为NTSTATUS类型的函数执行错误时,可以 查询对应的返回值对应得错误情况

  1. #include <ntddk.h>
  3. VOID UnloadDriver(PDRIVER_OBJECT pDriver)
  4. {
  5.     DbgPrint("卸载成功\n");
  6. }
  8. NTSTATUS DriverEntry(PDRIVER_OBJECT pDriver, PUNICODE_STRING pRegPath)
  9. {
  10.     UNICODE_STRING file_name = RTL_CONSTANT_STRING(L"\\??\\d:\\test.txt");
  11.     NTSTATUS status = NULL;
  12.     IO_STATUS_BLOCK block;
  13.     OBJECT_ATTRIBUTES file;
  14.     HANDLE file_handle = NULL;
  15.     PWCHAR pWch = ExAllocatePool(NonPagedPool, sizeof(WCHAR)* 10);
  16.     LARGE_INTEGER offset = {0};
  17.     InitializeObjectAttributes(
  18.         &file,
  19.         &file_name,
  20.         OBJ_CASE_INSENSITIVE |OBJ_KERNEL_HANDLE,
  21.         NULL,
  22.         NULL);
  24.     status = ZwCreateFile(&file_handle,
  25.         GENERIC_READ | GENERIC_WRITE,
  26.         &file,
  27.         &block,
  28.         NULL,
  29.         FILE_ATTRIBUTE_NORMAL,
  30.         FILE_SHARE_READ | FILE_SHARE_WRITE,
  31.         FILE_OPEN_IF,
  32.         FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE | FILE_RANDOM_ACCESS,
  33.         NULL,
  34.         0);
  36.     if (!NT_SUCCESS(status))
  37.     {
  38.         DbgPrint("打开文件失败");
  39.         return STATUS_SUCCESS;
  40.     }
  41.     status = ZwReadFile(file_handle,
  42.         NULL,
  43.         NULL,
  44.         NULL,
  45.         &block,
  46.         pWch,
  47.         sizeof(WCHAR)* 10,
  48.         &offset,
  49.         NULL
  50.         );
  51.     if (!NT_SUCCESS(status))
  52.     {
  53.         DbgPrint("读取文件失败\n");
  54.         return STATUS_SUCCESS;
  55.     }
  56.     DbgPrint("%s", pWch);
  57.     ZwClose(file_handle);
  58.     DbgPrint("驱动加载成功\n");
  59.     pDriver->DriverUnload = UnloadDriver;
  60. }