如何“安装”自定义 Windows 驱动程序?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7828663/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I "install" a custom-windows driver?
提问by user997112
I am planning to write a basic windows registry filter in C. The purpose of the filter is to hook all (user and kernel privileged) registry calls so that I can use them in my program. I am basically copying regmon/process monitor by Mark Rusinovich but more basic.
我打算用 C 编写一个基本的 Windows 注册表过滤器。过滤器的目的是挂钩所有(用户和内核特权)注册表调用,以便我可以在我的程序中使用它们。我基本上是在复制 Mark Rusinovich 的 regmon/process monitor,但更基本。
My question is, once the filter is written in C, how do you get the system to implement the custom behaviour and to not implement the original intended behaviour of the registry calls?
我的问题是,一旦过滤器是用 C 编写的,你如何让系统实现自定义行为而不实现注册表调用的原始预期行为?
I am using windows 7
我正在使用 Windows 7
EDIT: I am trying to do this as part of a hobby c++ project which can hook all registry calls.
编辑:我正在尝试将此作为业余 c++ 项目的一部分,该项目可以挂钩所有注册表调用。
回答by Alexey Frunze
There are special functions for that. See CmRegisterCallback(), CmRegisterCallbackEx()and Filtering Registry Callson MSDN.
有特殊的功能。请参阅MSDN 上的 CmRegisterCallback()、CmRegisterCallbackEx()和过滤注册表调用。
As for just installing a kernel mode driver, you may use the Service Controller (sc.exe). Use sc create [service name] binPath= [path to your .sys file] type= kernelto create a kernel-mode service and sc start [service name]to start it. Don't forget to sc stopand sc deleteit before making changes to the driver.
至于只是安装内核模式驱动程序,您可以使用服务控制器(sc.exe)。使用sc create [service name] binPath= [path to your .sys file] type= kernel创建内核模式服务,并sc start [service name]启动它。在更改驱动程序之前不要忘记sc stop和sc delete它。
回答by LordDoskias
Basically drivers are considered as Services as such you can utilize the Service COntrol managerUsing the aforementioned APIs what you basically achieve is the appropriate entries in the registry under the Services key. For a sample of how to achieve this check thisarticle, scroll to the bottom to the section named "Dynamically Loading and Unloading the Driver". Furthermore if you want to achieve easy debugging/development and are using VS2k10 I'd suggest you use the free VisualDDKI believe this should be enough to get you going.
基本上驱动程序被视为服务,因此您可以利用服务控制管理器使用上述 API,您基本上实现的是注册表中服务项下的适当条目。对于如何实现这一检查的样本此文章,滚动至底部,名为“动态加载和卸载驱动程序”一节。此外,如果您想实现轻松的调试/开发并使用 VS2k10,我建议您使用免费的VisualDDK,我相信这足以让您继续前进。
