我不知道错误。在VM中。不调试信息 应该有鼠标输出 不知道为什么,我在虚拟机上运行, enter image description here
代码形式视频:Windows驱动程序开发教程9-鼠标过滤器驱动程序 https://www.youtube.com/watch?v=PppMoZvW6L4&list=PLZ4EgN7ZCzJyUT-FmgHsW4e9BxfP-VMuo&index=9
#include <ntddk.h>
typedef struct{
PDEVICE_OBJECT LowerKbdDevice;
}DEVICE_EXTENSION, *PDEVICE_EXTENSION;
// 提供一个Unload函数只是为了
typedef struct _MOUSE_INPUT_DATA {
USHORT UnitId;
USHORT Flags;
union {
ULONG Buttons;
struct {
USHORT ButtonFlags;
USHORT ButtonData;
};
};
ULONG RawButtons;
LONG LastX;
LONG LastY;
ULONG ExtraInformation;
} MOUSE_INPUT_DATA, *PMOUSE_INPUT_DATA;
PDEVICE_OBJECT myKbdDevice = NULL;
ULONG pendingkey = 0;
NTSTATUS MyAttachDevice(PDRIVER_OBJECT DriverObject){
NTSTATUS status;
UNICODE_STRING TargetDevice = RTL_CONSTANT_STRING(L"\\Device\\PointerClass0");//
status = IoCreateDevice(DriverObject, sizeof(DEVICE_EXTENSION), NULL, FILE_DEVICE_MOUSE, 0, FALSE, &myKbdDevice);
if (!NT_SUCCESS(status)){
return status;
}
myKbdDevice->Flags |= DO_BUFFERED_IO;
myKbdDevice->Flags &= ~DO_DEVICE_INITIALIZING;
RtlZeroMemory(myKbdDevice->DeviceExtension, sizeof(DEVICE_EXTENSION));
status = IoAttachDevice(myKbdDevice, &TargetDevice, &((PDEVICE_EXTENSION)myKbdDevice->DeviceExtension)->LowerKbdDevice);
if (!NT_SUCCESS(status)){
IoDeleteDevice(myKbdDevice);
return status;
}
return STATUS_SUCCESS;
}
VOID DriverUnload(PDRIVER_OBJECT DriverObject)
{
// 但是实际上我们什么都不做,只打印一句话:
LARGE_INTEGER interval = { 0 };
PDEVICE_OBJECT DeviceObject = DriverObject->DeviceObject;
interval.QuadPart = -10 * 1000 * 1000;
IoDetachDevice(((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->LowerKbdDevice);
while (pendingkey){
KeDelayExecutionThread(KernelMode, FALSE, &interval);
}
IoDeleteDevice(myKbdDevice);
DbgPrint("goodbye");//按一下就拆卸了,
}
NTSTATUS DispatchPass(PDEVICE_OBJECT DeviceObject, PIRP Irp){
IoCopyCurrentIrpStackLocationToNext(Irp);
return IoCallDriver(((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->LowerKbdDevice, Irp);
//return STATUS_SUCCESS;
}
NTSTATUS ReadComplete(PDEVICE_OBJECT DeviceObject, PIRP Irp, PVOID Context){
CHAR* keyflag[4] = { "KeyDown", "KeyUp", "E0", "E1" };
PMOUSE_INPUT_DATA Keys = (PMOUSE_INPUT_DATA)Irp->AssociatedIrp.SystemBuffer;
int structnum = Irp->IoStatus.Information / sizeof(MOUSE_INPUT_DATA);
int i;
if (Irp->IoStatus.Status == STATUS_SUCCESS){
for (i = 0; i < structnum; i++){
KdPrint(("Code: %x ", Keys->ButtonFlags));
}
}
if (Irp->PendingReturned){
IoMarkIrpPending(Irp);
}
pendingkey--;
return Irp->IoStatus.Status;
}
NTSTATUS DispatchRead(PDEVICE_OBJECT DeviceObject, PIRP Irp){
IoCopyCurrentIrpStackLocationToNext(Irp);
IoSetCompletionRoutine(Irp, ReadComplete, NULL, TRUE, TRUE, TRUE);
pendingkey++;
return IoCallDriver(((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->LowerKbdDevice, Irp);
//return STATUS_SUCCESS;
}
// DriverEntry,入口函数。相当于main。
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
{
NTSTATUS status;
int i;
DbgPrint("first: Hello, my salary!");
// 设置一个卸载函数便于这个函数能退出。
DriverObject->DriverUnload = DriverUnload;
for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++){
DriverObject->MajorFunction[i] = DispatchPass;
}
DriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead;
status = MyAttachDevice(DriverObject);
if (!NT_SUCCESS(status)){
KdPrint(("失败了"));
}
else{
KdPrint(("成功了"));
}
return STATUS_SUCCESS;
}
里面有四个选项 指针类0 指针类1 PointerClass2 PointerClass3
PointerClass2 使用蓝屏的PointerClass3