<pre name="code" class="cpp">//GetIDT.h文件
#ifndef _WIN32_WINNT // Allow use of features specific to Windows XP or later.
#define _WIN32_WINNT 0x0501 // Change this to the appropriate value to target other versions of Windows.
#endif
#ifdef __cplusplus
extern "C"
{
#endif
#include <ntddk.h>
#include <ntddstor.h>
#include <mountdev.h>
#include <ntddvol.h>
#ifdef __cplusplus
}
#endif
//***************************************************************************************************************
//GetIDT.cpp文件
#include "GetIDT.h"
//#include <stdio.h>
//IDT表的最大项数为256
#define MAX_IDT_ENTRIES 0XFF
#define MAKELONG(a, b)
((unsigned long) (((unsigned short) (a)) | ((unsigned long) ((unsigned short) (b))) << 16))
//SIDT返回的数据格式
typedef struct
{
unsigned short IDTLimit; //IDT表项的个数
unsigned short LowIDTBase; //地址低16位
unsigned short HiIDTBase; //地址高16位
}IDTINFO, *PIDTINFO;
#pragma pack(1)
typedef struct
{
unsigned short LowOffset; //地址低16位
unsigned short Selector; //段选择字
unsigned char unused_lo; //保留
unsigned char segment_type:4; //中断门类型
unsigned char system_segment_flag:1; //为0是中断门
unsigned char DPL:2; //特权级
unsigned char P:1; //现在是否是使用中断
unsigned short HiOffset; //地址高16位
}IDTENTRY, *PIDTENTRY;
#pragma pack()
//卸载例程
void GetIDTUnload(IN PDRIVER_OBJECT DriverObject);
//创建和关闭例程
NTSTATUS GetIDTCreateClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp);
//默认处理例程
NTSTATUS GetIDTDefaultHandler(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp);
//获取IDT表的例程函数
NTSTATUS Fun_GetIDT();
#ifdef __cplusplus
//驱动入口函数
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath);
#endif
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
//设备名称
UNICODE_STRING DeviceName;
//设备连接符
UNICODE_STRING Win32Device;
//设备对象
PDEVICE_OBJECT DeviceObject = NULL;
NTSTATUS status;
unsigned i;
//DeviceName-设备对象名称
RtlInitUnicodeString(&DeviceName,L"\Device\GetIDT0");
//Win32Device-连接符
RtlInitUnicodeString(&Win32Device,L"\DosDevices\GetIDT0");
for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
{
//设置默认的处理例程函数
DriverObject->MajorFunction[i] = GetIDTDefaultHandler;
}
//设置创建处理例程函数
DriverObject->MajorFunction[IRP_MJ_CREATE] = GetIDTCreateClose;
//设置关闭处理例程函数
DriverObject->MajorFunction[IRP_MJ_CLOSE] = GetIDTCreateClose;
//设置卸载处理例程函数
DriverObject->DriverUnload = GetIDTUnload;
//创建设备对象
status = IoCreateDevice(DriverObject,
0,
&DeviceName,
FILE_DEVICE_UNKNOWN, //设备类型
0,
FALSE,
&DeviceObject);
if (!NT_SUCCESS(status))
return status;
if (!DeviceObject)
return STATUS_UNEXPECTED_IO_ERROR;
//设置缓冲区通信方式
DeviceObject->Flags |= DO_DIRECT_IO;
//设置字对齐
DeviceObject->AlignmentRequirement = FILE_WORD_ALIGNMENT;
//创建连接符
status = IoCreateSymbolicLink(&Win32Device, &DeviceName);
//设备初始化完成
DeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
//获取IDT表
Fun_GetIDT();
return STATUS_SUCCESS;
}
//获取IDT表的例程函数
NTSTATUS Fun_GetIDT()
{
IDTINFO idtInfo;
PIDTENTRY pIdtEntry;
//获取IDT表的基地址
__asm sidt idtInfo
pIdtEntry = (PIDTENTRY)MAKELONG(idtInfo.LowIDTBase, idtInfo.HiIDTBase);
for (unsigned long i = 0; i < MAX_IDT_ENTRIES; i++)
{
//char szBuffer[255];
PIDTENTRY pTmpIdtEntry = &pIdtEntry[i];
//获取IDT表的每项的地址
unsigned long lgAddr = MAKELONG(pTmpIdtEntry->LowOffset, pTmpIdtEntry->HiOffset);
//_snprintf(szBuffer, 253, "中断号:%d,地址:%08X
", i, lgAddr);
//显示
KdPrint(("中断号:%04d,地址:%08X
", i, lgAddr));
}
return STATUS_SUCCESS;
}
//卸载例程
void GetIDTUnload(IN PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING Win32Device;
RtlInitUnicodeString(&Win32Device,L"\DosDevices\GetIDT0");
IoDeleteSymbolicLink(&Win32Device);
IoDeleteDevice(DriverObject->DeviceObject);
}
//创建关闭例程
NTSTATUS GetIDTCreateClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
//默认处理例程
NTSTATUS GetIDTDefaultHandler(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
Irp->IoStatus.Status = STATUS_NOT_SUPPORTED;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return Irp->IoStatus.Status;
}