要去看埃菲尔铁塔的顶
欢迎关注本人微博:t.cn/RGSLVUk
加载驱动 (相关参数 驱动名称,驱动路径)
OpenSCManager 打开服务管理器,
然后:
CreateService 创建一个服务 ,若存在则尝试OpenService
StartService 启动服务
卸载驱动 (相关参数 驱动名称,驱动路径)
OpenSCManager 打开服务管理器,
1. OpenService 获得服务句柄
2.ControlService 发送控制信息
3. DeleteService 删除服务(驱动)
#include "windows.h"
#include "stdio.h"
BOOL LoadNTDriver(char* DriverName, char* path)
{
BOOL bRet = false;
SC_HANDLE hManager = NULL; // SCM管理 句柄
SC_HANDLE hService = NULL; // NT驱动服务句柄
//打开服务控制管理器SCM
hManager = OpenSCManager(NULL, NULL , SC_MANAGER_ALL_ACCESS);
if(hManager == NULL)
{
printf("[-]OpenSCManager failure...\n");
CloseServiceHandle(hManager);
return bRet;
}
else
{
printf("[+]OpenSCManager success...\n");
}
//创建服务
hService = CreateService(
hManager,
DriverName,
DriverName,
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_IGNORE,
path,
NULL,NULL,NULL,NULL,NULL
);
DWORD dwRtn;
// 判断是否创建成功,若失败则判断是否已经存在,若存在,则打开
if(hService == NULL)
{
dwRtn = GetLastError();
if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_EXISTS)
{
//由于其他原因创建失败
printf("[-]CreateService failure... (Unknow)\n");
bRet = false;
CloseServiceHandle(hManager);
CloseServiceHandle(hService);
return bRet;
}
else
{
printf("[-]CreateService failure...(exists) \n");
}
//打开服务
hService = OpenService(hManager , DriverName,SERVICE_ALL_ACCESS);
if( !hService)
{
//打开失败
printf("[-]OpenService failure... \n");
bRet = false;
CloseServiceHandle(hManager);
CloseServiceHandle(hService);
return bRet;
}
else
{
printf("[+]OpenService success... \n");
}
}
else
{
printf("[+]CreateService success\n");
}
//开启服务
bRet = StartService(hService, NULL ,NULL);
if ( !bRet)
{
dwRtn = GetLastError();
if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_ALREADY_RUNNING)
{
printf("[-]StartService failure(unKnow)\n");
bRet = false;
CloseServiceHandle(hManager);
CloseServiceHandle(hService);
return bRet;
}
else
{
if( dwRtn == ERROR_IO_PENDING)
{
printf("[-]StartService failure..(suspend)\n");
bRet = false;
CloseServiceHandle(hManager);
CloseServiceHandle(hService);
return bRet;
}
else
{
printf("[+]StartService success....\n");
bRet = true;
CloseServiceHandle(hManager);
CloseServiceHandle(hService);
return bRet;
}
}
}
printf("[+]StartService success....\n");
bRet = true;
CloseServiceHandle(hManager);
CloseServiceHandle(hService);
return bRet;
}
BOOL UnloadNTDriver(char * DriverName , char* path)
{
BOOL bRet = false;
SC_HANDLE hManager = NULL;
SC_HANDLE hService = NULL;
SERVICE_STATUS SvrSta;
//打开服务管理器
hManager = OpenSCManager(NULL, NULL , SC_MANAGER_ALL_ACCESS);
if( hManager == NULL)
{
printf("[-]OpenSCManager faliure...\n");
bRet = false;
CloseServiceHandle(hManager);
return bRet;
}
else
{
printf("[+]OpenSCManager success...\n");
}
//打开服务
hService = OpenService(hManager, DriverName, SERVICE_ALL_ACCESS);
if( hService == NULL)
{
printf("[-]OpenService faliure...\n");
bRet = false;
CloseServiceHandle( hManager );
CloseServiceHandle( hService );
return bRet;
}
else
{
printf("[+]OpenService success...\n");
}
if( !ControlService(hService, SERVICE_CONTROL_STOP , &SvrSta))
{
printf("[-]ControlService faliure ....\n");
}
else
{
printf("[+]ControlService success ....\n");
}
if( ! DeleteService ( hService))
{
printf("[-]DeleteService faliure ....\n");
}
else
{
printf("[+]DeleteService success ....\n");
}
bRet = true;
CloseServiceHandle( hManager );
CloseServiceHandle( hService );
return bRet;
}
int _tmain(int argc, _TCHAR* argv[])
{
printf("SCM驱动加载程序\n");
if(argc != 4)
{
printf("Usage:\n \t[1]DriverName \n\t[2]Path \n\t[3](L)oad,(U)nload\n");
return 0;
}
else
{
if( argv[3][0] == 'L' || argv[3][0] == 'l')
{
if(LoadNTDriver(argv[1],argv[2]))
{
printf("LoadNTDriver Success!!\n");
}
else
{
printf("LoadNTDriver failure!!\n");
}
}
else if( argv[3][0] == 'U' || argv[3][0] == 'u')
{
if(UnloadNTDriver(argv[1],argv[2]))
{
printf("UnloadNTDriver Success!!\n");
}
else
{
printf("UnloadNTDriver failure!!\n");
}
}
}
return 0;
}