2. it技术
  3. 2.驱动的执行和调试

2.驱动的执行和调试

it2023-05-03  100

0x2 驱动的执行和调试

1.驱动的开发流程:

#mermaid-svg-9um3ksAtqiX9dPmu .label{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);fill:#333;color:#333}#mermaid-svg-9um3ksAtqiX9dPmu .label text{fill:#333}#mermaid-svg-9um3ksAtqiX9dPmu .node rect,#mermaid-svg-9um3ksAtqiX9dPmu .node circle,#mermaid-svg-9um3ksAtqiX9dPmu .node ellipse,#mermaid-svg-9um3ksAtqiX9dPmu .node polygon,#mermaid-svg-9um3ksAtqiX9dPmu .node path{fill:#ECECFF;stroke:#9370db;stroke-width:1px}#mermaid-svg-9um3ksAtqiX9dPmu .node .label{text-align:center;fill:#333}#mermaid-svg-9um3ksAtqiX9dPmu .node.clickable{cursor:pointer}#mermaid-svg-9um3ksAtqiX9dPmu .arrowheadPath{fill:#333}#mermaid-svg-9um3ksAtqiX9dPmu .edgePath .path{stroke:#333;stroke-width:1.5px}#mermaid-svg-9um3ksAtqiX9dPmu .flowchart-link{stroke:#333;fill:none}#mermaid-svg-9um3ksAtqiX9dPmu .edgeLabel{background-color:#e8e8e8;text-align:center}#mermaid-svg-9um3ksAtqiX9dPmu .edgeLabel rect{opacity:0.9}#mermaid-svg-9um3ksAtqiX9dPmu .edgeLabel span{color:#333}#mermaid-svg-9um3ksAtqiX9dPmu .cluster rect{fill:#ffffde;stroke:#aa3;stroke-width:1px}#mermaid-svg-9um3ksAtqiX9dPmu .cluster text{fill:#333}#mermaid-svg-9um3ksAtqiX9dPmu div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);font-size:12px;background:#ffffde;border:1px solid #aa3;border-radius:2px;pointer-events:none;z-index:100}#mermaid-svg-9um3ksAtqiX9dPmu .actor{stroke:#ccf;fill:#ECECFF}#mermaid-svg-9um3ksAtqiX9dPmu text.actor>tspan{fill:#000;stroke:none}#mermaid-svg-9um3ksAtqiX9dPmu .actor-line{stroke:grey}#mermaid-svg-9um3ksAtqiX9dPmu .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333}#mermaid-svg-9um3ksAtqiX9dPmu .messageLine1{stroke-width:1.5;stroke-dasharray:2, 2;stroke:#333}#mermaid-svg-9um3ksAtqiX9dPmu #arrowhead path{fill:#333;stroke:#333}#mermaid-svg-9um3ksAtqiX9dPmu .sequenceNumber{fill:#fff}#mermaid-svg-9um3ksAtqiX9dPmu #sequencenumber{fill:#333}#mermaid-svg-9um3ksAtqiX9dPmu #crosshead path{fill:#333;stroke:#333}#mermaid-svg-9um3ksAtqiX9dPmu .messageText{fill:#333;stroke:#333}#mermaid-svg-9um3ksAtqiX9dPmu .labelBox{stroke:#ccf;fill:#ECECFF}#mermaid-svg-9um3ksAtqiX9dPmu .labelText,#mermaid-svg-9um3ksAtqiX9dPmu .labelText>tspan{fill:#000;stroke:none}#mermaid-svg-9um3ksAtqiX9dPmu .loopText,#mermaid-svg-9um3ksAtqiX9dPmu .loopText>tspan{fill:#000;stroke:none}#mermaid-svg-9um3ksAtqiX9dPmu .loopLine{stroke-width:2px;stroke-dasharray:2, 2;stroke:#ccf;fill:#ccf}#mermaid-svg-9um3ksAtqiX9dPmu .note{stroke:#aa3;fill:#fff5ad}#mermaid-svg-9um3ksAtqiX9dPmu .noteText,#mermaid-svg-9um3ksAtqiX9dPmu .noteText>tspan{fill:#000;stroke:none}#mermaid-svg-9um3ksAtqiX9dPmu .activation0{fill:#f4f4f4;stroke:#666}#mermaid-svg-9um3ksAtqiX9dPmu .activation1{fill:#f4f4f4;stroke:#666}#mermaid-svg-9um3ksAtqiX9dPmu .activation2{fill:#f4f4f4;stroke:#666}#mermaid-svg-9um3ksAtqiX9dPmu .mermaid-main-font{font-family:"trebuchet ms", verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-9um3ksAtqiX9dPmu .section{stroke:none;opacity:0.2}#mermaid-svg-9um3ksAtqiX9dPmu .section0{fill:rgba(102,102,255,0.49)}#mermaid-svg-9um3ksAtqiX9dPmu .section2{fill:#fff400}#mermaid-svg-9um3ksAtqiX9dPmu .section1,#mermaid-svg-9um3ksAtqiX9dPmu .section3{fill:#fff;opacity:0.2}#mermaid-svg-9um3ksAtqiX9dPmu .sectionTitle0{fill:#333}#mermaid-svg-9um3ksAtqiX9dPmu .sectionTitle1{fill:#333}#mermaid-svg-9um3ksAtqiX9dPmu .sectionTitle2{fill:#333}#mermaid-svg-9um3ksAtqiX9dPmu .sectionTitle3{fill:#333}#mermaid-svg-9um3ksAtqiX9dPmu .sectionTitle{text-anchor:start;font-size:11px;text-height:14px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-9um3ksAtqiX9dPmu .grid .tick{stroke:#d3d3d3;opacity:0.8;shape-rendering:crispEdges}#mermaid-svg-9um3ksAtqiX9dPmu .grid .tick text{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-9um3ksAtqiX9dPmu .grid path{stroke-width:0}#mermaid-svg-9um3ksAtqiX9dPmu .today{fill:none;stroke:red;stroke-width:2px}#mermaid-svg-9um3ksAtqiX9dPmu .task{stroke-width:2}#mermaid-svg-9um3ksAtqiX9dPmu .taskText{text-anchor:middle;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-9um3ksAtqiX9dPmu .taskText:not([font-size]){font-size:11px}#mermaid-svg-9um3ksAtqiX9dPmu .taskTextOutsideRight{fill:#000;text-anchor:start;font-size:11px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-9um3ksAtqiX9dPmu .taskTextOutsideLeft{fill:#000;text-anchor:end;font-size:11px}#mermaid-svg-9um3ksAtqiX9dPmu .task.clickable{cursor:pointer}#mermaid-svg-9um3ksAtqiX9dPmu .taskText.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-9um3ksAtqiX9dPmu .taskTextOutsideLeft.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-9um3ksAtqiX9dPmu .taskTextOutsideRight.clickable{cursor:pointer;fill:#003163 !important;font-weight:bold}#mermaid-svg-9um3ksAtqiX9dPmu .taskText0,#mermaid-svg-9um3ksAtqiX9dPmu .taskText1,#mermaid-svg-9um3ksAtqiX9dPmu .taskText2,#mermaid-svg-9um3ksAtqiX9dPmu .taskText3{fill:#fff}#mermaid-svg-9um3ksAtqiX9dPmu .task0,#mermaid-svg-9um3ksAtqiX9dPmu .task1,#mermaid-svg-9um3ksAtqiX9dPmu .task2,#mermaid-svg-9um3ksAtqiX9dPmu .task3{fill:#8a90dd;stroke:#534fbc}#mermaid-svg-9um3ksAtqiX9dPmu .taskTextOutside0,#mermaid-svg-9um3ksAtqiX9dPmu .taskTextOutside2{fill:#000}#mermaid-svg-9um3ksAtqiX9dPmu .taskTextOutside1,#mermaid-svg-9um3ksAtqiX9dPmu .taskTextOutside3{fill:#000}#mermaid-svg-9um3ksAtqiX9dPmu .active0,#mermaid-svg-9um3ksAtqiX9dPmu .active1,#mermaid-svg-9um3ksAtqiX9dPmu .active2,#mermaid-svg-9um3ksAtqiX9dPmu .active3{fill:#bfc7ff;stroke:#534fbc}#mermaid-svg-9um3ksAtqiX9dPmu .activeText0,#mermaid-svg-9um3ksAtqiX9dPmu .activeText1,#mermaid-svg-9um3ksAtqiX9dPmu .activeText2,#mermaid-svg-9um3ksAtqiX9dPmu .activeText3{fill:#000 !important}#mermaid-svg-9um3ksAtqiX9dPmu .done0,#mermaid-svg-9um3ksAtqiX9dPmu .done1,#mermaid-svg-9um3ksAtqiX9dPmu .done2,#mermaid-svg-9um3ksAtqiX9dPmu .done3{stroke:grey;fill:#d3d3d3;stroke-width:2}#mermaid-svg-9um3ksAtqiX9dPmu .doneText0,#mermaid-svg-9um3ksAtqiX9dPmu .doneText1,#mermaid-svg-9um3ksAtqiX9dPmu .doneText2,#mermaid-svg-9um3ksAtqiX9dPmu .doneText3{fill:#000 !important}#mermaid-svg-9um3ksAtqiX9dPmu .crit0,#mermaid-svg-9um3ksAtqiX9dPmu .crit1,#mermaid-svg-9um3ksAtqiX9dPmu .crit2,#mermaid-svg-9um3ksAtqiX9dPmu .crit3{stroke:#f88;fill:red;stroke-width:2}#mermaid-svg-9um3ksAtqiX9dPmu .activeCrit0,#mermaid-svg-9um3ksAtqiX9dPmu .activeCrit1,#mermaid-svg-9um3ksAtqiX9dPmu .activeCrit2,#mermaid-svg-9um3ksAtqiX9dPmu .activeCrit3{stroke:#f88;fill:#bfc7ff;stroke-width:2}#mermaid-svg-9um3ksAtqiX9dPmu .doneCrit0,#mermaid-svg-9um3ksAtqiX9dPmu .doneCrit1,#mermaid-svg-9um3ksAtqiX9dPmu .doneCrit2,#mermaid-svg-9um3ksAtqiX9dPmu .doneCrit3{stroke:#f88;fill:#d3d3d3;stroke-width:2;cursor:pointer;shape-rendering:crispEdges}#mermaid-svg-9um3ksAtqiX9dPmu .milestone{transform:rotate(45deg) scale(0.8, 0.8)}#mermaid-svg-9um3ksAtqiX9dPmu .milestoneText{font-style:italic}#mermaid-svg-9um3ksAtqiX9dPmu .doneCritText0,#mermaid-svg-9um3ksAtqiX9dPmu .doneCritText1,#mermaid-svg-9um3ksAtqiX9dPmu .doneCritText2,#mermaid-svg-9um3ksAtqiX9dPmu .doneCritText3{fill:#000 !important}#mermaid-svg-9um3ksAtqiX9dPmu .activeCritText0,#mermaid-svg-9um3ksAtqiX9dPmu .activeCritText1,#mermaid-svg-9um3ksAtqiX9dPmu .activeCritText2,#mermaid-svg-9um3ksAtqiX9dPmu .activeCritText3{fill:#000 !important}#mermaid-svg-9um3ksAtqiX9dPmu .titleText{text-anchor:middle;font-size:18px;fill:#000;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-9um3ksAtqiX9dPmu g.classGroup text{fill:#9370db;stroke:none;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);font-size:10px}#mermaid-svg-9um3ksAtqiX9dPmu g.classGroup text .title{font-weight:bolder}#mermaid-svg-9um3ksAtqiX9dPmu g.clickable{cursor:pointer}#mermaid-svg-9um3ksAtqiX9dPmu g.classGroup rect{fill:#ECECFF;stroke:#9370db}#mermaid-svg-9um3ksAtqiX9dPmu g.classGroup line{stroke:#9370db;stroke-width:1}#mermaid-svg-9um3ksAtqiX9dPmu .classLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.5}#mermaid-svg-9um3ksAtqiX9dPmu .classLabel .label{fill:#9370db;font-size:10px}#mermaid-svg-9um3ksAtqiX9dPmu .relation{stroke:#9370db;stroke-width:1;fill:none}#mermaid-svg-9um3ksAtqiX9dPmu .dashed-line{stroke-dasharray:3}#mermaid-svg-9um3ksAtqiX9dPmu #compositionStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-9um3ksAtqiX9dPmu #compositionEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-9um3ksAtqiX9dPmu #aggregationStart{fill:#ECECFF;stroke:#9370db;stroke-width:1}#mermaid-svg-9um3ksAtqiX9dPmu #aggregationEnd{fill:#ECECFF;stroke:#9370db;stroke-width:1}#mermaid-svg-9um3ksAtqiX9dPmu #dependencyStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-9um3ksAtqiX9dPmu #dependencyEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-9um3ksAtqiX9dPmu #extensionStart{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-9um3ksAtqiX9dPmu #extensionEnd{fill:#9370db;stroke:#9370db;stroke-width:1}#mermaid-svg-9um3ksAtqiX9dPmu .commit-id,#mermaid-svg-9um3ksAtqiX9dPmu .commit-msg,#mermaid-svg-9um3ksAtqiX9dPmu .branch-label{fill:lightgrey;color:lightgrey;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-9um3ksAtqiX9dPmu .pieTitleText{text-anchor:middle;font-size:25px;fill:#000;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-9um3ksAtqiX9dPmu .slice{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-9um3ksAtqiX9dPmu g.stateGroup text{fill:#9370db;stroke:none;font-size:10px;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-9um3ksAtqiX9dPmu g.stateGroup text{fill:#9370db;fill:#333;stroke:none;font-size:10px}#mermaid-svg-9um3ksAtqiX9dPmu g.statediagram-cluster .cluster-label text{fill:#333}#mermaid-svg-9um3ksAtqiX9dPmu g.stateGroup .state-title{font-weight:bolder;fill:#000}#mermaid-svg-9um3ksAtqiX9dPmu g.stateGroup rect{fill:#ECECFF;stroke:#9370db}#mermaid-svg-9um3ksAtqiX9dPmu g.stateGroup line{stroke:#9370db;stroke-width:1}#mermaid-svg-9um3ksAtqiX9dPmu .transition{stroke:#9370db;stroke-width:1;fill:none}#mermaid-svg-9um3ksAtqiX9dPmu .stateGroup .composit{fill:white;border-bottom:1px}#mermaid-svg-9um3ksAtqiX9dPmu .stateGroup .alt-composit{fill:#e0e0e0;border-bottom:1px}#mermaid-svg-9um3ksAtqiX9dPmu .state-note{stroke:#aa3;fill:#fff5ad}#mermaid-svg-9um3ksAtqiX9dPmu .state-note text{fill:black;stroke:none;font-size:10px}#mermaid-svg-9um3ksAtqiX9dPmu .stateLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.7}#mermaid-svg-9um3ksAtqiX9dPmu .edgeLabel text{fill:#333}#mermaid-svg-9um3ksAtqiX9dPmu .stateLabel text{fill:#000;font-size:10px;font-weight:bold;font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family)}#mermaid-svg-9um3ksAtqiX9dPmu .node circle.state-start{fill:black;stroke:black}#mermaid-svg-9um3ksAtqiX9dPmu .node circle.state-end{fill:black;stroke:white;stroke-width:1.5}#mermaid-svg-9um3ksAtqiX9dPmu #statediagram-barbEnd{fill:#9370db}#mermaid-svg-9um3ksAtqiX9dPmu .statediagram-cluster rect{fill:#ECECFF;stroke:#9370db;stroke-width:1px}#mermaid-svg-9um3ksAtqiX9dPmu .statediagram-cluster rect.outer{rx:5px;ry:5px}#mermaid-svg-9um3ksAtqiX9dPmu .statediagram-state .divider{stroke:#9370db}#mermaid-svg-9um3ksAtqiX9dPmu .statediagram-state .title-state{rx:5px;ry:5px}#mermaid-svg-9um3ksAtqiX9dPmu .statediagram-cluster.statediagram-cluster .inner{fill:white}#mermaid-svg-9um3ksAtqiX9dPmu .statediagram-cluster.statediagram-cluster-alt .inner{fill:#e0e0e0}#mermaid-svg-9um3ksAtqiX9dPmu .statediagram-cluster .inner{rx:0;ry:0}#mermaid-svg-9um3ksAtqiX9dPmu .statediagram-state rect.basic{rx:5px;ry:5px}#mermaid-svg-9um3ksAtqiX9dPmu .statediagram-state rect.divider{stroke-dasharray:10,10;fill:#efefef}#mermaid-svg-9um3ksAtqiX9dPmu .note-edge{stroke-dasharray:5}#mermaid-svg-9um3ksAtqiX9dPmu .statediagram-note rect{fill:#fff5ad;stroke:#aa3;stroke-width:1px;rx:0;ry:0}:root{--mermaid-font-family: '"trebuchet ms", verdana, arial';--mermaid-font-family: "Comic Sans MS", "Comic Sans", cursive}#mermaid-svg-9um3ksAtqiX9dPmu .error-icon{fill:#522}#mermaid-svg-9um3ksAtqiX9dPmu .error-text{fill:#522;stroke:#522}#mermaid-svg-9um3ksAtqiX9dPmu .edge-thickness-normal{stroke-width:2px}#mermaid-svg-9um3ksAtqiX9dPmu .edge-thickness-thick{stroke-width:3.5px}#mermaid-svg-9um3ksAtqiX9dPmu .edge-pattern-solid{stroke-dasharray:0}#mermaid-svg-9um3ksAtqiX9dPmu .edge-pattern-dashed{stroke-dasharray:3}#mermaid-svg-9um3ksAtqiX9dPmu .edge-pattern-dotted{stroke-dasharray:2}#mermaid-svg-9um3ksAtqiX9dPmu .marker{fill:#333}#mermaid-svg-9um3ksAtqiX9dPmu .marker.cross{stroke:#333} :root { --mermaid-font-family: "trebuchet ms", verdana, arial;} #mermaid-svg-9um3ksAtqiX9dPmu { color: rgba(0, 0, 0, 0.75); font: ; } 编写代码 生成.sys文件 部署 启动 停止 卸载

2.第一个驱动程序编写

#include <ntddk.h> //卸载函数 VOID DriverUnload(PDRIVER_OBJECT driver) { DbgPrint("驱动程序停止运行了.\r\n"); } //入口函数,相当于main NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path) { DbgPrint("Mikasys的第一个驱动程序启动啦\n"); //设置一个卸载函数,便于退出 driver->DriverUnload = DriverUnload; return STATUS_SUCCESS; }

3.复制sys到虚拟机,并且配置pdb

F7编译完后会在Driver里生成一个.sys文件,复制到虚拟机里就可以准备加载了

科普一下pdb文件(Program Debug Database)

windbg配置一下pdb

4.加载驱动并用dbgview观察

打开KmdManager和dbgview,用KmdManager加载驱动 效果如下: 注意!!!DebugView一定要把捕捉内核打开

5.验证调试

为了验证windbg是否将上面添加的Driver目录加入,在调用卸载函数之前加一个内联汇编

__asm { int 3 mov eax,eax //无意义的代码,检测windbg是否能显示出来 mov eax,eax }

编译之后将新生成的sys文件复制到虚拟机,加载驱动。如果windbg自动弹出代码,说明成功!

最新回复(0)