Как программно загрузить драйвер в память! SYS!

← →
Intelect © (2005-01-31 02:40) [0]

Покажите как можно программно загрузить драйвер!

← →
Ihor Osov'yak © (2005-01-31 03:16) [1]

сначала инсталировать сервис - OpenSCManager, CreateService (единыжды),
а затем открывать драйвер по символическому имени с помощью CreateFile.
Открытие драйвера равнозначно загрузке, если он еще небыл загружен.

← →
Intelect © (2005-01-31 04:17) [2]

Можешь исходник показать!

← →
n0name (2005-01-31 08:47) [3]

unit ServiceControl;

interface

type
PDWORD=^DWORD;

DWORD=Cardinal;
BOOL=boolean;
LPDWORD=PDWORD;
UINT=DWORD;
HLOCAL=THandle;

SC_HANDLE=THandle;

_QUERY_SERVICE_CONFIGA=record
dwServiceType: DWORD;
dwStartType: DWORD;
dwErrorControl: DWORD;
lpBinaryPathName: PAnsiChar;
lpLoadOrderGroup: PAnsiChar;
dwTagId: DWORD;
lpDependencies: PAnsiChar;
lpServiceStartName: PAnsiChar;
lpDisplayName: PAnsiChar;
end;
QUERY_SERVICE_CONFIGA=_QUERY_SERVICE_CONFIGA;
QueryServiceConfigA=QUERY_SERVICE_CONFIGA;
PQueryServiceConfigA=^QueryServiceConfigA;
PQueryServiceConfig=PQueryServiceConfigA;

_SERVICE_DESCRIPTION=record
lpDescription: PChar;
end;
SERVICE_DESCRIPTION=_SERVICE_DESCRIPTION;
TServiceDescription=SERVICE_DESCRIPTION;
PServiceDescription=^SERVICE_DESCRIPTION;

_SERVICE_STATUS=record
dwServiceType: DWORD;
dwCurrentState: DWORD;
dwControlsAccepted: DWORD;
dwWin32ExitCode: DWORD;
dwServiceSpecificExitCode: DWORD;
dwCheckPoint: DWORD;
dwWaitHint: DWORD;
end;
SERVICE_STATUS=_SERVICE_STATUS;
TServiceStatus=_SERVICE_STATUS;
PServiceStatus=^TServiceStatus;

const
ERROR_SUCCESS=0;
STANDARD_RIGHTS_REQUIRED=$000F0000;

SERVICE_QUERY_CONFIG=$0001;
SERVICE_CHANGE_CONFIG=$0002;
SERVICE_QUERY_STATUS=$0004;
SERVICE_ENUMERATE_DEPENDENTS=$0008;
SERVICE_START=$0010;
SERVICE_STOP=$0020;
SERVICE_PAUSE_CONTINUE=$0040;
SERVICE_INTERROGATE=$0080;
SERVICE_USER_DEFINED_CONTROL=$0100;
SERVICE_ALL_ACCESS=(STANDARD_RIGHTS_REQUIRED or SERVICE_QUERY_CONFIG or SERVICE_CHANGE_CONFIG or
SERVICE_QUERY_STATUS or SERVICE_ENUMERATE_DEPENDENTS or SERVICE_START or SERVICE_STOP or
SERVICE_PAUSE_CONTINUE or SERVICE_INTERROGATE or SERVICE_USER_DEFINED_CONTROL);

SC_MANAGER_CONNECT=$0001;
SC_MANAGER_CREATE_SERVICE=$0002;
SC_MANAGER_ENUMERATE_SERVICE=$0004;
SC_MANAGER_LOCK=$0008;
SC_MANAGER_QUERY_LOCK_STATUS=$0010;
SC_MANAGER_MODIFY_BOOT_CONFIG=$0020;
SC_MANAGER_ALL_ACCESS=(STANDARD_RIGHTS_REQUIRED or SC_MANAGER_CONNECT or SC_MANAGER_CREATE_SERVICE or
SC_MANAGER_ENUMERATE_SERVICE or SC_MANAGER_LOCK or SC_MANAGER_QUERY_LOCK_STATUS or
SC_MANAGER_MODIFY_BOOT_CONFIG);

SERVICE_BOOT_START=$00000000;
SERVICE_SYSTEM_START=$00000001;
SERVICE_AUTO_START=$00000002;
SERVICE_DEMAND_START=$00000003;
SERVICE_DISABLED=$00000004;

SERVICE_KERNEL_DRIVER=$00000001;
SERVICE_FILE_SYSTEM_DRIVER=$00000002;
SERVICE_ADAPTER=$00000004;
SERVICE_RECOGNIZER_DRIVER=$00000008;
SERVICE_DRIVER=(SERVICE_KERNEL_DRIVER or SERVICE_FILE_SYSTEM_DRIVER or SERVICE_RECOGNIZER_DRIVER);
SERVICE_WIN32_OWN_PROCESS=$00000010;
SERVICE_WIN32_SHARE_PROCESS=$00000020;
SERVICE_WIN32=(SERVICE_WIN32_OWN_PROCESS or SERVICE_WIN32_SHARE_PROCESS);
SERVICE_INTERACTIVE_PROCESS=$00000100;
SERVICE_TYPE_ALL=(SERVICE_WIN32 or SERVICE_ADAPTER or SERVICE_DRIVER or SERVICE_INTERACTIVE_PROCESS);

SERVICE_ERROR_IGNORE=$00000000;
SERVICE_ERROR_NORMAL=$00000001;
SERVICE_ERROR_SEVERE=$00000002;
SERVICE_ERROR_CRITICAL=$00000003;

SERVICE_CONFIG_DESCRIPTION=1;
SERVICE_CONFIG_FAILURE_ACTIONS=2;

SERVICE_STOPPED=1;
SERVICE_START_PENDING=2;
SERVICE_STOP_PENDING=3;
SERVICE_RUNNING=4;
SERVICE_CONTINUE_PENDING=5;
SERVICE_PAUSE_PENDING=6;
SERVICE_PAUSED=7;

SERVICE_CONTROL_STOP=1;
SERVICE_CONTROL_PAUSE=2;
SERVICE_CONTROL_CONTINUE=3;
SERVICE_CONTROL_INTERROGATE=4;
SERVICE_CONTROL_SHUTDOWN=5;

type
TServiceControl=class
protected
hServiceMngr: SC_HANDLE;
hService: SC_HANDLE;
ServiceConfig: PQueryServiceConfig;
ServStat: TServiceStatus;

function Open(CompName, ServName: PChar; ServAccess: DWORD;
ServMgrAccess: DWORD=SC_MANAGER_ALL_ACCESS): DWORD;
procedure Close;
public
constructor Create;
destructor Destroy; override;
function Install(CompName, ServName, Desc, ModPathName: PChar; UserName: PChar=nil;
UserPass: PChar=nil; StartType: DWORD=SERVICE_AUTO_START; Drv: boolean=FALSE ): DWORD;
function Remove(CompName, ServName: PChar): DWORD;
function Start(ServName: PChar): DWORD;
function Control(ServName: PChar; ControlCode: DWORD): DWORD;
function GetStatus(ServName: PChar): DWORD;
function GetConfig(ServName: PChar): PQueryServiceConfig;
end;

function OpenSCManager(lpMachineName, lpDatabaseName: PAnsiChar; dwDesiredAccess: DWORD): SC_HANDLE;
stdcall; external "advapi32.dll" name "OpenSCManagerA";
function OpenService(hSCManager: SC_HANDLE; lpServiceName: PChar; dwDesiredAccess: DWORD): SC_HANDLE;
stdcall; external "advapi32.dll" name "OpenServiceA";
function CloseServiceHandle(hSCObject: SC_HANDLE): BOOL;
stdcall; external "advapi32.dll" name "CloseServiceHandle";
function CreateService(hSCManager: SC_HANDLE; lpServiceName, lpDisplayName: PChar; dwDesiredAccess,
dwServiceType, dwStartType, dwErrorControl: DWORD; lpBinaryPathName, lpLoadOrderGroup: PChar;
lpdwTagId: LPDWORD; lpDependencies, lpServiceStartName, lpPassword: PChar): SC_HANDLE; stdcall;
external "advapi32.dll" name "CreateServiceA";
function ChangeServiceConfig2(hService: SC_HANDLE; dwInfoLevel: DWORD; lpInfo: Pointer): BOOL; stdcall;
external "advapi32.dll" name "ChangeServiceConfig2A";
function DeleteService(hService: SC_HANDLE): BOOL; stdcall; external "advapi32.dll" name "DeleteService";
function QueryServiceStatus(hService: SC_HANDLE; var lpServiceStatus: TServiceStatus): BOOL;
stdcall; external "advapi32.dll" name "QueryServiceStatus";
function StartService(hService: SC_HANDLE; dwNumServiceArgs: DWORD; var lpServiceArgVectors: PChar): BOOL;
stdcall; external "advapi32.dll" name "StartServiceA";
function ControlService(hService: SC_HANDLE; dwControl: DWORD; var lpServiceStatus: TServiceStatus): BOOL;
stdcall; external "advapi32.dll" name "ControlService";
function QueryServiceConfig(hService: SC_HANDLE; lpServiceConfig: PQueryServiceConfig; cbBufSize: DWORD;
var pcbBytesNeeded: DWORD): BOOL; stdcall; external "advapi32.dll" name "QueryServiceConfig";

function LocalAlloc(uFlags, uBytes: UINT): HLOCAL; stdcall; external "kernel32.dll" name "LocalAlloc";
function LocalFree(hMem: HLOCAL): HLOCAL; stdcall; external "kernel32.dll" name "LocalFree";

implementation

← →
n0name (2005-01-31 08:47) [4]

function TServiceControl.Open(CompName, ServName: PChar; ServAccess: DWORD;
ServMgrAccess: DWORD=SC_MANAGER_ALL_ACCESS): DWORD;
begin
result:=ERROR_SUCCESS;
hServiceMngr:=OpenSCManager(CompName, nil, ServMgrAccess);
if hServiceMngr=0 then
begin
result:=GetLastError;
exit;
end;
if(ServName<>nil) then
begin
hService:=OpenService(hServiceMngr, ServName, ServAccess);
if (hService=0) then
begin
result:=GetLastError;
exit;
end;
end;
end;

procedure TServiceControl.Close;
begin
if hService<>0 then
CloseServiceHandle(hService);
if hServiceMngr<>0 then
CloseServiceHandle(hServiceMngr);
end;

constructor TServiceControl.Create;
begin
hServiceMngr:=0;
end;

destructor TServiceControl.Destroy;
begin
if (ServiceConfig<>nil) then
LocalFree(DWORD(ServiceConfig));
end;

function TServiceControl.Install(CompName, ServName, Desc, ModPathName: PChar; UserName: PChar=nil;
UserPass: PChar=nil; StartType: DWORD=SERVICE_AUTO_START; Drv: boolean=FALSE ): DWORD;
var
ServType: DWORD;
ServDesc: SERVICE_DESCRIPTION;
begin
result:=ERROR_SUCCESS;
if Open(CompName, nil, 0)<>ERROR_SUCCESS then
begin
result:=GetLastError;
exit;
end;

if Drv then
ServType:=SERVICE_KERNEL_DRIVER
else
ServType:=SERVICE_WIN32_OWN_PROCESS;

hService:=CreateService(hServiceMngr, ServName, ServName, SERVICE_ALL_ACCESS, ServType,
StartType, SERVICE_ERROR_NORMAL, ModPathName, nil, nil, nil, UserName, UserPass);
if hService=0 then
begin
result:=GetLastError;
exit;
end;

if Desc<>nil then
begin
FillChar(Pointer(@ServDesc)^, sizeof(ServDesc), 0);
ServDesc.lpDescription:=Desc;
ChangeServiceConfig2(hService, SERVICE_CONFIG_DESCRIPTION, @ServDesc);
end;

Close;
end;

function TServiceControl.Remove(CompName, ServName: PChar): DWORD;
begin
result:=ERROR_SUCCESS;

if Open(CompName, ServName, SERVICE_ALL_ACCESS)<>ERROR_SUCCESS then
begin
result:=GetLastError;
exit;
end;

if not DeleteService(hService) then
begin
result:=GetLastError;
exit;
end;

Close;
end;

function TServiceControl.Start(ServName: PChar): DWORD;
var
lpServiceArgVectors: PChar;
begin
result:=ERROR_SUCCESS;
if Open(nil, ServName, SERVICE_START or SERVICE_STOP
or SERVICE_PAUSE_CONTINUE or SERVICE_QUERY_STATUS)<>ERROR_SUCCESS then
begin
result:=GetLastError;
exit;
end;
QueryServiceStatus(hService, ServStat);

if ServStat.dwCurrentState=SERVICE_STOPPED then
begin
lpServiceArgVectors:=nil;
if not StartService(hService, 0, lpServiceArgVectors) then
begin
result:=GetLastError;
exit;
end;
end;

Close;
end;

function TServiceControl.Control(ServName: PChar; ControlCode: DWORD): DWORD;
begin
result:=ERROR_SUCCESS;

if (Open(nil, ServName, SERVICE_START or SERVICE_STOP
or SERVICE_PAUSE_CONTINUE or SERVICE_QUERY_STATUS)<>ERROR_SUCCESS) then
begin
result:=GetLastError;
exit;
end;

if (not ControlService(hService, ControlCode, ServStat)) then
begin
result:=GetLastError;
exit;
end;

Close;
end;

function TServiceControl.GetStatus(ServName: PChar): DWORD;
begin
result:=0;
if Open(nil, ServName, SERVICE_QUERY_STATUS)<>ERROR_SUCCESS then exit;
if not QueryServiceStatus(hService, ServStat) then exit;
Close;
result:=ServStat.dwCurrentState;
end;

function TServiceControl.GetConfig(ServName: PChar): PQueryServiceConfig;
var
dw: DWORD;
begin
result:=nil;
if Open(nil, ServName, SERVICE_QUERY_STATUS)<>ERROR_SUCCESS then exit;
ServiceConfig:=Pointer(LocalAlloc(0, 4096));
if ServiceConfig=nil then exit;
if not QueryServiceConfig(hService, ServiceConfig, 4096, dw) then exit;
Close;
result:=ServiceConfig;
end;

end.

← →
Ihor Osov'yak © (2005-01-31 12:07) [5]

2 [3] n0name

О существование такой вещи как unit WinSvc известно?
Присутствует даже в D4 проф.

2 [2] Intelect © (31.01.05 04:17)
> Можешь исходник показать!

Упоминание имен ключевых функций вполне достаточно для того, чтобы сделать успешных поиск хотя бы по тому же гугле на предмет нескольких вариантов реализаций. Об MSDN также не стоит забывать (на предмет ньюансов и на предмет оценки качества найденных решений).

Свой код дать не могу по двум причинам
1. (не основная) - реальные проекты и за деревьями специфики конкретного проекта не очень видно лес - а готовить демку нет времени.
2. (основная) - обычно проекты делаются на условиях нераспространения кода (это ответ на просьбу "раз времени нет на демку - дай проект as is").

Да, еще. Кричать не стоит.. Это просьба.

← →
Digitman © (2005-01-31 12:40) [6]

const
sDeviceName = "\\.\MyDevice";

var
hSCM, hService: THandle;
SvcStartParams: PChar;
State: TServiceStatus;
..
hSCM := OpenSCManager(nil, nil, SC_MANAGER_ALL_ACCESS);
Win32Check(hSCM <> 0);
try
hService := CreateService(hSCM, "MyService", "MyServiceName",
SERVICE_START or SERVICE_STOP or SERVICE_QUERY_STATUS or _DELETE,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_IGNORE,
PChar(DrvName),
nil, nil, nil, nil, nil);
if (hService = 0) and (GetLastError = ERROR_SERVICE_EXISTS) then
hService := OpenService(hSCM, "MyService", SERVICE_ALL_ACCESS);
Win32Check(hService <> 0);
try
Win32Check(QueryServiceStatus(hService, State));
if State.dwCurrentState = SERVICE_STOPPED then
Win32Check(StartService(hService, 0, SvcStartParams));
with WaitParams do
try
hDevice := CreateFile(sDeviceName,
GENERIC_READ or GENERIC_WRITE,
0, nil, OPEN_EXISTING, 0, 0);
Win32Check(hDevice <> 0);
.. и т.д.

← →
n0name (2005-01-31 13:27) [7]

>>Ihor Osov"yak © (31.01.05 12:07) [5]
Конечно известно, также как и о unit Windows :)
Но зачем, код занимать будет меньше.

> n0name (31.01.05 13:27) [7]

> Но зачем, код занимать будет меньше.

эт с какого ж перепугу "меньше"-то ?
IAT в результирующем PE-модуле будет чуть поменьше, и не более того .. но это - ловля блох

← →
Burmistroff (2005-01-31 19:37) [9]

Можно еще так (но это неофициально):

uses ..., ntdll, ...

procedure TryToLoad(ImageFileName: WideString);
var
DrvPath: UNICODE_STRING;
Result: DWORD;
begin
RtlInitUnicodeString(@DrvPath, PWideChar(ImageFileName));
Result := ZwSetSystemInformation(SystemLoadAndCallImage, @DrvPath, sizeof(UNICODE_STRING));
if Result<>0 then WriteLn(Format("%S: (error %X)", [ImageFileName, Result]));
end;

ntdll.pas можно например взять здесь: http://mc.webm.ru/5/ntdll.zip

Как программно загрузить драйвер в память! SYS! Найти похожие ветки