开发者

Allow Driver to Stop in Windows?

开发者 https://www.devze.com 2023-03-10 17:17 出处：网络

Some drivers on Windows, like Null andBeep, can be arbitrarily stopped and re-started through the ControlService(..., SERVICE_CONTROL_STOP, ...) operation. Most other drivers, however, cannot be stopp

相关专题：driver winapi

Some drivers on Windows, like Null and Beep, can be arbitrarily stopped and re-started through the ControlService(..., SERVICE_CONTROL_STOP, ...) operation. Most other drivers, however, cannot be stopped and restarted while the system is running.

I'm making my own driver. How can I tell Windows that my driver can be s开发者_如何学运维topped?

It turns out that you need to add a DriverUnload function:

VOID NTAPI DriverUnload(IN DRIVER_OBJECT *DriverObject) { }

NTSTATUS NTAPI DriverEntry(IN PDRIVER_OBJECT DriverObject,
                           IN PUNICODE_STRING RegistryPath)
{
    DriverObject->DriverUnload = DriverUnload; // <--- add this
    return STATUS_SUCCESS;
}

However, this is only sufficient if you're linking with /DRIVER.
If you're linking with /DRIVER:WDM (meaning that IMAGE_DLLCHARACTERISTICS_WDM_DRIVER is set in the DllCharacteristics field) then it seems like this isn't sufficient. I think you may need to do more things, like handling IRPs as well. So check that too.