我如何“安装"一个自定义的Windows驱动程序? [英] How do I "install" a custom-windows driver?
问题描述
我打算用C语言编写一个基本的Windows注册表过滤器.过滤器的目的是挂接所有(用户和内核特权的)注册表调用,以便可以在程序中使用它们.我基本上是复制Mark Rusinovich的regmon/过程监控器,但更为基本.
I am planning to write a basic windows registry filter in C. The purpose of the filter is to hook all (user and kernel privileged) registry calls so that I can use them in my program. I am basically copying regmon/process monitor by Mark Rusinovich but more basic.
我的问题是,用C编写过滤器后,如何使系统实现自定义行为而不实现注册表调用的原始预期行为?
My question is, once the filter is written in C, how do you get the system to implement the custom behaviour and to not implement the original intended behaviour of the registry calls?
我正在使用Windows 7
I am using windows 7
我正在尝试将这作为一个业余C ++项目的一部分,该项目可以挂接所有注册表调用.
I am trying to do this as part of a hobby c++ project which can hook all registry calls.
推荐答案
有一些特殊的功能.请参见 CmRegisterCallback(), CmRegisterCallbackEx()和过滤注册表调用在MSDN上.
There are special functions for that. See CmRegisterCallback(), CmRegisterCallbackEx() and Filtering Registry Calls on MSDN.
对于仅安装内核模式驱动程序,您可以使用服务控制器(sc.exe).使用sc create [service name] binPath= [path to your .sys file] type= kernel创建内核模式服务,并使用sc start [service name]启动它.更改驱动程序之前,请不要忘记先sc stop和sc delete.
As for just installing a kernel mode driver, you may use the Service Controller (sc.exe). Use sc create [service name] binPath= [path to your .sys file] type= kernel to create a kernel-mode service and sc start [service name] to start it. Don't forget to sc stop and sc delete it before making changes to the driver.
这篇关于我如何“安装"一个自定义的Windows驱动程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
