在《WinCE驱动程序的分类》中曾提到,WinCE6.0的流驱动既可以加载到内核态也可以加载到用户态。下面通过一组图片简单说明一下这两种驱动的关系。
首先编写一个流驱动WCEDrv,代码如下。
代码
extern " C "
BOOL WINAPI DllMain(HANDLE hinstDLL, DWORD dwReason, LPVOID lpvReserved)
{
UNREFERENCED_PARAMETER(lpvReserved);
switch (dwReason) {
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls((HMODULE) hinstDLL);
break ;
case DLL_PROCESS_DETACH:
break ;
};
return TRUE;
}
extern " C "
DWORD Init(LPCTSTR pContext, DWORD dwBusContext)
{
RETAILMSG( 1 ,(_T( " Init(%s, %x) " ),pContext,dwBusContext));
PBYTE pBuffer = new BYTE[ 4096 * 1024 ];
RETAILMSG( 1 ,(TEXT( " pBuffer(%x)\r\n " ),pBuffer));
return (DWORD)pBuffer;
}
extern " C "
BOOL Deinit(DWORD hDeviceContext)
{
RETAILMSG( 1 ,(_T( " Deinit(%x)\r\n " ),hDeviceContext));
PBYTE pBuffer = (PBYTE)hDeviceContext;
if (pBuffer)
{
delete[] pBuffer;
}
return TRUE;
}
extern " C "
void PowerUp(DWORD hDeviceContext)
{
}
extern " C "
void PowerDown(DWORD hDeviceContext)
{
}
extern " C "
DWORD Open(DWORD hDeviceContext, DWORD AccessCode, DWORD ShareMode)
{
RETAILMSG( 1 ,(_T( " Open(%x, 0x%x, 0x%x)\r\n " ),hDeviceContext, AccessCode, ShareMode));
return hDeviceContext;
}
extern " C "
BOOL Close(DWORD hOpenContext)
{
RETAILMSG( 1 ,(_T( " Close(%x)\r\n " ),hOpenContext));
return TRUE;
}
extern " C "
BOOL IOControl(DWORD hOpenContext, DWORD dwCode, PBYTE pBufIn, DWORD dwLenIn
, PBYTE pBufOut, DWORD dwLenOut, PDWORD pdwActualOut)
{
UNREFERENCED_PARAMETER(hOpenContext);
UNREFERENCED_PARAMETER(dwCode);
UNREFERENCED_PARAMETER(pBufIn);
UNREFERENCED_PARAMETER(dwLenIn);
UNREFERENCED_PARAMETER(pBufOut);
UNREFERENCED_PARAMETER(dwLenOut);
UNREFERENCED_PARAMETER(pdwActualOut);
SetLastError(ERROR_INVALID_FUNCTION);
return FALSE;
}
extern " C "
DWORD Read(DWORD hOpenContext, LPVOID pBuffer, DWORD Count)
{
RETAILMSG( 1 ,(_T( " Read(%x, %x, 0x%x)\r\n " ),hOpenContext, pBuffer, Count));
return TRUE;
}
extern " C "
DWORD Write(DWORD hOpenContext, LPCVOID pBuffer, DWORD Count)
{
RETAILMSG( 1 ,(_T( " Write(%x, %x, 0x%x)\r\n " ),hOpenContext, pBuffer, Count));
return TRUE;
}
extern " C "
DWORD Seek(DWORD hOpenContext, long Amount, WORD Type)
{
UNREFERENCED_PARAMETER(hOpenContext);
UNREFERENCED_PARAMETER(Amount);
UNREFERENCED_PARAMETER(Type);
SetLastError(ERROR_NOT_SUPPORTED);
return - 1 ;
}
其对应的注册表文件内容如下。
注册表
" Prefix " = " AAA "
" Dll " = " WCEDrv.dll "
" Index " = dword: 1
" Flags " = dword: 8 ; DEVFLAGS_NAKEDENTRIES
" Order " = dword: 0
[HKEY_LOCAL_MACHINE\Drivers\WCEDrv2]
" Prefix " = " BBB "
" Dll " = " WCEDrv.dll "
" Index " = dword: 1
" Flags " = dword: 8 ; DEVFLAGS_NAKEDENTRIES
" Order " = dword: 0
[HKEY_LOCAL_MACHINE\Drivers\WCEDrv3]
" Prefix " = " CCC "
" Dll " = " WCEDrv.dll "
" Index " = dword: 1
" Flags " = dword: 18 ; DEVFLAGS_LOAD_AS_USERPROC | DEVFLAGS_NAKEDENTRIES
" Order " = dword: 0
[HKEY_LOCAL_MACHINE\Drivers\WCEDrv4]
" Prefix " = " DDD "
" Dll " = " WCEDrv.dll "
" Index " = dword: 1
" Flags " = dword: 18 ; DEVFLAGS_LOAD_AS_USERPROC | DEVFLAGS_NAKEDENTRIES
" Order " = dword: 0
通过驱动调试助手动态加载该驱动,在加载时,根据注册表中的设置,分别加载两个到内核空间和用户空间。
通过驱动调试助手导入注册表文件
用户态和内核态分别加载两个,共加载四个驱动
加载驱动过程时的串口打印
加载驱动成功后,HKEY_LOCAL_MACHINE\Drivers\Active下内核驱动对应的键
加载驱动成功后,HKEY_LOCAL_MACHINE\Drivers\Active下用户驱动对应的键 
通过远程堆查看器,查看内存的分配情况
通过远程进程查看器 ,查看wcedrv.dll加载为内核态驱动
通过远程进程查看器,查看wcedrv.dll加载为用户态驱动1
通过远程进程查看器,查看wcedrv.dll加载为用户态驱动2
WCEDRV的源代码下载地址:http://files.cnblogs.com/we-hjb/WCEDrv.rar
