WdfVersionBind被FxDriverEntryWorker调用时,参数_DRIVER_OBJECT*和_UNICODE_STRING*已经初始化完毕,这和wdm驱动的流程一致。至于参数_WDF_BIND_INFO和WDF_DRIVER_GLOBALS,这是wdfsimple.sys定义的全局变量,在链接阶段已经完成初始化。当然,这不是我的臆测,而是根据以下2个结果,确定它们是由sys文件定义而不是OS定义的全...
__int64 __fastcall LibraryLinkInClient(_LIBRARY_MODULE *Library, _UNICODE_STRING *RegistryPath, _WDF_BIND_INFO *Info, void *Context, _CLIENT_MODULE **Client) 1. 接下来,一起验证一下IDA伪代码中的v7 = Module->LibraryInfo->LibraryRegisterClient;调用的的确是Wdf01000.sys中的FxLibraryCommonRegister...
First, installing the driver is a simple matter of creating the fake root device node, then pointing Windows at the INF to bind with it and load our driver. The trick is referencing the same device class GUID as in the INF, as well as the same root device instance path, as we mention...