PUCHAR buf = NULL;
buf = Irp->AssociatedIrp.SystemBuffer;
以上对象返回一个 char* 指针,这个缓冲区可能会包含不确定数量的 KEYBOARD_INPUT_DATA 结构
typedef struct _KEYBOARD_INPUT_DATA {
USHORT UnitId; //第几个键盘端口
USHORT MakeCode; //扫描码
USHORT Flags; //按键标志
USHORT Reserved; //保留
ULONG ExtraInformation;//驱动扩展信息
} KEYBOARD_INPUT_DATA, *PKEYBOARD_INPUT_DATA;
按键标志:
#define KEY_MAKE 0 //按下
#define KEY_BREAK 1
#define KEY_E0 2
#define KEY_E1 4
#define KEY_TERMSRV_SET_LED 8
#define KEY_TERMSRV_SHADOW 0x10
#define KEY_TERMSRV_VKPACKET 0x20
结构的个数 = 缓冲区长度/结构大小
该结构体在 ntddkbd.h 头文件定义
PKEYBOARD_INPUT_DATA keydata = Irp->AssociatedIrp.SystemBuffer;
ULONG numkeys = (ULONG)Irp->IoStatus.Information / sizeof(KEYBOARD_INPUT_DATA);
for (i = 0; i < numkeys; i++){
DbgPrint("misaka: read numkeys %d code %x flags %s\r\n", numkeys, keydata->MakeCode, keydata->Flags ? "up" : "down");
//小实验,按下 caps lock 和 按下 shift 效果一样
if (keydata->MakeCode == 0x3a){
keydata->MakeCode = 0x2a;
}
}
