ZwLoadDriver

函数原型NTSTATUS

ZwLoadDriver(

IN PUNICODE_STRINGDriverServiceName

);函数说明该函数用于在内核模式或驱动程序中动态加载一个已被正确注册的驱动例程参数说明DriverServiceName:一个指向驱动程序注册表键Unicode字串的指针,该注册表键位于"RegistryMachineSystemCurrentControlSetServicesDriverName"(一般位于HKEY_LOCAL_MACHINE主键下),DriverName是该驱动的注册名返回值该函数返回一个 STATUS_SUCCESS 或一个适当的NTSTATUS类型的错误值注意ZwLoadDriver动态地加载一个设备或一个文件系统驱动到当前正在运行的系统.但如果当前的系统正在运行于安全模式,驱动程序会因为不是一个在安全模式驱动加载清单内的程序而失败,函数会返回STATUS_SUCCESS .

使用ZwLoadDriver的设备必须已在当前系统环境中正确注册,或在"RegistryMachineSystemCurrentControlSetServicesDriverName"(一般位于HKEY_LOCAL_MACHINE主键下,DriverName是该驱动的注册名)下正确写入键值,否则函数无法被使用.需求该函数需运行在Windows XP或更新的版本中

需要包含ntifs.h头文件DDK帮助文档原文ZwLoadDriver

TheZwLoadDriverroutine loads a driver into the system.

NTSTATUS

ZwLoadDriver(

IN PUNICODE_STRINGDriverServiceName

);

Parameters

DriverServiceName Pointer to a counted Unicode string that specifies a path to the driver's registry key, RegistryMachineSystemCurrentControlSetServicesDriverName, where DriverName is the name of the driver.

Return Value

ZwLoadDriverreturns STATUS_SUCCESS or an appropriate error NTSTATUS value.

Comments

ZwLoadDriverdynamically loads a device or file system driver into the currently running system.

NoteIf the system is running in safe mode, and the driver fails to load because it is not on the safe mode list,ZwLoadDriverreturns STATUS_SUCCESS.

A minifilter should use FltLoadFilter instead ofZwLoadDriverto load a supporting minifilter.

NoteIf the call to theZwLoadDriverfunction occurs in user mode, you should use the name "NtLoadDriver" instead of "ZwLoadDriver".

Requirements

Versions:This routine is available on Microsoft Windows XP and later.

IRQL:PASSIVE_LEVEL

Headers:Declared inntifs.h. Includentifs.h.

See Also

FltLoadFilter,RtlInitUnicodeString,UNICODE_STRING,ZwUnloadDriver