做一个传统的键盘过滤,但是键盘输入总有一个在等待的irp,也就导致过滤键盘的按键总会漏掉第一个按键。
如何找到这个IRP并把它取消掉?望大大们指点!!!
我尝试在KbdClass->DeviceObject->DeviceExtension里面去获取,但是不知道是不是我的DeviceExtension结构定义跟我测试的系统(xpsp3)有出入(获取到ReadQueue不对)
DeviceExtension定义是我从ddk中的kbdclass.h拷贝的,是不是哪里错了
//
// Class device extension.
//
typedef struct _DEVICE_EXTENSION {
//
// Back pointer to the Device Object created for this port.
//
PDEVICE_OBJECT Self;
//
// Pointer to the active Class DeviceObject;
// If the AFOAOFA (all for one and one for all) switch is on then this
// points to the device object named as the first keyboard.
//
PDEVICE_OBJECT TrueClassDevice;
//
// The Target port device Object to which all IRPs are sent.
//
PDEVICE_OBJECT TopPort;
//
// The PDO if applicable.
//
PDEVICE_OBJECT PDO;
//
// A remove lock to keep track of outstanding I/Os to prevent the device
// object from leaving before such time as all I/O has been completed.
//
IO_REMOVE_LOCK RemoveLock;
//
// If this port a Plug and Play port
//
BOOLEAN PnP;
BOOLEAN Started;
BOOLEAN AllowDisable;
KSPIN_LOCK WaitWakeSpinLock;
//
// Is the Trusted Subsystem Connected
//
ULONG TrustedSubsystemCount;
//
// Number of input data items currently in the InputData queue.
//
ULONG InputCount;
//
// A Unicode string pointing to the symbolic link for the Device Interface
// of this device object.
//
UNICODE_STRING SymbolicLinkName;
//
// Start of the class input data queue (really a circular buffer).
//
PKEYBOARD_INPUT_DATA InputData;
//
// Insertion pointer for InputData.
//
PKEYBOARD_INPUT_DATA DataIn;
//
// Removal pointer for InputData.
//
PKEYBOARD_INPUT_DATA DataOut;
//
// Keyboard attributes.
//
KEYBOARD_ATTRIBUTES KeyboardAttributes;
//
// A saved state of indicator lights
//
KEYBOARD_INDICATOR_PARAMETERS IndicatorParameters;
//
// Spinlock used to synchronize access to the input data queue and its
// insertion/removal pointers.
//
KSPIN_LOCK SpinLock;
//
// Queue of pended read requests sent to this port. Access to this queue is
// guarded by SpinLock
//
LIST_ENTRY ReadQueue;
//
// Request sequence number (used for error logging).
//
ULONG SequenceNumber;
//
// The "D" and "S" states of the current device
//
DEVICE_POWER_STATE DeviceState;
SYSTEM_POWER_STATE SystemState;
ULONG UnitId;
//
// WMI Information
//
WMILIB_CONTEXT WmiLibInfo;
//
// Mapping of system to device states when a wait wake irp is active
//
DEVICE_POWER_STATE SystemToDeviceState[PowerSystemHibernate];
//
// Minimum amount of power needed to wake the device
//
DEVICE_POWER_STATE MinDeviceWakeState;
//
// Lowest system state that the machine can be in and have the device wake it up
//
SYSTEM_POWER_STATE MinSystemWakeState;
//
// Actual wait wake irp
//
PIRP WaitWakeIrp;
//
// Duplicate wait wake irp getting completed because another was queued.
//
PIRP ExtraWaitWakeIrp;
//
// Target Device Notification Handle
//
PVOID TargetNotifyHandle;
//
// Only used for a legacy port device
//
LIST_ENTRY Link;
//
// Used only for a legacy port device when grand master mode is off
//
PFILE_OBJECT File;
//
// Used for a legacy port device
//
BOOLEAN Enabled;
//
// Indicates whether it is okay to log overflow errors.
//
BOOLEAN OkayToLogOverflow;
//
// Indicates whether it is okay to send wait wake irps down the stack
// (does NOT reflect if the bus can implement or not)
//
BOOLEAN WaitWakeEnabled;
//
// Indicates whether we have received a surprise removed irp
//
BOOLEAN SurpriseRemoved;
} DEVICE_EXTENSION, *PDEVICE_EXTENSION;
[培训]《安卓高级研修班(网课)》月薪三万计划,掌
握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
