|
WDF如何发送URB请求
问题解决了, 换了一个函数,这个问题就搞定了。 WdfUsbTargetDeviceSendUrbSynchronously(pDevContext->CyUsbDevice, NULL, WDF_NO_SEND_OPTIONS, pUrb); 帖子该怎么处理呢? 来个人吧,准备结贴了 |
|
求KeSetEvent逆向后的伪代码
呵呵,这个意思啊。 我也不是搞驱动的,业余改改BUG就行了。 |
|
求KeSetEvent逆向后的伪代码
因为好几台机器一块试,就一台机器上出这个,所有机器都有Bushound5. 不过按照你的建议,我还是再试试吧。 |
|
求KeSetEvent逆向后的伪代码
905: else//BulkStreamComplete All done, setting event 906: { 907: IoFreeIrp(Irp); 908: ExFreePool(pUrb); > 909: KeSetEvent(&transferObject->Done,IO_NO_INCREMENT,FALSE); 910: ntStatus = STATUS_MORE_PROCESSING_REQUIRED; 911: } 912: return ntStatus; 913: 914: } |
|
WDM驱动简单为题。求解
改为\\Device\\HarddiskVolume1果然可以了,但是查找您说的那个函数时,发现给的信息太少了,调用的时机, 等等信息都木有。能给个例子么 |
|
WDM驱动简单为题。求解
楼上的,有关于\\??相关的资料么, 谢谢,我想访问当前系统分区,怎么写呢? |
|
[求助]ring3程序崩溃时,ring0挂起的irp处理。
其实上边代码在所有地方都通用,只是调用场景不一样, 我调用的场景时,当上层应用程序异常退出时,底层程序为没有完成的irp执行cancel例程,cancel例程中,调用了这函数。完整的函数如下。 NTSTATUS BulkUsb_CallUSBD( IN PDEVICE_OBJECT DeviceObject, IN PURB Urb ) /*++ Routine Description: Passes a URB to the USBD class driver The client device driver passes USB request block (URB) structures to the class driver as a parameter in an IRP with Irp->MajorFunction set to IRP_MJ_INTERNAL_DEVICE_CONTROL and the next IRP stack location Parameters.DeviceIoControl.IoControlCode field set to IOCTL_INTERNAL_USB_SUBMIT_URB. Arguments: DeviceObject - pointer to the physical device object (PDO) Urb - pointer to an already-formatted Urb request block Return Value: STATUS_SUCCESS if successful, STATUS_UNSUCCESSFUL otherwise --*/ { NTSTATUS ntStatus, status = STATUS_SUCCESS; PDEVICE_EXTENSION deviceExtension; PIRP irp; KEVENT event; IO_STATUS_BLOCK ioStatus; PIO_STACK_LOCATION nextStack; BULKUSB_KdPrint( DBGLVL_MAXIMUM,("enter BulkUsb_CallUSBD\n")); deviceExtension = DeviceObject->DeviceExtension; // // issue a synchronous request // KeInitializeEvent(&event, NotificationEvent, FALSE); irp = IoBuildDeviceIoControlRequest( IOCTL_INTERNAL_USB_SUBMIT_URB, deviceExtension->TopOfStackDeviceObject, //Points to the next-lower driver's device object NULL, // optional input bufer; none needed here 0, // input buffer len if used NULL, // optional output bufer; none needed here 0, // output buffer len if used TRUE, // If InternalDeviceControl is TRUE the target driver's Dispatch // outine for IRP_MJ_INTERNAL_DEVICE_CONTROL or IRP_MJ_SCSI // is called; otherwise, the Dispatch routine for // IRP_MJ_DEVICE_CONTROL is called. &event, // event to be signalled on completion &ioStatus); // Specifies an I/O status block to be set when the request is completed the lower driver. // // As an alternative, we could call KeDelayExecutionThread, wait for some // period of time, and try again....but we keep it simple for right now // if (!irp) { return STATUS_INSUFFICIENT_RESOURCES; } // // Call the class driver to perform the operation. If the returned status // is PENDING, wait for the request to complete. // nextStack = IoGetNextIrpStackLocation(irp); BULKUSB_ASSERT(nextStack != NULL); // // pass the URB to the USB driver stack // nextStack->Parameters.Others.Argument1 = Urb; ntStatus = IoCallDriver(deviceExtension->TopOfStackDeviceObject, irp); BULKUSB_KdPrint( DBGLVL_MAXIMUM,("BulkUsb_CallUSBD() return from IoCallDriver USBD %x\n", ntStatus)); if (ntStatus == STATUS_PENDING) { status = KeWaitForSingleObject( &event, Suspended, KernelMode, FALSE, NULL); } else { ioStatus.Status = ntStatus; } BULKUSB_KdPrint( DBGLVL_MAXIMUM,("BulkUsb_CallUSBD() URB status = %x status = %x irp status %x\n", Urb->UrbHeader.Status, status, ioStatus.Status)); // // USBD maps the error code for us // ntStatus = ioStatus.Status; BULKUSB_KdPrintCond( DBGLVL_MAXIMUM, !NT_SUCCESS( ntStatus ), ("exit BulkUsb_CallUSBD FAILED (%x)\n", ntStatus)); return ntStatus; } |
|
驱动程序能用WORD类型 变量吗
WORD 在ring3中是 unsigned short 相同的类型在WDM中是, USHORT typedef unsigned short USHORT; 当然你也可以重新定义。 |
|
[求助]驱动程序完成挂起的IRP蓝屏问题
问题解决啦。 上边写出的代码木有问题。 有问题的是IRP->MDLAddress被我MmProbeAndLockPages 锁定(其实已经被锁定), 然后再次其他时间调用了MmUnlockPages(pdx->pBufIrp->MdlAddress); 把IRP->MDLADDRESS给置换成分页的内存啦。 |
|
[求助]驱动程序完成挂起的IRP蓝屏问题
以下的dump信息是错误3时捕捉的错误信息。同错误一时,原因应该是一致的,只不过调用例程的场景不一致。 READ_ADDRESS: 98192bc0 CURRENT_IRQL: 2 FAULTING_IP: nt!MmUnlockPages+12b 80507c39 8b4710 mov eax,dword ptr [edi+10h] DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: USR_TESTR3.exe TRAP_FRAME: f7746b38 -- (.trap 0xfffffffff7746b38) ErrCode = 00000000 eax=00000002 ebx=8170e01c ecx=81712d00 edx=00000004 esi=8170e01c edi=98192bb0 eip=80507c39 esp=f7746bac ebp=f7746bd0 iopl=0 nv up ei ng nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282 nt!MmUnlockPages+0x12b: 80507c39 8b4710 mov eax,dword ptr [edi+10h] ds:0023:98192bc0=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 804f8b9d to 80528bdc STACK_TEXT: f77466ec 804f8b9d 00000003 f7746a48 00000000 nt!RtlpBreakWithStatusInstruction f7746738 804f978a 00000003 98192bc0 80507c39 nt!KiBugCheckDebugBreak+0x19 f7746b18 80541683 0000000a 98192bc0 00000002 nt!KeBugCheck2+0x574 f7746b18 80507c39 0000000a 98192bc0 00000002 nt!KiTrap0E+0x233 f7746bd0 804f17e4 8170e000 8131a9d0 812f4e70 nt!MmUnlockPages+0x12b f7746bf8 f96808d7 814a5ca0 f7746c20 804f15e3 nt!IopfCompleteRequest+0x1e8 f7746c04 804f15e3 814a5be8 812f4e70 812f4e80 Test!IrpCancelRoutine+0x37 [f:\WDM\Test\readwrite.cpp @ 617] f7746c20 8056b8fd 812f4e70 8133f638 8131a7c0 nt!IoCancelIrp+0x6f f7746c48 805c96f8 8131a7c0 8131a7c0 8131aa08 nt!IoCancelThreadIo+0x33 f7746d08 805c9b54 00000001 8131a7c0 00000000 nt!PspExitThread+0x42a f7746d28 805c9d2f 8131a7c0 00000001 f7746d64 nt!PspTerminateThreadByPointer+0x52 f7746d54 8053e638 00000000 00000001 0012fed0 nt!NtTerminateProcess+0x105 f7746d54 7c92e514 00000000 00000001 0012fed0 nt!KiFastCallEntry+0xf8 0012fdd0 7c92de7a 7c81cace ffffffff 00000001 ntdll!KiFastSystemCallRet 0012fdd4 7c81cace ffffffff 00000001 00c43168 ntdll!NtTerminateProcess+0xc 0012fed0 7c81cb26 00000001 77e8f3b0 ffffffff kernel32!_ExitProcess+0x62 0012fee4 00455d19 00000001 00455f1f 00000001 kernel32!ExitProcess+0x14 WARNING: Stack unwind information not available. Following frames may be wrong. 0012ff24 00455f44 00000001 00000000 00000000 USR_TESTR3+0x55d19 0012ffc0 7c817077 00390038 00370035 7ffd5000 USR_TESTR3+0x55f44 0012fff0 00000000 0045116f 00000000 78746341 kernel32!BaseProcessStart+0x23 STACK_COMMAND: kb FOLLOWUP_IP: test!IrpCancelRoutine+37 [f:\WDM\Test\readwrite.cpp @ 617] f96808d7 8be5 mov esp,ebp FAULTING_SOURCE_CODE: 613: if( Irp == pdx->pBufIrp) 614: { 615: pdx->pBufIrp = NULL; 616: } 617: 618: Irp->IoStatus.Status = STATUS_CANCELLED; 619: Irp->IoStatus.Information = 0; > 620: IoCompleteRequest(Irp,IO_NO_INCREMENT); 621: 622: return; SYMBOL_STACK_INDEX: 6 SYMBOL_NAME: Test!IrpCancelRoutine+37 FOLLOWUP_NAME: MachineOwner MODULE_NAME: Test IMAGE_NAME: Test.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4f0d65b2 FAILURE_BUCKET_ID: 0xA_Test!IrpCancelRoutine+37 BUCKET_ID: 0xA_Test!IrpCancelRoutine+37 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值