请问大家在USB过滤驱动中怎样读扇区数据？
大家好 ，我弄了个USB过滤驱动，读扇区时遇到了问题！

读扇区采用如下的代码，在AddDevice、IRP_MJ_Create、OnStartDevice都读不到 数据，
在DispatchForSCSI则蓝屏， 请大家帮忙看看！

按如下方式访问： status = AtapiReadWriteDisk(fido,IRP_MJ_READ,buf,1,1);

代码：
ULONG AtapiReadWriteDisk(PDEVICE_OBJECT dev_object,ULONG MajorFunction, PVOID buffer,ULONG DiskPos, int BlockCount)
{
NTSTATUS status;
PSCSI_REQUEST_BLOCK srb;
PSENSE_DATA sense;
KEVENT Event;
PIRP irp;
PMDL mdl;
IO_STATUS_BLOCK isb;
PIO_STACK_LOCATION isl;
PVOID psense;
PDEVICE_EXTENSION pdx = (PDEVICE_EXTENSION) dev_object->DeviceExtension;
  PDEVICE_OBJECT DeviceObject = pdx->DeviceObject;
int count = 8;

while(1)
{
srb = (PSCSI_REQUEST_BLOCK)ExAllocatePool(NonPagedPool,sizeof(SCSI_REQUEST_BLOCK));
if(!srb)
break;
sense = (PSENSE_DATA)ExAllocatePool(NonPagedPool,sizeof(SENSE_DATA));
psense=sense;
if(!sense)
break;
memset(srb,0,sizeof(SCSI_REQUEST_BLOCK));
memset(sense,0,sizeof(SENSE_DATA));

srb->Length=sizeof(SCSI_REQUEST_BLOCK);
srb->Function=0;
srb->DataBuffer=buffer;
srb->DataTransferLength=BlockCount*512; //sector size*number of sector
srb->QueueAction=SRB_FLAGS_DISABLE_AUTOSENSE;
srb->SrbStatus=0;
srb->ScsiStatus=0;
srb->NextSrb=0;
srb->SenseInfoBuffer=sense;
srb->SenseInfoBufferLength=sizeof(SENSE_DATA);

  if(MajorFunction==IRP_MJ_READ)
  srb->SrbFlags=SRB_FLAGS_DATA_IN;

  if(MajorFunction==IRP_MJ_READ)
  srb->SrbFlags|=SRB_FLAGS_ADAPTER_CACHE_ENABLE;

srb->SrbFlags|=SRB_FLAGS_DISABLE_AUTOSENSE;
srb->TimeOutValue=(srb->DataTransferLength>>10)+1;
srb->QueueSortKey=DiskPos;
srb->CdbLength=10;

  srb->Cdb[0] = SCSIOP_READ;  
  srb->Cdb[1] = 0x80;
srb->Cdb[2] = (unsigned char)(DiskPos>>0x18);  
srb->Cdb[3] = (unsigned char)(DiskPos>>0x10);  
srb->Cdb[4] = (unsigned char)(DiskPos>>0x08);  
srb->Cdb[5] = (UCHAR)DiskPos; //填写sector位置
srb->Cdb[7] = BlockCount>>0x08;
srb->Cdb[8] = (UCHAR)BlockCount;

KeInitializeEvent(&Event, NotificationEvent, FALSE);
irp=IoAllocateIrp(DeviceObject->StackSize,0);
mdl=IoAllocateMdl(buffer, BlockCount*512, 0, 0, irp);
irp->MdlAddress=mdl;
if(!mdl)
{
ExFreePool(srb);
ExFreePool(psense);
IoFreeIrp(irp);
return STATUS_INSUFFICIENT_RESOURCES;
}
MmProbeAndLockPages(mdl,0,(MajorFunction==IRP_MJ_READ?IoReadAccess:IoWriteAccess));
srb->OriginalRequest=irp;
irp->UserIosb=&isb;
irp->UserEvent=&Event;
irp->IoStatus.Status=0;
irp->IoStatus.Information=0;
irp->Flags=IRP_SYNCHRONOUS_API|IRP_NOCACHE;
irp->AssociatedIrp.SystemBuffer=0;
irp->Cancel=0;
irp->RequestorMode=0;
irp->CancelRoutine=0;
irp->Tail.Overlay.Thread=PsGetCurrentThread(); //delete by scott

isl=IoGetNextIrpStackLocation(irp);
isl->DeviceObject=DeviceObject;
isl->MajorFunction=IRP_MJ_SCSI;
isl->Parameters.Scsi.Srb=srb;
//isl->CompletionRoutine=IrpCompletionRoutine_0;
isl->Context=srb;
isl->Control=SL_INVOKE_ON_CANCEL|SL_INVOKE_ON_SUCCESS|SL_INVOKE_ON_ERROR;
IoSetCompletionRoutine(irp,IrpCompletionRoutine_0,srb,1,1,1);

status=IoCallDriver(pdx->LowerDeviceObject,irp);
KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, 0);

if(srb->SenseInfoBuffer!=psense&&srb->SenseInfoBuffer)
ExFreePool(srb->SenseInfoBuffer);

ExFreePool(srb);
ExFreePool(psense);

if ( status >= 0 || !count )
return status;

DbgPrint("Send XXX Failed..%08x\r\n", status);
KeStallExecutionProcessor(1u);
--count;
}
return STATUS_INSUFFICIENT_RESOURCES;
}

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法