-
-
[求助]关于磁盘卷过滤的困惑
-
发表于: 2012-11-17 16:31
-
初来乍到内核世界的我最近看寒江独钓的磁盘卷过滤一章时,遇到很多困难,刚开始仿照书上的例子自己写一份,结果蓝屏了,windbg调试了一天也跟不出错误来,最后重写,写一点便测试一点。但刚写了不多,测试时便又蓝了,很是无奈,蓝屏了多少次已经数不出来了,求好心的大侠指点下,好让自己再写下去。
VolumeFilter.rar
下面是我只写了一点的代码:
extern "C"
NTSTATUS DriverEntry(
IN PDRIVER_OBJECT pDriver,
IN PUNICODE_STRING pRegPath
)
{
#if DBG
__asm int 3
#endif
pDriver->DriverUnload = DriverUnload;
pDriver->DriverExtension->AddDevice = AddDeviceRoutine;
for (int i = 0 ;i < IRP_MJ_MAXIMUM_FUNCTION ;i++)
pDriver->MajorFunction[i] = DsphIrpGeneral;
return STATUS_SUCCESS;
}
NTSTATUS DsphIrpGeneral(
IN PDEVICE_OBJECT pDevice,
IN PIRP pIrp
)
{
PIO_STACK_LOCATION pIrpStack = IoGetCurrentIrpStackLocation(pIrp);
PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pDevice->DeviceExtension;
if (IRP_MJ_PNP_POWER == pIrpStack->MajorFunction){
PoStartNextPowerIrp(pIrp);
IoSkipCurrentIrpStackLocation(pIrp);
return PoCallDriver(pDevExt->pDevLower ,pIrp);
}
IoSkipCurrentIrpStackLocation(pIrp);
return IoCallDriver(pDevExt->pDevLower ,pIrp);
}
NTSTATUS AddDeviceRoutine(
IN PDRIVER_OBJECT pDriver,
IN PDEVICE_OBJECT pDevPhysical
)
{
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_OBJECT pDevLower = NULL;
PDEVICE_OBJECT pDevice = NULL;
status = IoCreateDevice(pDriver ,sizeof(DEVICE_EXTENSION) ,NULL ,FILE_DEVICE_DISK ,FILE_DEVICE_SECURE_OPEN ,false ,&pDevice);
if (!NT_SUCCESS(status))
goto _ERR_RET;
PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pDevice->DeviceExtension;
memset(pDevExt ,0 ,sizeof(PDEVICE_EXTENSION));
pDevLower = IoAttachDeviceToDeviceStack(pDevice ,pDevPhysical);
if (!pDevLower)
goto _ERR_RET;
pDevice->Flags = pDevLower->Flags;
pDevice->Flags |= DO_POWER_PAGABLE;
pDevice->Flags &= ~DO_DEVICE_INITIALIZING;
pDevExt->pDevice = pDevice;
pDevExt->pDevLower = pDevLower;
pDevExt->pDevPhysical = pDevPhysical;
KeInitializeEvent(&pDevExt->PagePathCountEvent ,SynchronizationEvent ,true);
KeInitializeEvent(&pDevExt->ReqEvent ,SynchronizationEvent ,false);
KeInitializeSpinLock(&pDevExt->ReqSpinLock);
return STATUS_SUCCESS;
_ERR_RET:
if (pDevLower)
IoDetachDevice(pDevLower);
if (pDevice)
IoDeleteDevice(pDevice);
return STATUS_UNSUCCESSFUL;
}
代码很简单,只是简单地在AddDevice函数中创建设备并挂接到物理设备上,分发函数也只是简单地IoSkipCurrentStackLocation() ,IoCallDriver() ,往下发送,基本上不应该有什么错的,但还是无情的蓝屏了,通过跟踪发现,如果AddDevice不将创建的设备挂接到物理设备上,便不会蓝,而且将创建的设备挂接到物理设备上,在PNP管理器3次调用AddDevice()后便开始蓝屏了,此时之前还未收到任何IRP请求。十分的郁闷,每次一开机就蓝,真的很头疼了,也真的很想知道答案,真心求助,希望好心的大侠指点一二,小辈感激不尽……
VolumeFilter.rar
下面是我只写了一点的代码:
extern "C"
NTSTATUS DriverEntry(
IN PDRIVER_OBJECT pDriver,
IN PUNICODE_STRING pRegPath
)
{
#if DBG
__asm int 3
#endif
pDriver->DriverUnload = DriverUnload;
pDriver->DriverExtension->AddDevice = AddDeviceRoutine;
for (int i = 0 ;i < IRP_MJ_MAXIMUM_FUNCTION ;i++)
pDriver->MajorFunction[i] = DsphIrpGeneral;
return STATUS_SUCCESS;
}
NTSTATUS DsphIrpGeneral(
IN PDEVICE_OBJECT pDevice,
IN PIRP pIrp
)
{
PIO_STACK_LOCATION pIrpStack = IoGetCurrentIrpStackLocation(pIrp);
PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pDevice->DeviceExtension;
if (IRP_MJ_PNP_POWER == pIrpStack->MajorFunction){
PoStartNextPowerIrp(pIrp);
IoSkipCurrentIrpStackLocation(pIrp);
return PoCallDriver(pDevExt->pDevLower ,pIrp);
}
IoSkipCurrentIrpStackLocation(pIrp);
return IoCallDriver(pDevExt->pDevLower ,pIrp);
}
NTSTATUS AddDeviceRoutine(
IN PDRIVER_OBJECT pDriver,
IN PDEVICE_OBJECT pDevPhysical
)
{
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_OBJECT pDevLower = NULL;
PDEVICE_OBJECT pDevice = NULL;
status = IoCreateDevice(pDriver ,sizeof(DEVICE_EXTENSION) ,NULL ,FILE_DEVICE_DISK ,FILE_DEVICE_SECURE_OPEN ,false ,&pDevice);
if (!NT_SUCCESS(status))
goto _ERR_RET;
PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pDevice->DeviceExtension;
memset(pDevExt ,0 ,sizeof(PDEVICE_EXTENSION));
pDevLower = IoAttachDeviceToDeviceStack(pDevice ,pDevPhysical);
if (!pDevLower)
goto _ERR_RET;
pDevice->Flags = pDevLower->Flags;
pDevice->Flags |= DO_POWER_PAGABLE;
pDevice->Flags &= ~DO_DEVICE_INITIALIZING;
pDevExt->pDevice = pDevice;
pDevExt->pDevLower = pDevLower;
pDevExt->pDevPhysical = pDevPhysical;
KeInitializeEvent(&pDevExt->PagePathCountEvent ,SynchronizationEvent ,true);
KeInitializeEvent(&pDevExt->ReqEvent ,SynchronizationEvent ,false);
KeInitializeSpinLock(&pDevExt->ReqSpinLock);
return STATUS_SUCCESS;
_ERR_RET:
if (pDevLower)
IoDetachDevice(pDevLower);
if (pDevice)
IoDeleteDevice(pDevice);
return STATUS_UNSUCCESSFUL;
}
代码很简单,只是简单地在AddDevice函数中创建设备并挂接到物理设备上,分发函数也只是简单地IoSkipCurrentStackLocation() ,IoCallDriver() ,往下发送,基本上不应该有什么错的,但还是无情的蓝屏了,通过跟踪发现,如果AddDevice不将创建的设备挂接到物理设备上,便不会蓝,而且将创建的设备挂接到物理设备上,在PNP管理器3次调用AddDevice()后便开始蓝屏了,此时之前还未收到任何IRP请求。十分的郁闷,每次一开机就蓝,真的很头疼了,也真的很想知道答案,真心求助,希望好心的大侠指点一二,小辈感激不尽……
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
原来是这句的错,for (int i = 0 ;i < IRP_MJ_MAXIMUM_FUNCTION ;i++) ,一直蓝屏的原因就是
i < IRP_MJ_MAXIMUM_FUNCTION ,少了个=, ,还是要谢谢你 ,tydef兄……
|
