-
-
[旧帖]
[求助]ring3 CreateFile 内核驱动链接失败 返回错误3
0.00雪花
-
发表于:
2013-3-26 11:45
1822
-
[旧帖] [求助]ring3 CreateFile 内核驱动链接失败 返回错误3
0.00雪花
问:在做Ring0 Call Ring3的程序,ring3程序老是CreateFile失败,返回错误3
内核中创建设备函数如下:
#define KBD_DRIVER_NAME L"\\Driver\\Kbdclass"
#define KBD_DRIVER_LINK L"\\??\\KbdSymlink"
//创建键盘过滤设备
NTSTATUS CreateDeviceFun(IN PDRIVER_OBJECT pDriverObject ,IN PUNICODE_STRING pRegistryPath)
{
NTSTATUS ntStatus = 0 ;
UNICODE_STRING kbdDriverName ;
UNICODE_STRING kbdDriverLink ;
PKEY_BOARD_DEV_EXT pDevExt ;
PDEVICE_OBJECT pFilterDeviceObject = NULL ;
PDEVICE_OBJECT pTargetDeviceObject = NULL ;
PDEVICE_OBJECT pLowerDeviceObject = NULL ;
PDRIVER_OBJECT kbdDriverObject = NULL ;
KdPrint(("CreateDeviceFun: Create keyboard device now.\n")) ;
//打开Driver-->Kbdclass驱动对象
RtlInitUnicodeString(&kbdDriverName ,KBD_DRIVER_NAME) ;
ntStatus = ObReferenceObjectByName(&kbdDriverName ,OBJ_CASE_INSENSITIVE ,NULL ,0 ,IoDriverObjectType ,KernelMode ,NULL ,&kbdDriverObject) ;
if (!NT_SUCCESS(ntStatus))
{
KdPrint(("CreateDeviceFun: Open Kbdclass driver error.\n")) ;
return(ntStatus) ;
}
else
{
//调用ObReferenceObjectByName会导致驱动对象的引用计数增加
//必须调用相对应的解引用函数ObDereferenceObject
ObDereferenceObject(pDriverObject) ;
}
//创建虚拟过滤设备的链接
RtlInitUnicodeString(&kbdDriverLink ,KBD_DRIVER_LINK) ;
ntStatus = IoCreateSymbolicLink(&kbdDriverLink ,&kbdDriverName) ;
if (!NT_SUCCESS(ntStatus))
{
KdPrint(("CreateDeviceFun: Could not create Symlink error.\n")) ;
return ntStatus ;
}
//这是设备链的第一个设备,位于设备栈的顶层
pTargetDeviceObject = kbdDriverObject->DeviceObject ;
//遍历设备链
while (pTargetDeviceObject)
{
//生成一个过滤设备
ntStatus = IoCreateDevice(pDriverObject ,sizeof(KEY_BOARD_DEV_EXT) ,NULL ,pTargetDeviceObject->DeviceType ,pTargetDeviceObject->Characteristics ,FALSE ,OUT &pFilterDeviceObject) ;
if (!NT_SUCCESS(ntStatus))
{
KdPrint(("CreateDeviceFun: Create filter device error.\n")) ;
return(ntStatus) ;
}
//绑定之后得到的下一个设备
pLowerDeviceObject = IoAttachDeviceToDeviceStack(pFilterDeviceObject ,pTargetDeviceObject) ;
if (!pLowerDeviceObject)
{
KdPrint(("CreateDeviceFun: Attach device error.\n")) ;
//绑定失败后删除已建立的设备对象
IoDeleteDevice(pFilterDeviceObject) ;
pFilterDeviceObject = NULL ;
return(ntStatus) ;
}
//得到设备扩展对象
pDevExt = (PKEY_BOARD_DEV_EXT)(pFilterDeviceObject->DeviceExtension) ;
//对得到的设备扩展对象进行设置
SetDeviceExtension(pDevExt ,kbdDriverName ,kbdDriverLink ,pFilterDeviceObject ,pTargetDeviceObject ,pLowerDeviceObject) ;
//保持与被绑定的设备类型一致
pFilterDeviceObject->DeviceType = pLowerDeviceObject->DeviceType ;
pFilterDeviceObject->Characteristics = pLowerDeviceObject->Characteristics ;
pFilterDeviceObject->StackSize = pLowerDeviceObject->StackSize+1 ;
pFilterDeviceObject->Flags |= pLowerDeviceObject->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO | DO_POWER_PAGABLE) ;
//移动到下一个设备,继续遍历
pTargetDeviceObject = pTargetDeviceObject->NextDevice ;
}
return ntStatus ;
}
Ring3中的程序代码如下:
//1.打开驱动设备对象
HANDLE hDevice = CreateFile(L"\\.\\KbdSymlink" ,
GENERIC_READ | GENERIC_WRITE ,0 ,NULL ,OPEN_EXISTING ,
FILE_ATTRIBUTE_NORMAL ,NULL ) ;
if (hDevice == INVALID_HANDLE_VALUE)//判断设备是否成功打开
{
printf("Main: Failed to open device handle error code: %d\n" ,GetLastError()) ;
goto _Return ;
}
大家帮忙看看。等待问题原因。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
,最终的原因是因为我编写的NT式驱动框架,而如果IoCreateDevice中设备名称那个参数为空,就没法直接用IoCreateSymbolicLink直接创建符号链接,而应该用IoRegisterDeviceInterface函数创建。但NT式驱动编程框架不支持
,要改用WDM式驱动编程框架。解决
。
