首页
社区
课程
招聘
[求助]关于IOControlCode
发表于: 2013-4-6 21:02 7002

[求助]关于IOControlCode

2013-4-6 21:02
7002
自己写一个磁盘过滤驱动,需要截取IRP_MJ_WRITE,另外还有一个IRP_MJ_DEVICE_CONTROL,但是所有发给disk.sys的IRP_MJ_DEVICE_CONTROL,其中具体的IOControlCode有哪些?有几个IOControlCode?具体都是些什么作用?有没有类似写盘功能的code,这些所有的IOControlCode在哪个头文件被定义啊?或者有哪个文章或网页有详细的定义吗?主要是,如果这些IOControlCode中间有写盘的功能的code,就和IRP_MJ_WRITE,需要被截取下来进行一些处理。

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 0
支持
分享
最新回复 (2)
雪    币: 468
活跃值: (52)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
比如我知道有一个IOCTL_VOLUME_ONLINE,还有其他的IOCTL在哪里有定义啊?能够所有的IOControlCode全部列出来就好了。
2013-4-6 21:10
0
雪    币: 4817
活跃值: (23)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
你看看WDK src\storage\class\disk\disk.c里的DiskDeviceControl,里边有磁盘设备需要处理的所有IOCTL的过程
PS:如果你测试的是XP系统,那么不要看最新的WDK里的DISK源码,要看与XP匹配WDK的DISK源码才好。
__control_entrypoint(DeviceDriver)
NTSTATUS
DiskDeviceControl(
    PDEVICE_OBJECT DeviceObject,
    PIRP Irp
    )

/*++

Routine Description:

    I/O system entry for device controls to SCSI disks.

Arguments:

    Fdo - Pointer to functional device object created by system.
    Irp - IRP involved.

Return Value:

    Status is returned.

--*/

{
    PIO_STACK_LOCATION  irpStack = IoGetCurrentIrpStackLocation(Irp);
    NTSTATUS            status = STATUS_SUCCESS;
    ULONG               ioctlCode;

    ASSERT(DeviceObject != NULL);

    Irp->IoStatus.Information = 0;
    ioctlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;

    TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL, "DiskDeviceControl: Received IOCTL 0x%X for device %p through IRP %p\n",
                ioctlCode, DeviceObject, Irp));

    switch (ioctlCode) {

        case IOCTL_DISK_GET_CACHE_INFORMATION: {
            status = DiskIoctlGetCacheInformation(DeviceObject, Irp);
            break;
        }

        case IOCTL_DISK_SET_CACHE_INFORMATION: {
            status = DiskIoctlSetCacheInformation(DeviceObject, Irp);
            break;
        }

        case IOCTL_DISK_GET_CACHE_SETTING: {
            status = DiskIoctlGetCacheSetting(DeviceObject, Irp);
            break;
        }

        case IOCTL_DISK_SET_CACHE_SETTING: {
            status = DiskIoctlSetCacheSetting(DeviceObject, Irp);
            break;
        }

        case IOCTL_DISK_GET_DRIVE_GEOMETRY: {
            status = DiskIoctlGetDriveGeometry(DeviceObject, Irp);
            break;
        }

        case IOCTL_DISK_GET_DRIVE_GEOMETRY_EX: {
            status = DiskIoctlGetDriveGeometryEx( DeviceObject, Irp );
            break;
        }

        case IOCTL_DISK_VERIFY: {
            status = DiskIoctlVerify(DeviceObject, Irp);
            break;
        }

        case IOCTL_DISK_GET_LENGTH_INFO: {
            status = DiskIoctlGetLengthInfo(DeviceObject, Irp);
            break;
        }

        case IOCTL_DISK_IS_WRITABLE: {
            status = DiskIoctlIsWritable(DeviceObject, Irp);
            break;
        }

        case IOCTL_DISK_UPDATE_DRIVE_SIZE: {
            status = DiskIoctlUpdateDriveSize(DeviceObject, Irp);
            break;
        }

        case IOCTL_DISK_REASSIGN_BLOCKS: {
            status = DiskIoctlReassignBlocks(DeviceObject, Irp);
            break;
        }

        case IOCTL_DISK_REASSIGN_BLOCKS_EX: {
            status = DiskIoctlReassignBlocksEx(DeviceObject, Irp);
            break;
        }

        case IOCTL_DISK_INTERNAL_SET_VERIFY: {
            status = DiskIoctlSetVerify(DeviceObject, Irp);
            break;
        }

        case IOCTL_DISK_INTERNAL_CLEAR_VERIFY: {
            status = DiskIoctlClearVerify(DeviceObject, Irp);
            break;
        }

        case IOCTL_STORAGE_GET_MEDIA_TYPES_EX: {
            status = DiskIoctlGetMediaTypesEx(DeviceObject, Irp);
            break;
        }

        case IOCTL_STORAGE_PREDICT_FAILURE : {
            status = DiskIoctlPredictFailure(DeviceObject, Irp);
            break;
        }

        case SMART_GET_VERSION: {
            status = DiskIoctlSmartGetVersion(DeviceObject, Irp);
            break;
        }

        case SMART_RCV_DRIVE_DATA: {
            status = DiskIoctlSmartReceiveDriveData(DeviceObject, Irp);
            break;
        }

        case SMART_SEND_DRIVE_COMMAND: {
            status = DiskIoctlSmartSendDriveCommand(DeviceObject, Irp);
            break;
        }

        case IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS:
        case IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS_ADMIN: {
            status = DiskIoctlGetVolumeDiskExtents(DeviceObject, Irp);
            break;
        }

        default: {

            //
            // Pass the request to the common device control routine.
            //
            return(ClassDeviceControl(DeviceObject, Irp));
            break;
        }
    } // end switch

    if (!NT_SUCCESS(status)) {

        TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL, "DiskDeviceControl: IOCTL 0x%X to device %p failed with error 0x%X\n",
                    ioctlCode, DeviceObject, status));
        if (IoIsErrorUserInduced(status) &&
            (Irp->Tail.Overlay.Thread != NULL)) {
            IoSetHardErrorOrVerifyDevice(Irp, DeviceObject);
        }
    }

    //
    // DiskIoctlVerify() (IOCTL_DISK_VERIFY) function returns STATUS_PENDING
    // and completes the IRP in the work item. Do not touch or complete
    // the IRP if STATUS_PENDING is returned.
    //

    if (status != STATUS_PENDING) {
        Irp->IoStatus.Status = status;
        ClassReleaseRemoveLock(DeviceObject, Irp);
        ClassCompleteRequest(DeviceObject, Irp, IO_NO_INCREMENT);
    }

    return(status);
} // end DiskDeviceControl()

2013-4-7 11:21
0
游客
登录 | 注册 方可回帖
返回
//