能力值:
( LV2,RANK:10 )
|
-
-
10 楼
我用irp 在win10上打开文件总是出错返回0xC000000D.请各位大牛帮忙看看:
BOOLEAN GetDriveObject(
IN ULONG DriveNumber,
OUT PDEVICE_OBJECT *DeviceObject,
OUT PDEVICE_OBJECT *ReadDevice
) {
WCHAR driveName[] = L"\\DosDevices\\A:\\";
UNICODE_STRING deviceName;
HANDLE deviceHandle;
OBJECT_ATTRIBUTES objectAttributes;
IO_STATUS_BLOCK ioStatus;
PFILE_OBJECT fileObject;
NTSTATUS status;
if (DriveNumber >= 'A' && DriveNumber <= 'Z')
{
driveName[12] = (CHAR)DriveNumber;
}
else if (DriveNumber >= 'a' && DriveNumber <= 'z')
{
driveName[12] = (CHAR)DriveNumber - 'a' + 'A';
}
else
{
return FALSE;
}
RtlInitUnicodeString(&deviceName, driveName);
InitializeObjectAttributes(&objectAttributes,
&deviceName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
status = IoCreateFile(&deviceHandle,
SYNCHRONIZE | FILE_ANY_ACCESS,
&objectAttributes,
&ioStatus,
NULL,
0,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE,
NULL,
0,
CreateFileTypeNone,
NULL,
0x100);
if (!NT_SUCCESS(status))
{
DbgPrint("Could not open drive %c: %x/n", DriveNumber, status);
return FALSE;
}
status = ObReferenceObjectByHandle(deviceHandle,
FILE_READ_DATA,
*IoFileObjectType,
KernelMode,
&fileObject,
NULL);
if (!NT_SUCCESS(status))
{
DbgPrint("Could not get fileobject from handle: %c/n", DriveNumber);
ZwClose(deviceHandle);
return FALSE;
}
if (fileObject->Vpb == 0 || fileObject->Vpb->RealDevice == NULL)
{
ObDereferenceObject(fileObject);
ZwClose(deviceHandle);
return FALSE;
}
*DeviceObject = fileObject->Vpb->DeviceObject;
*ReadDevice = fileObject->Vpb->RealDevice;
ObDereferenceObject(fileObject);
ZwClose(deviceHandle);
return TRUE;
}
NTSTATUS IoCompletionRoutine(
IN PDEVICE_OBJECT device_object,
IN PIRP irp,
IN PVOID context
){
UNREFERENCED_PARAMETER(device_object);
UNREFERENCED_PARAMETER(context);
*irp->UserIosb = irp->IoStatus;
if(irp->UserEvent)
KeSetEvent(irp->UserEvent, IO_NO_INCREMENT, 0);
if(irp->MdlAddress){
IoFreeMdl(irp->MdlAddress);
irp->MdlAddress = NULL;
}
IoFreeIrp(irp);
return STATUS_MORE_PROCESSING_REQUIRED;
}
NTSTATUS IrpCreateFile(
IN PUNICODE_STRING FileName,
IN ACCESS_MASK DesiredAccess,
OUT PIO_STATUS_BLOCK io_status,
IN ULONG FileAttributes,
IN ULONG ShareAccess,
IN ULONG CreateDisposition,
IN ULONG CreateOptions,
IN PDEVICE_OBJECT DeviceObject,
IN PDEVICE_OBJECT RealDevice,
OUT PVOID *Object
){
NTSTATUS status;
KEVENT event;
PIRP irp;
PIO_STACK_LOCATION irp_sp;
IO_SECURITY_CONTEXT security_context;
ACCESS_STATE access_state;
OBJECT_ATTRIBUTES object_attributes;
PFILE_OBJECT file_object;
AUX_ACCESS_DATA aux_data;
if(FileName->Buffer[1] != L':')
return STATUS_INTERNAL_ERROR;
if (GetDriveObject(FileName->Buffer[0], &DeviceObject, &RealDevice) == FALSE)
return STATUS_INTERNAL_ERROR;
RtlZeroMemory(&aux_data, sizeof(AUX_ACCESS_DATA));
KeInitializeEvent(&event, SynchronizationEvent, FALSE);
irp = IoAllocateIrp(DeviceObject->StackSize, FALSE);
if(irp == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
InitializeObjectAttributes(&object_attributes, NULL, OBJ_CASE_INSENSITIVE, 0, NULL);
status = ObCreateObject(KernelMode,
*IoFileObjectType,
&object_attributes,
KernelMode,
NULL,
sizeof(FILE_OBJECT),
0,
0,
(PVOID *)&file_object);
if(!NT_SUCCESS(status)){
IoFreeIrp(irp);
return status;
}
RtlZeroMemory(file_object, sizeof(FILE_OBJECT));
file_object->Size = sizeof(FILE_OBJECT);
file_object->Type = IO_TYPE_FILE;
file_object->DeviceObject = RealDevice;
if(CreateOptions & (FILE_SYNCHRONOUS_IO_ALERT | FILE_SYNCHRONOUS_IO_NONALERT)){
file_object->Flags = FO_SYNCHRONOUS_IO;
if(CreateOptions & FILE_SYNCHRONOUS_IO_ALERT)
file_object->Flags |= FO_ALERTABLE_IO;
}
if(CreateOptions & FILE_NO_INTERMEDIATE_BUFFERING)
file_object->Flags |= FO_NO_INTERMEDIATE_BUFFERING;
file_object->FileName.MaximumLength = FileName->MaximumLength;
file_object->FileName.Buffer = ExAllocatePool(NonPagedPool, FileName->MaximumLength);
if (file_object->FileName.Buffer == NULL){
IoFreeIrp(irp);
ObDereferenceObject(file_object);
return STATUS_INSUFFICIENT_RESOURCES;
}
RtlCopyUnicodeString(&file_object->FileName, FileName);
KeInitializeEvent(&file_object->Lock, SynchronizationEvent, FALSE);
KeInitializeEvent(&file_object->Event, NotificationEvent, FALSE);
irp->MdlAddress = NULL;
irp->Flags |= IRP_CREATE_OPERATION | IRP_SYNCHRONOUS_API;
irp->RequestorMode = KernelMode;
irp->UserIosb = io_status;
irp->UserEvent = &event;
irp->PendingReturned = FALSE;
irp->Cancel = FALSE;
irp->CancelRoutine = NULL;
irp->Tail.Overlay.Thread = (PETHREAD)KeGetCurrentThread();
irp->Tail.Overlay.AuxiliaryBuffer = NULL;
irp->Tail.Overlay.OriginalFileObject = file_object;
status = SeCreateAccessState(&access_state,
&aux_data,
DesiredAccess,
IoGetFileObjectGenericMapping());
if(!NT_SUCCESS(status)){
IoFreeIrp(irp);
ExFreePool(file_object->FileName.Buffer);
ObDereferenceObject(file_object);
return status;
}
security_context.SecurityQos = NULL;
security_context.AccessState = &access_state;
security_context.DesiredAccess = DesiredAccess;
security_context.FullCreateOptions = 0;
irp_sp= IoGetNextIrpStackLocation(irp);
irp_sp->MajorFunction = IRP_MJ_CREATE;
irp_sp->DeviceObject = DeviceObject;
irp_sp->FileObject =file_object;
irp_sp->Parameters.Create.SecurityContext = &security_context;
irp_sp->Parameters.Create.Options = (CreateDisposition << 24) | CreateOptions;
irp_sp->Parameters.Create.FileAttributes = (USHORT)FileAttributes;
irp_sp->Parameters.Create.ShareAccess = (USHORT)ShareAccess;
irp_sp->Parameters.Create.EaLength = 0;
IoSetCompletionRoutine(irp, IoCompletionRoutine, NULL, TRUE, TRUE, TRUE);
status = IoCallDriver(DeviceObject, irp);
if (status == STATUS_PENDING)
KeWaitForSingleObject(&event, Executive, KernelMode, TRUE, NULL);
status = io_status->Status;
if (!NT_SUCCESS(status)){
ExFreePool(file_object->FileName.Buffer);
file_object->FileName.Length = 0;
file_object->DeviceObject = NULL;
ObDereferenceObject(file_object);
}else{
InterlockedIncrement(&file_object->DeviceObject->ReferenceCount);
if (file_object->Vpb)
InterlockedIncrement((PLONG)&file_object->Vpb->ReferenceCount);
*Object = file_object;
}
return status;
}
|
