[求助] 通过IRP 直接写文件设备类型为 FILE_DEVICE_NETWORK_FILE_SYSTEM 写入错误-付费问答-看雪-安全社区|安全招聘|kanxue.com

未解决 [求助] 通过IRP 直接写文件设备类型为 FILE_DEVICE_NETWORK_FILE_SYSTEM 写入错误 200.00雪花

发表于: 2022-4-7 20:34 4438

未解决 [求助] 通过IRP 直接写文件设备类型为 FILE_DEVICE_NETWORK_FILE_SYSTEM 写入错误 200.00雪花

Stone_Liyan 活跃值

2022-4-7 20:34

4438

通过构建IRP直接写入文件，当文件系统为本地硬盘时，工作正常，但直接写网络文件 DeviceType = 0x14 （FILE_DEVICE_NETWORK_FILE_SYSTEM）时，如果写入长度不等于4096 的整数倍，就会返回 -1073741811, "发送无效的参数给服务或功能。"

请问各位大侠如何解决？

代码如下：（length 不是4096整数倍就返回-1073741811）

NTSTATUS
IrpFileWrite (
IN PFILE_OBJECT FileObject,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN ULONG Length,
IN PVOID Buffer,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG Key
)
{
NTSTATUS Status;
KEVENT event = {0};
PIRP Irp;
PIO_STACK_LOCATION irpSp;
PDEVICE_OBJECT deviceObject;
LARGE_INTEGER liOldCurrentByteOffset = {0};

liOldCurrentByteOffset.QuadPart = FileObject->CurrentByteOffset.QuadPart;
 
 
if (FileObject->Vpb == NULL || FileObject->Vpb->RealDevice == NULL)
{
    if (FileObject->DeviceObject->DriverObject == g_XNFSDriverObject)
    {
        PXNFS_DEVICE_EXTENSION devExt = (PXNFS_DEVICE_EXTENSION)(FileObject->DeviceObject->DeviceExtension);
 
        //
        // 指向文件系统
        //
        deviceObject = devExt->relatedDevice;
    }
    else
    {
        if (FileObject->DeviceObject->DeviceType==FILE_DEVICE_DFS)
        {
            deviceObject = g_pNetFsDev;
        }
        else
            deviceObject = FileObject->DeviceObject;
    }
}
else
{
    deviceObject = FileObject->Vpb->DeviceObject;
}
 
Irp = IoAllocateIrp(deviceObject->StackSize, FALSE);
 
if (Irp == NULL)
    return STATUS_INSUFFICIENT_RESOURCES;
 
Irp->MdlAddress = IoAllocateMdl(Buffer, Length, FALSE, FALSE, NULL);
 
if (Irp->MdlAddress == NULL)
{
    g_HideFunction->pfnIoFreeIrp(Irp);
    return STATUS_INSUFFICIENT_RESOURCES;
}
 
MmBuildMdlForNonPagedPool(Irp->MdlAddress);
 
Irp->Flags = IRP_NOCACHE|IRP_WRITE_OPERATION|IRP_SYNCHRONOUS_API;
Irp->RequestorMode = KernelMode;
Irp->UserIosb = IoStatusBlock;
Irp->UserEvent = NULL;
Irp->Tail.Overlay.Thread = (PETHREAD)KeGetCurrentThread();
Irp->Tail.Overlay.OriginalFileObject = FileObject;
 
//
// fixed,在IoBuildPartialMdl时候会用到
//
Irp->UserBuffer = MmGetMdlVirtualAddress(Irp->MdlAddress);
 
irpSp = IoGetNextIrpStackLocation(Irp);
irpSp->MajorFunction = IRP_MJ_WRITE;
irpSp->MinorFunction = IRP_MN_NORMAL;
irpSp->DeviceObject = deviceObject;
irpSp->FileObject = FileObject;
irpSp->Parameters.Write.Length = Length;
irpSp->Parameters.Write.ByteOffset = *ByteOffset;
if (Key)
{
    irpSp->Parameters.Write.Key = Key;
    SetFlag(irpSp->Flags, SL_KEY_SPECIFIED);
}
 
KeInitializeEvent(&event, NotificationEvent, FALSE);
IoSetCompletionRoutine(Irp, IoCompletionRoutine, &event, TRUE, TRUE, TRUE);
Status = IofCallDriver(deviceObject, Irp);
 
if (Status == STATUS_PENDING)
    Status = KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL);
 
 
Status = IoStatusBlock->Status;
 
FileObject->CurrentByteOffset.QuadPart = liOldCurrentByteOffset.QuadPart;
return Status;