-
-
[求助]为什么IoCallDriver返回STATUS_CANCELLED
-
发表于:
2009-9-20 05:32
8509
-
[求助]为什么IoCallDriver返回STATUS_CANCELLED
代码是枚举通信端口用的,是根据网上的一些资料写的,但是不知道为什么IoCallDriver返回STATUS_CANCELLED,其中有个地方我觉得可能问题较大,就是关于IOCTL_TCP_QUERY_INFORMATION_EX 这个IDCTL的定义问题,我仅查到了一份资料,于是按那个定义的#define IOCTL_TCP_QUERY_INFORMATION_EX 0x00120003 ,不知道此代码有啥问题,我弄了一晚上了也没弄出名堂,谢谢各位了
#define IOCTL_TCP_QUERY_INFORMATION_EX 0x00120003
LONG GetPortCount() //获取端口信息和个数,保存之
{
LONG PortCount = 0;
UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(L"\\Device\\Tcp");
PFILE_OBJECT FileObject = NULL;
PDEVICE_OBJECT DeviceObject = NULL;
PTCP_REQUEST_QUERY_INFORMATION_EX pRequestInformationEx ;
PVOID pOutputBuff;
IO_STATUS_BLOCK StatusBlock;
PIO_STACK_LOCATION StackLocation ;
PIRP pIrp;
KEVENT Event;
NTSTATUS ntStatus = IoGetDeviceObjectPointer(&DeviceName, GENERIC_READ|GENERIC_WRITE, &FileObject, &DeviceObject);
if(!NT_SUCCESS(ntStatus))
return 0;
pRequestInformationEx = (PTCP_REQUEST_QUERY_INFORMATION_EX)ExAllocatePool(PagedPool, sizeof(TCP_REQUEST_QUERY_INFORMATION_EX));
if (NULL == pRequestInformationEx)
{
return 0;
}
RtlZeroMemory(pRequestInformationEx, sizeof(TCP_REQUEST_QUERY_INFORMATION_EX));
pOutputBuff = ExAllocatePool(PagedPool, PAGE_SIZE);
RtlZeroMemory(pOutputBuff, PAGE_SIZE);
//查看TCP端口
pRequestInformationEx->ID.toi_entity.tei_instance = 0;
pRequestInformationEx->ID.toi_class = INFO_CLASS_PROTOCOL;
pRequestInformationEx->ID.toi_type = INFO_TYPE_PROVIDER;
pRequestInformationEx->ID.toi_id = 0x102;
pRequestInformationEx->ID.toi_entity.tei_entity = CO_TL_ENTITY;
KeInitializeEvent(&Event, NotificationEvent, FALSE);
pIrp = IoBuildDeviceIoControlRequest(IOCTL_TCP_QUERY_INFORMATION_EX , DeviceObject, (PVOID)&pRequestInformationEx, sizeof(TCP_REQUEST_QUERY_INFORMATION_EX), pOutputBuff, PAGE_SIZE, FALSE, &Event, &StatusBlock);
if(!pIrp)
{
return 0;
}
StackLocation = IoGetNextIrpStackLocation(pIrp);
StackLocation->FileObject = FileObject;
pIrp->Tail.Overlay.Thread = PsGetCurrentThread();
StackLocation->DeviceObject = DeviceObject;
ntStatus = IoCallDriver(DeviceObject, pIrp); //////////////////////////就是此处返回STATUS_CANCELLED,郁闷
if(ntStatus == STATUS_BUFFER_TOO_SMALL)
{
return 0;
}
else if(ntStatus == STATUS_PENDING)
{
ntStatus = KeWaitForSingleObject(&Event, Executive, 0, 0, 0);
}
PMIB_TCPROW_OWNER_PID pTcpInfo = (PMIB_TCPROW_OWNER_PID)pOutputBuff;
for(; pTcpInfo->OwningPid; pTcpInfo++)
{
PPORT_INFO_LIST pInfoNode = (PPORT_INFO_LIST)ExAllocatePool(PagedPool, sizeof(PORT_INFO_LIST));
pInfoNode->info.Flag = 0;
pInfoNode->info.LocalAddr = pTcpInfo->LocalAddr;
pInfoNode->info.LocalPort = pTcpInfo->LocalPort;
pInfoNode->info.OwnPid = pTcpInfo->OwningPid;
pInfoNode->info.RemoteAddr = pTcpInfo->RemoteAddr;
pInfoNode->info.RemotePort = pTcpInfo->RemotePort;
pInfoNode->info.State = pTcpInfo->State;
pInfoNode->next = g_pMyPortInfoListHead;
g_pMyPortInfoListHead = pInfoNode;
++PortCount;
}
if(pRequestInformationEx)
ExFreePool(pRequestInformationEx);
if(pOutputBuff)
ExFreePool(pOutputBuff);
if(FileObject)
ObDereferenceObject(FileObject);
if(DeviceObject)
ObDereferenceObject(DeviceObject);
return PortCount;
}
麻烦各位驻足稍微看看,再次感谢
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
