|
阅读:1279回复:2
为什么用StartService调驱动时,机器重启?
我编了一个小驱动mydriver1.sys,拷在系统目录下,在注册表中也加了键值。
调用OpenSCManger和OpenService都成功,调用StartService时,PC自动重启。 SC_HANDLE m_hSCM =OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); SC_HANDLE m_hDriver =OpenService( m_hSCM, (LPCTSTR)\"mydriver1\", SERVICE_ALL_ACCESS); DWORD nRet =StartService(m_hDriver, 0, NULL); 于是,我在mydriver1.sys的DriverEntry中设了断点DbgBreakPoint(),用softice单步调,没发现任何异常,驱动被成功安装。StartService返回值为1。 但是,如果不用softice调试,运行StartService时还是PC自动重启, 这是为什么??? 代码框架如下: typedef struct _DEVICE_EXTENSION { PDEVICE_OBJECT pDevice; UNICODE_STRING ustrDeviceName; UNICODE_STRING ustrSymLinkName; ...... ...... } DEVICE_EXTENSION, *PDEVICE_EXTENSION; extern \"C\" NTSTATUS DriverEntry ( IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath ) { DbgBreakPoint(); NTSTATUS Status ; ULONG ulDeviceNumber = 0; pDriverObject->DriverUnload = DriverUnload; Status =CreateDevice(pDriverObject,ulDeviceNumber ); return STATUS_SUCCESS; } NTSTATUS CreateDevice ( IN PDRIVER_OBJECT pDriverObject, IN ULONG ulDeviceNumber ) { DbgBreakPoint(); NTSTATUS status; PDEVICE_OBJECT pDevObj; PDEVICE_EXTENSION pDevExt; UNICODE_STRING wszTem1; RtlInitUnicodeString(&wszTem1,L\"\\\\Device\\\\LGLGLG\"); UNICODE_STRING wszTem2; wszTem2.Length =0; wszTem2.MaximumLength = 32; wszTem2.Buffer=(PWSTR)ExAllocatePoolWithTag(PagedPool, wszTem2.MaximumLength , 1633); NTSTATUS statusTem=RtlIntegerToUnicodeString(ulDeviceNumber,0,&wszTem2); if (!NT_SUCCESS(statusTem)) return statusTem; UNICODE_STRING devName; devName.Length =wszTem1.Length + wszTem2.Length ; devName.MaximumLength =devName.Length +2; devName.Buffer =(PWSTR)ExAllocatePoolWithTag(PagedPool, devName.MaximumLength , 1633); RtlCopyUnicodeString(&devName, (PUNICODE_STRING)&wszTem1); RtlAppendUnicodeStringToString(&devName, (PUNICODE_STRING)&wszTem2); devName.Buffer[ devName.Length /2] = UNICODE_NULL; status =IoCreateDevice( pDriverObject, sizeof(DEVICE_EXTENSION), &(UNICODE_STRING)devName, FILE_DEVICE_UNKNOWN, 0, TRUE, &pDevObj ); if (!NT_SUCCESS(status)) return status; pDevObj->Flags |= DO_BUFFERED_IO; ExFreePool( (PVOID)(wszTem2.Buffer )); pDevExt = (PDEVICE_EXTENSION)pDevObj->DeviceExtension; pDevExt->pDevice = pDevObj; pDevExt->ustrDeviceName=devName; ULONG ulTem=ulDeviceNumber+1; UNICODE_STRING wszTem3; RtlInitUnicodeString(&wszTem3,L\"\\\\??\\\\LGLGLGsymLindName\"); UNICODE_STRING wszTem4; wszTem4.Length =0; wszTem4.MaximumLength = 32; wszTem4.Buffer=(PWSTR)ExAllocatePoolWithTag(PagedPool, wszTem4.MaximumLength , 1633); statusTem=RtlIntegerToUnicodeString(ulTem,0,&wszTem4); if (!NT_SUCCESS(statusTem)) return statusTem; UNICODE_STRING symLinkName; symLinkName.Length =wszTem3.Length +wszTem4.Length ; symLinkName.MaximumLength =symLinkName.Length +2; symLinkName.Buffer =(PWSTR)ExAllocatePoolWithTag(PagedPool, symLinkName.MaximumLength , 1633); RtlCopyUnicodeString(&symLinkName, (PUNICODE_STRING)&wszTem3); RtlAppendUnicodeStringToString(&symLinkName, (PUNICODE_STRING)&wszTem4); symLinkName.Buffer[ symLinkName.Length /2] = UNICODE_NULL; pDevExt->ustrSymLinkName=symLinkName; status = IoCreateSymbolicLink( &(UNICODE_STRING)symLinkName, &(UNICODE_STRING)devName ); if (!NT_SUCCESS(status)) { IoDeleteDevice( pDevObj ); return status; } ExFreePool( (PVOID)(wszTem4.Buffer )); return STATUS_SUCCESS; } VOID DriverUnload ( IN PDRIVER_OBJECT pDriverObject ) { DbgBreakPoint(); PDEVICE_OBJECT pNextObj; pNextObj = pDriverObject->DeviceObject; while (pNextObj != NULL) { PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pNextObj->DeviceExtension; UNICODE_STRING pLinkName = pDevExt->ustrSymLinkName; IoDeleteSymbolicLink(&pLinkName); ExFreePool( (PVOID)(pDevExt->ustrSymLinkName.Buffer )); ExFreePool( (PVOID)(pDevExt->ustrDeviceName.Buffer )); pNextObj = pNextObj->NextDevice; IoDeleteDevice( pDevExt->pDevice ); } } |
|
|
沙发#
发布于:2002-10-05 09:32
我用softice调时,devName等于\"\\\\Device\\\\LGLGLG0\",symLinkName等于\"\\\\??\\\\LGLGLGsymLindName1\",IoCreateSymbolicLink和IoCreateDevice的返回值也是正确的,可为什麽不用softice调时,一旦加载驱动(StartService),PC就重新启动?????
|
|
|
板凳#
发布于:2002-10-05 07:35
你的新创建的设备对象的引用计数可能错了,
查查书…… |
|
