|
阅读:2378回复:2
NtConnectPort在驱动下调用,driverentry中可以,分发例程调用失败,返回0xC0000005,请高手指教
/*****************************************************************************/
/* LPC.cpp Copyright (c) Ladislav Zezula 2005 */ /*---------------------------------------------------------------------------*/ /* Demonstration program of using LPC facility */ /*---------------------------------------------------------------------------*/ /* Date Ver Who Comment */ /* -------- ---- --- ------- */ /* 22.02.05 1.00 Lad The first version of LPC.cpp */ /*****************************************************************************/ #define UNICODE // Use UNICODE #define _UNICODE #include <tchar.h> #include <stdio.h> #include <windows.h> //#include "AllNeed.h" #include "lpc.h" //----------------------------------------------------------------------------- // Local structures #define LPC_COMMAND_REQUEST_NOREPLY 0x00000000 #define LPC_COMMAND_REQUEST_REPLY 0x00000001 #define LPC_COMMAND_STOP 0x00000002 // This is the data structure transferred through LPC. // Every structure must begin with PORT_MESSAGE, and must NOT be // greater that MAX_LPC_DATA typedef struct _TRANSFERRED_MESSAGE { PORT_MESSAGE Header; ULONG Command; WCHAR MessageText[48]; } TRANSFERRED_MESSAGE, *PTRANSFERRED_MESSAGE; //----------------------------------------------------------------------------- // Local variables LPWSTR LpcPortName = L"\\TestLpcPortName"; // Name of the LPC port // Must be in the form of "\\name" HANDLE g_hHeap = NULL; // Application heap #define LARGE_MESSAGE_SIZE 0x9000 extern void MyPrintf(char * lpszFormat,DWORD val); void lpc_comm(void) { SECURITY_QUALITY_OF_SERVICE SecurityQos; REMOTE_PORT_VIEW ServerView; UNICODE_STRING PortName; LARGE_INTEGER SectionSize = {LARGE_MESSAGE_SIZE}; PORT_MESSAGE MessageHeader; PORT_VIEW ClientView; NTSTATUS Status = STATUS_SUCCESS; HANDLE SectionHandle = NULL; HANDLE PortHandle = NULL; __try { // // Create a memory section in the pagefile used for transfer the data // to the client // Status = ZwCreateSection(&SectionHandle, SECTION_MAP_READ | SECTION_MAP_WRITE | OBJ_KERNEL_HANDLE, NULL, // Backed by the pagefile &SectionSize, PAGE_READWRITE, SEC_COMMIT, NULL); MyPrintf("NtCreateSection Execute,Status=%08x\n",Status); if(!NT_SUCCESS(Status)) __leave; // // Initialize the parameters of LPC port // RtlInitUnicodeString(&PortName, LpcPortName); SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE); SecurityQos.ImpersonationLevel = SecurityImpersonation; SecurityQos.EffectiveOnly = FALSE; SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING; // // Fill local and remote memory view. When the LPC // message comes to the listener, the section will be remapped // to be accessible to the listener, even if the listener is in another // process or different processor mode (UserMode/KernelMode) // ClientView.Length = sizeof(PORT_VIEW); ClientView.SectionHandle = SectionHandle; ClientView.SectionOffset = 0; ClientView.ViewSize = LARGE_MESSAGE_SIZE; ServerView.Length = sizeof(REMOTE_PORT_VIEW); // // Connect to the port // Status = NtConnectPort(&PortHandle, &PortName, &SecurityQos, &ClientView, &ServerView, 0, NULL, NULL); MyPrintf("NtConnectPort Execute,Status=%08x\n",Status); if(!NT_SUCCESS(Status)) __leave; // // Initialize the request header. Give data to the server // InitializeMessageHeader(&MessageHeader, sizeof(PORT_MESSAGE), LPC_NEW_MESSAGE); wcscpy((PWSTR)ServerView.ViewBase, L"This is a long message data from the client\n"); // // Send the data request, and wait for reply // Status = NtRequestWaitReplyPort(PortHandle, &MessageHeader, &MessageHeader); } __finally { if(PortHandle != NULL) NtClose(PortHandle); if(SectionHandle != NULL) NtClose(SectionHandle); } return ; } |
|
|
沙发#
发布于:2007-08-24 09:04
这个在上层, 是内存访问非法, 驱动层吗....看看内存分配...这一块..
|
|
|
|
板凳#
发布于:2007-08-21 10:14
自己顶一下是不是
DRIVERENTRY的IRQL和分发例程的不一样啊? |
|