阅读:1118回复:2
filemon 中调用ZwCreateFile出错
刚学文件系统过滤驱动,想在filemon中打开一个文件,并把“hello"写到文件中去,一运行就蓝屏,以下是代码,高人指点一下
NTSTATUS OpenFile( IN PUNICODE_STRING VolumeName, OUT PHANDLE FileHandle ) { NTSTATUS Status; IO_STATUS_BLOCK IoStatus; OBJECT_ATTRIBUTES ObjectAttributes; InitializeObjectAttributes ( &ObjectAttributes, VolumeName, OBJ_CASE_INSENSITIVE, NULL, NULL ); Status = ZwCreateFile( FileHandle, SYNCHRONIZE | FILE_READ_DATA | FILE_WRITE_DATA, &ObjectAttributes, &IoStatus, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0 ); return Status; } HANDLE VolumeHandle; UNICODE_STRING VolumeName; NTSTATUS Status; IO_STATUS_BLOCK IoStatus; LARGE_INTEGER fpos; case IRP_MJ_READ: if( FilterDef.logreads ) { hookCompletion = LogRecord( TRUE, &seqNum, &dateTime, NULL, "%s\tIRP_MJ_READ%c\t%s\tOffset: %d Length: %d", name, (Irp->Flags & IRP_PAGING_IO) || (Irp->Flags & IRP_SYNCHRONOUS_PAGING_IO) ? '*' : ' ', fullPathName, currentIrpStack->Parameters.Read.ByteOffset.LowPart, currentIrpStack->Parameters.Read.Length ); } RtlInitUnicodeString(&VolumeName,L"\\DosDevices\\c:\\hello.txt"); Status = OpenFile( &VolumeName, &VolumeHandle ); if( !NT_SUCCESS(Status) ) { DbgPrint(("Can not open hello.txr\n")); } fpos.QuadPart = 0; fpos.QuadPart <<= 9; Status = ZwWriteFile( VolumeHandle, NULL, NULL, NULL, &IoStatus, "Hello World", 10, &fpos, NULL ); ZwClose(VolumeHandle); |
|
驱动小牛
![]() |
沙发#
发布于:2007-12-07 10:35
write之前你先判断一下handle是否可用,不然肯定蓝屏.还有你还是要学会最基本的驱动调试.
你这样摆一大段代码,然后就只说个蓝屏幕,别人怎么帮你.你至少也要把蓝屏的错误码发上来啊. |
|
板凳#
发布于:2007-12-07 10:12
自己顶一下
|
|