TDI过滤驱动程序的问题！

楼主^#

更多发布于：2002-04-04 11:27

我写了一个TDI过滤驱动，拦截TCP的所有IRP，在我的过滤驱动的Dispatch里面什么都不做，只是调用IoCallDriver直接调原来的处理过程，为什么会自动重新启动呢？

另外，我登陆了，为什么还是不能给分？只好等以后能给分的时候给了。
NTSTATUS
Dispatch(
IN PDEVICE_OBJECT pDO,
IN PIRP Irp
)
{

PIO_STACK_LOCATION pIoStack;
PEPROCESS pProcess;
PDEVICE_EXTENSION pDeviceExten = ( PDEVICE_EXTENSION )pDO->DeviceExtension;

pIoStack = IoGetCurrentIrpStackLocation( Irp );
pProcess = PsGetCurrentProcess();

if( pDeviceExten->DeviceType == FILTER_GUI && pDeviceExten == pGlobalObject ) {

Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest( Irp, IO_NO_INCREMENT );
return STATUS_SUCCESS;

} else if( pDeviceExten->DeviceType == FILTER_TCP ) {

DbgPrint( \"IoCallDriver->pOldDeviceObject:0x%08x\\n\", pDeviceExten->pOldDeviceObject );
return IoCallDriver( pDeviceExten->pOldDeviceObject, Irp );

}

Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest( Irp, IO_NO_INCREMENT );

return STATUS_SUCCESS;

}

喜欢2

最新喜欢：

aventi...

$fracker$

fracker

驱动太牛

注册日期2001-06-28
最后登录2021-03-30
粉丝0
关注0
积分219分
威望81点
贡献值0点
好评度23点
原创分0分
专家分1分

加关注写私信

沙发^#

发布于：2002-04-04 11:31

把其他的段子也贴出来吧：

NTSTATUS
DriverEntry(
PDRIVER_OBJECT DriverObject,
PUNICODE_STRING RegistryPath
)
{
NTSTATUS rc;
UNICODE_STRING DeviceName;
UNICODE_STRING DosName;
PDEVICE_OBJECT pDeviceObject;

DriverObject->DriverUnload = Unload;

RtlInitUnicodeString( &DeviceName, DD_DEVICE_NAME );
rc = IoCreateDevice( DriverObject,
sizeof( GLOBALOBJECT ),
&DeviceName,
FILE_DEVICE_NULL,
0,
0,
&pDeviceObject );

pGlobalObject = ( PGLOBALOBJECT )pDeviceObject->DeviceExtension;
pGlobalObject->DeviceType = FILTER_GUI;
pGlobalObject->pDriverObject = DriverObject;
pGlobalObject->pDeviceObject = pDeviceObject;
pGlobalObject->pDispatch = Dispatch;
pGlobalObject->pEmptyDispatchFunction = DriverObject->MajorFunction[IRP_MJ_CREATE];

RtlInitUnicodeString( &DosName, DD_DOS_DEVICE_NAME );
IoCreateSymbolicLink( &DosName, &DeviceName );

rc = HookTCP( pGlobalObject );
return STATUS_SUCCESS;
}

NTSTATUS
HookTCP(
PGLOBALOBJECT pGObject
)
{
PDEVICE_OBJECT pTcpDeviceObject;
PDEVICE_OBJECT pNewDeviceObject;
PDEVICE_OBJECT pOldDeviceObject;
UNICODE_STRING DeviceName;
PDRIVER_OBJECT pOldDriverObject;
PFILE_OBJECT pFileObject;
PDEVICE_EXTENSION pDeviceExtension;

NTSTATUS rc;
ULONG i;

DbgPrint( \"HookTCP\\n\" );

RtlInitUnicodeString( &DeviceName, DD_TCP_DEVICE_NAME );

rc = IoGetDeviceObjectPointer( &DeviceName,
FILE_ALL_ACCESS,
&pFileObject,
&pTcpDeviceObject
);

if( !NT_SUCCESS( rc ) ) return rc;

DbgPrint( \"IoGetDeviceObjectPointer->pTcpDeviceObject:0x%08x\\n\", pTcpDeviceObject );

RtlInitUnicodeString( &DeviceName, DD_FILTER_TCP_DEVICE_NAME );
rc = IoCreateDevice( pGObject->pDriverObject,
sizeof( DEVICE_EXTENSION ),
NULL, //&DeviceName,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&pNewDeviceObject
);
if( rc != STATUS_SUCCESS ) return rc;

DbgPrint( \"IoCreateDevice->pNewDeviceObject:0x%08x\\n\", pNewDeviceObject );

pOldDeviceObject = IoAttachDeviceToDeviceStack( pNewDeviceObject, pTcpDeviceObject );

if( !pOldDeviceObject )
{
IoDeleteDevice( pNewDeviceObject );
return STATUS_SUCCESS;
}
DbgPrint( \"IoAttachDeviceToDeviceStack->pOldDeviceObject:0x%08x\\n\", pOldDeviceObject );

pDeviceExtension = (PDEVICE_EXTENSION) pNewDeviceObject->DeviceExtension;
pDeviceExtension->DeviceType = FILTER_TCP;
pDeviceExtension->pNewDeviceObject = pNewDeviceObject;
pDeviceExtension->pOldDeviceObject = pOldDeviceObject;

pNewDeviceObject->DeviceType = pOldDeviceObject->DeviceType;
pNewDeviceObject->Characteristics = pOldDeviceObject->Characteristics;
pNewDeviceObject->Flags |= ( pOldDeviceObject->Flags&(DO_DIRECT_IO|DO_BUFFERED_IO));

pOldDriverObject = pOldDeviceObject->DriverObject;

for( i=0; i<IRP_MJ_MAXIMUM_FUNCTION; i++ )
{
if( pOldDriverObject->MajorFunction != pGObject->pEmptyDispatchFunction )
{
pGObject->pDriverObject->MajorFunction = pGObject->pDispatch;
}
}

ObDereferenceObject( pFileObject );

return STATUS_SUCCESS;
}

回复喜欢

gjpland

驱动小牛

注册日期2001-09-13
最后登录2011-03-22
粉丝0
关注0
积分0分
威望0点
贡献值0点
好评度0点
原创分0分
专家分0分

加关注写私信

板凳^#

发布于：2002-04-05 23:17

建议你先学习一下，IRP请求包是怎么传递的。
你的IO_STACK_LOCATION指的栈是错误的。

简单的做法是
IoSkipCurrentIrpStackLocation (Irp);
return IoCallDriverIoCallDriver( pDeviceExten->pOldDeviceObject, Irp );

我思故我在，脑袋不会坏.

回复喜欢

$fracker$ fracker 驱动太牛注册日期2001-06-28 最后登录2021-03-30 粉丝0 关注0 积分219分威望81点贡献值0点好评度23点原创分0分专家分1分加关注写私信	地板^# 发布于：2002-04-06 18:29 建议你先学习一下，IRP请求包是怎么传递的。你的IO_STACK_LOCATION指的栈是错误的。简单的做法是 IoSkipCurrentIrpStackLocation (Irp); return IoCallDriverIoCallDriver( pDeviceExten->pOldDeviceObject, Irp ); 我已经知道是这个问题了，还是要谢谢你帮助。
	回复(0) 喜欢(0)

superlk1 驱动牛犊注册日期2012-09-22 最后登录2012-09-22 粉丝0 关注0 积分8分威望81点贡献值0点好评度0点原创分0分专家分0分加关注写私信	地下室^# 发布于：2012-09-22 12:54 顶楼主楼主观点不错 www.ZTSUN.COM 充气娃娃多少钱 www.szyuantaidz.com 脚气 www.yushenjt.com 阴茎短小 www.btdyj.com 脚臭 www.1tidc.com 蹭网器 www.cn-xyz.com 卡皇 www.hfloge.com 白发治疗 www.hnshiqi.com 英国卫裤 www.wzeas.com 治疗白发 www.qdzjzc.com 伟哥官网 www.szjczq.com 日本充气娃娃
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册