|
阅读:1782回复:6
贴一段自己写的代码,在Passthru中直接保存数据到文件中
使用方法:
1、在precomp.h中加入 #include "MyAddFunc.h" 2、在DriverEntry中: 。。。 NdisIMAssociateMiniport(DriverHandle, ProtHandle); MyDriverCreateFile(NULL,&m_ghFileHandle,m_gFileName); return(Status); 。。。 3、在需要保存数据的时候,比如PtReceive中: if(m_ghFileHandle != NULL) { if(m_TotalProcessBytes < TOTAL_NEED_BYTES || TOTAL_NEED_BYTES < 0 ) { MyDriverWriteFile((PVOID)HeaderBuffer,HeaderBufferSize,m_ghFileHandle); m_TotalProcessBytes += HeaderBufferSize; MyDriverWriteFile((PVOID)LookAheadBuffer,LookAheadBufferSize,m_ghFileHandle); m_TotalProcessBytes += LookAheadBufferSize; } else { MyDriverCloseFile(m_ghFileHandle); m_ghFileHandle = NULL; } } 4、注意关闭文件句柄。 GoodLuck. :) /* Author: TigerZd,2003-12-22 MyAdd.cpp */ #include "myadd.h" #include "MyAddFunc.h" #ifdef __cplusplus extern "C" { #endif NT::HANDLE m_ghFileHandle = NULL; PSTR m_gFileName = "\\??\\C:\\passthru.dat"; ULONG m_TotalProcessBytes = 0; #ifdef __cplusplus } #endif #ifdef __MY_ADD_H__ #ifdef InitializeObjectAttributes #undef InitializeObjectAttributes #endif #define InitializeObjectAttributes( p, n, a, r, s ) { \ (p)->Length = sizeof( NT::OBJECT_ATTRIBUTES ); \ (p)->RootDirectory = r; \ (p)->Attributes = a; \ (p)->ObjectName = n; \ (p)->SecurityDescriptor = s; \ (p)->SecurityQualityOfService = NULL; \ } #endif // VOID MyDriverCreateFileWorkItem( PVOID Context) { HANDLE FileHandle; NTSTATUS ntStatus; NT::OBJECT_ATTRIBUTES ObjectAttributes; NT::IO_STATUS_BLOCK IoStatusBlock; PCWSTR FileName; NT::PUNICODE_STRING pUniFileName; NT::LARGE_INTEGER ByteOffset; NT::PFILE_WORK_ITEM workitem = (NT::PFILE_WORK_ITEM) Context; FileHandle = workitem->FileHandle; pUniFileName = workitem->pUFileName; InitializeObjectAttributes(&ObjectAttributes,pUniFileName, OBJ_CASE_INSENSITIVE,NULL,NULL); ntStatus=NT::ZwCreateFile( &FileHandle, GENERIC_WRITE | SYNCHRONIZE | FILE_APPEND_DATA, &ObjectAttributes, &IoStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OVERWRITE_IF, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0 ); if(NT_SUCCESS(ntStatus) && FileHandle != NULL) { } NT::ExFreePool(workitem); return; } // VOID MyDriverWriteFileWorkItem( PVOID Context) { HANDLE FileHandle; NTSTATUS ntStatus; NT::IO_STATUS_BLOCK IoStatusBlock; NT::LARGE_INTEGER ByteOffset; PVOID Buffer; ULONG Length; NT::PFILE_WORK_ITEM workitem = (NT::PFILE_WORK_ITEM) Context; FileHandle = workitem->FileHandle; Buffer = workitem->FileContext; Length = workitem->Length; ntStatus=NT::ZwWriteFile(FileHandle, 0, 0, 0, &IoStatusBlock, Buffer, Length, NULL, NULL); if(NT_SUCCESS(ntStatus) && FileHandle != NULL) { } NT::ExFreePool(workitem); return; } // VOID MyDriverWriteFile( IN PVOID Buffer, IN ULONG Length, IN OUT HANDLE FileHandle) { NTSTATUS ntStatus; NT::OBJECT_ATTRIBUTES ObjectAttributes; NT::IO_STATUS_BLOCK IoStatusBlock; NT::UNICODE_STRING UniFileName; NT::PFILE_WORK_ITEM workitem; NT::LARGE_INTEGER ByteOffset; if(NT::KeGetCurrentIrql() < DISPATCH_LEVEL) { ntStatus=NT::ZwWriteFile(FileHandle, 0, 0, 0, &IoStatusBlock, Buffer, Length, NULL, NULL); if(NT_SUCCESS(ntStatus) && FileHandle != NULL) { } } else { ntStatus = STATUS_PENDING; workitem = (NT::PFILE_WORK_ITEM)NT::ExAllocatePool(NT::NonPagedPool, sizeof(NT::FILE_WORK_ITEM)); if (workitem) { ExInitializeWorkItem(&workitem->WorkItem, MyDriverWriteFileWorkItem, workitem); workitem->FileContext = Buffer; workitem->FileHandle = FileHandle; workitem->Length = Length; NT::ExQueueWorkItem(&workitem->WorkItem, NT::DelayedWorkQueue); } else { ntStatus = STATUS_INSUFFICIENT_RESOURCES; } } return; } // // VOID MyDriverCloseFileWorkItem( PVOID Context) { HANDLE FileHandle; NTSTATUS ntStatus; NT::IO_STATUS_BLOCK IoStatusBlock; NT::LARGE_INTEGER ByteOffset; PVOID Buffer; ULONG Length; NT::PFILE_WORK_ITEM workitem = (NT::PFILE_WORK_ITEM) Context; FileHandle = workitem->FileHandle; ntStatus=NT::ZwClose(FileHandle); if(NT_SUCCESS(ntStatus)) { } NT::ExFreePool(workitem); return; } // VOID MyDriverCloseFile( IN OUT HANDLE FileHandle) { NTSTATUS ntStatus; NT::PFILE_WORK_ITEM workitem; ULONG level = NT::KeGetCurrentIrql(); if(level < DISPATCH_LEVEL) { ntStatus = NT::ZwClose(FileHandle); if(NT_SUCCESS(ntStatus)) { return; } } else { ntStatus = STATUS_PENDING; workitem = (NT::PFILE_WORK_ITEM)NT::ExAllocatePool(NT::NonPagedPool, sizeof(NT::FILE_WORK_ITEM)); if (workitem) { ExInitializeWorkItem(&workitem->WorkItem,MyDriverCloseFileWorkItem,workitem); workitem->FileHandle = FileHandle; NT::ExQueueWorkItem(&workitem->WorkItem, NT::DelayedWorkQueue); } else { ntStatus = STATUS_INSUFFICIENT_RESOURCES; } } return ; } // VOID MyDriverCreateFile( IN PVOID Context, IN OUT HANDLE *FileHandle, IN PSTR FileName) { NTSTATUS ntStatus; NT::OBJECT_ATTRIBUTES ObjectAttributes; NT::POBJECT_ATTRIBUTES pObjectAttributes; NT::IO_STATUS_BLOCK IoStatusBlock; NT::UNICODE_STRING UniFileName; NT::ANSI_STRING m_AnsiFileName; NT::PFILE_WORK_ITEM workitem; pObjectAttributes = &ObjectAttributes; NT::RtlInitAnsiString(&m_AnsiFileName,FileName); ULONG level = NT::KeGetCurrentIrql(); if(level < DISPATCH_LEVEL) { ntStatus = NT::RtlAnsiStringToUnicodeString(&UniFileName , &m_AnsiFileName ,TRUE); if(!NT_SUCCESS(ntStatus)) return; InitializeObjectAttributes(pObjectAttributes,&UniFileName,OBJ_CASE_INSENSITIVE,NULL,NULL); ntStatus=NT::ZwCreateFile(FileHandle, GENERIC_WRITE | SYNCHRONIZE | FILE_APPEND_DATA, &ObjectAttributes, &IoStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OVERWRITE_IF, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); if(NT_SUCCESS(ntStatus) && FileHandle != NULL) { return; } } else { ntStatus = STATUS_PENDING; workitem = (NT::PFILE_WORK_ITEM)NT::ExAllocatePool(NT::NonPagedPool, sizeof(NT::FILE_WORK_ITEM)); if (workitem) { ExInitializeWorkItem(&workitem->WorkItem,MyDriverCreateFileWorkItem,workitem); workitem->FileContext = Context; workitem->FileHandle = *FileHandle; workitem->pUFileName = &UniFileName; NT::ExQueueWorkItem(&workitem->WorkItem, NT::DelayedWorkQueue); } else { ntStatus = STATUS_INSUFFICIENT_RESOURCES; } } return ; } // ///* MyAdd.h */ #ifndef __MY_ADD_H__ #define __MY_ADD_H__ #include <ndis.h> namespace NT{ extern "C"{ #ifdef _NTDDK_ #undef _NTDDK_ #endif #ifdef _WINBASE_ #undef _WINBASE_ #endif #include <ntddk.h> #include <ntdef.h> typedef struct _FILE_WORK_ITEM { PVOID FileContext; NT::WORK_QUEUE_ITEM WorkItem; HANDLE FileHandle; NT::PUNICODE_STRING pUFileName; ULONG Length; } FILE_WORK_ITEM,*PFILE_WORK_ITEM; } } #endif /* MyAddFunc.h */ #ifndef __MY_ADD_FUNC__ #define __MY_ADD_FUNC__ #define TOTAL_NEED_BYTES 0x1000 #ifdef __cplusplus extern "C" { #endif VOID MyDriverCreateFile( IN PVOID Context, IN OUT HANDLE *FileHandle, IN PSTR FileName ); VOID MyDriverCloseFile( IN OUT HANDLE FileHandle); VOID MyDriverWriteFile( IN PVOID Buffer, IN ULONG Length, IN OUT HANDLE FileHandle); extern HANDLE m_ghFileHandle; extern PSTR m_gFileName; extern ULONG m_TotalProcessBytes; #ifdef __cplusplus } #endif #endif |
|
最新喜欢: xiaoji...
|
|
沙发#
发布于:2004-03-08 10:23
怎么关闭“笑脸”功能啊?!
|
|
|
|
板凳#
发布于:2004-03-08 12:39
以下来自2000DDK对ZwCreateFile和ProtocolReceive的说明
Callers of ZwCreateFile must be running at IRQL PASSIVE_LEVEL. By default, ProtocolReceive runs at IRQL DISPATCH_LEVEL in an arbitrary thread context. 我上述看不出对LEVEL特别处理,请明示。 |
|
|
地板#
发布于:2004-03-08 13:56
以下来自2000DDK对ZwCreateFile和ProtocolReceive的说明 if(level < DISPATCH_LEVEL) { 。。。 } else { 。。。 } |
|
|
|
地下室#
发布于:2004-03-08 14:48
感谢ING,匆忙,没看见。
|
|
|
5楼#
发布于:2004-03-08 14:56
有点疑问,请老大回答。
当PtReceive()被调用时证明下层NIC驱动已经没有多余的资源了,所以当PtReceive()返回时,那些Buffer占用的空间应该很快就会被释放。 但是在DPC级时,你只是调用ExQueueWorkItem()调度工作项。当PtReceive()返回时,工作项未必就能马上得到处理,所以在工作项得到处理之前,那些Buffer很有可能就已经被释放了。那么当工作项得到处理时,ZwWriteFile()继续读那些Buffer会不会引起错误呢? 若有描述不当之处,请多指教。 [编辑 - 3/8/04 by slwqw] |
|
|
6楼#
发布于:2004-03-08 15:14
有点疑问,请老大回答。 根据我的实验,运行中没有出现过错误,而实际写入的数据我还没有仔细检查,但应该是实际的网络数据包。 |
|
|