【求助】奇怪的驱动加载失败

楼主^#

更多发布于：2008-10-17 16:33

本来想写一个枚举句柄的驱动，可是不料出现了很奇怪的加载驱动失败的问题。我又太菜，看不出是为什么，所以跑过来请教各位大虾！

奇怪的地方是在DriverEntry里加上AYA_EnumHandle函数后，加载就失败，就是连DriverEntry都进不去了。。。但是去掉AYA_EnumHandle就正常加载驱动了。。。我无语了。
完全晕了。。。。。。

这是SOURCES代码：

TARGETNAME=EnumHandle
TARGETPATH=.\SYS
TARGETTYPE=DRIVER
TARGETLIBS=F:\WinDDK\6001.18001\lib\wnet\i386\ntdll.lib

SOURCES=EnumHandle.c

程序代码如下：

#include <ntddk.h>

#define AYA_DEVICE L"\\Device\\EnumHandle"
#define AYA_LINK L"\\DosDevices\\EnumHandle"


#define SystemHandleInformation 16

typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO
{
    USHORT UniqueProcessId;
    USHORT CreatorBackTraceIndex;
    UCHAR ObjectTypeIndex;
    UCHAR HandleAttributes;
    USHORT HandleValue;
    PVOID Object;
    ULONG GrantedAccess;
} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;

typedef struct _SYSTEM_HANDLE_INFORMATION
{
    ULONG NumberOfHandles;
    SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1];
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;

typedef enum _OBJECT_INFORMATION_CLASS {  
  ObjectBasicInformation,
  ObjectNameInformation,
  ObjectTypeInformation,
  ObjectAllInformation,
  ObjectDataInformation
} OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;

typedef struct _OBJECT_BASIC_INFORMATION {
  ULONG                   Attributes;
  ACCESS_MASK             DesiredAccess;
  ULONG                   HandleCount;
  ULONG                   ReferenceCount;
  ULONG                   PagedPoolUsage;
  ULONG                   NonPagedPoolUsage;
  ULONG                   Reserved[3];
  ULONG                   NameInformationLength;
  ULONG                   TypeInformationLength;
  ULONG                   SecurityDescriptorLength;
  LARGE_INTEGER           CreationTime;
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;

typedef struct _KOBJECT_NAME_INFORMATION {  
  UNICODE_STRING          Name;
  WCHAR                   NameBuffer[0];
} KOBJECT_NAME_INFORMATION, *PKOBJECT_NAME_INFORMATION;

typedef struct _OBJECT_TYPE_INFORMATION {  
  UNICODE_STRING          TypeName;
  ULONG                   TotalNumberOfHandles;
  ULONG                   TotalNumberOfObjects;
  WCHAR                   Unused1[8];
  ULONG                   HighWaterNumberOfHandles;
  ULONG                   HighWaterNumberOfObjects;
  WCHAR                   Unused2[8];
  ACCESS_MASK             InvalidAttributes;
  GENERIC_MAPPING         GenericMapping;
  ACCESS_MASK             ValidAttributes;
  BOOLEAN                 SecurityRequired;
  BOOLEAN                 MaintainHandleCount;
  USHORT                  MaintainTypeList;
  POOL_TYPE               PoolType;
  ULONG                   DefaultPagedPoolCharge;
  ULONG                   DefaultNonPagedPoolCharge;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;



NTSTATUS
NTAPI
NtQueryObject(
        IN  HANDLE Handle,
        IN  OBJECT_INFORMATION_CLASS ObjectInformationClass,
        OUT PVOID ObjectInformation,
        IN  ULONG ObjectInformationLength,
        OUT PULONG ReturnLength OPTIONAL
        );



NTSTATUS
NTAPI
ZwQuerySystemInformation(    
             ULONG    SystemInformationClass,
             PVOID    SystemInformation,
             ULONG    SystemInformationLength,
             PULONG    ReturnLength
             );


NTSTATUS
NTAPI
NtDuplicateObject(
          IN  HANDLE SourceProcessHandle,
          IN  HANDLE SourceHandle,
          IN  HANDLE TargetProcessHandle OPTIONAL,
          OUT PHANDLE TargetHandle OPTIONAL,
          IN  ACCESS_MASK DesiredAccess,
          IN  ULONG HandleAttributes,
          IN  ULONG Options
          );



NTSTATUS AYA_EnumHandle()
{
  NTSTATUS ns = STATUS_SUCCESS;
  ULONG ulRetSize;
  PVOID pSysBuffer;
  PSYSTEM_HANDLE_INFORMATION pSysHandleInfo;
  SYSTEM_HANDLE_TABLE_ENTRY_INFO pSysHandleTEI;
  OBJECT_BASIC_INFORMATION BasicInfo;   
  PKOBJECT_NAME_INFORMATION pNameInfo;   
    POBJECT_TYPE_INFORMATION pTypeInfo;  
  OBJECT_ATTRIBUTES oa;
  ULONG ulProcessID;
  HANDLE hProcess;
  HANDLE hHandle;
  HANDLE hDupObj;
  CLIENT_ID cid;
  ULONG i;

  ns = ZwQuerySystemInformation( SystemHandleInformation ,NULL ,0 ,&ulRetSize );
  
  if ( !NT_SUCCESS( ns ) )
  {
    return STATUS_UNSUCCESSFUL;
  }

  pSysBuffer = ExAllocatePool( PagedPool ,ulRetSize );

  ns = ZwQuerySystemInformation( SystemHandleInformation ,pSysBuffer ,ulRetSize ,NULL );
  if ( !NT_SUCCESS( ns ) )
  {
    ExFreePool( pSysBuffer );
    return STATUS_UNSUCCESSFUL;
  }
  
  pSysHandleInfo = (PSYSTEM_HANDLE_INFORMATION)pSysBuffer;
  for ( i = 0 ;i < pSysHandleInfo->NumberOfHandles ;i++ )
  {
    pSysHandleTEI = pSysHandleInfo->Handles[i];
    ulProcessID = pSysHandleTEI.UniqueProcessId;
    cid.UniqueProcess = (HANDLE)ulProcessID;
    hHandle = (HANDLE)pSysHandleTEI.HandleValue;

    InitializeObjectAttributes( &oa ,NULL ,OBJ_INHERIT ,NULL ,NULL );
    ns = ZwOpenProcess( &hProcess ,PROCESS_DUP_HANDLE ,&oa ,&cid );
    if ( !NT_SUCCESS( ns ) )
    {
      break;
    }
    ns = NtDuplicateObject( hProcess ,hHandle ,NtCurrentProcess() ,&hDupObj ,\
                PROCESS_ALL_ACCESS ,0 ,DUPLICATE_SAME_ACCESS );

    if ( !NT_SUCCESS( ns ) )
    {
      break;
    }

    NtQueryObject( hDupObj ,ObjectBasicInformation ,&BasicInfo ,\
            sizeof( OBJECT_BASIC_INFORMATION ) ,NULL );

    pNameInfo = ExAllocatePool( PagedPool ,BasicInfo.NameInformationLength );
    RtlZeroMemory( pNameInfo ,BasicInfo.NameInformationLength );

    NtQueryObject( hDupObj ,ObjectNameInformation ,pNameInfo ,\
              BasicInfo.NameInformationLength ,NULL );

    pTypeInfo = ExAllocatePool( PagedPool ,BasicInfo.TypeInformationLength );
    RtlZeroMemory( pTypeInfo ,BasicInfo.TypeInformationLength );

    NtQueryObject( hDupObj ,ObjectTypeInformation ,pTypeInfo ,\
              BasicInfo.TypeInformationLength ,NULL );

    KdPrint(( "%wZ\t\t\t%wZ\n" ,&(pNameInfo->Name) ,&(pTypeInfo->TypeName) ));
    
    ExFreePool( pNameInfo );
    ExFreePool( pTypeInfo );

  }

  ZwClose( hDupObj );
  ZwClose( hProcess );
  ZwClose( hHandle );
  ExFreePool( pSysBuffer );
  
  if ( !NT_SUCCESS( ns ) )
  {
    return STATUS_UNSUCCESSFUL;
  }

  return ns;


}


void AYA_Unload( IN PDRIVER_OBJECT pDriverObj )
{
  UNICODE_STRING Temp;
  

  
  RtlInitUnicodeString( &Temp ,AYA_LINK );
  IoDeleteSymbolicLink( &Temp );
  IoDeleteDevice( pDriverObj->DeviceObject );
}

NTSTATUS AYA_Dispatch( IN PDEVICE_OBJECT pDeviceObj ,IN PIRP pIrp )
{
  NTSTATUS ns = STATUS_SUCCESS;
  PIO_STACK_LOCATION stIrp;
  
  stIrp = IoGetCurrentIrpStackLocation( pIrp );
  
  switch( stIrp->MajorFunction )
  {
  case IRP_MJ_CREATE:
    break;
  case IRP_MJ_CLOSE:
    break;
  case IRP_MJ_DEVICE_CONTROL:
    break;
  default:
    pIrp->IoStatus.Status = STATUS_INVALID_PARAMETER;
    break;
  }
  
  ns = pIrp->IoStatus.Status;
  IoCompleteRequest( pIrp ,IO_NO_INCREMENT );
  return ns;
}

NTSTATUS DriverEntry( IN PDRIVER_OBJECT pDriverObj ,IN PUNICODE_STRING RegistryPath )
{
  NTSTATUS ns = STATUS_SUCCESS;
  UNICODE_STRING AYA;
  UNICODE_STRING AYAL;
  PDEVICE_OBJECT pDevice;
  
  RtlInitUnicodeString( &AYA ,AYA_DEVICE );
  ns = IoCreateDevice( pDriverObj ,0 ,&AYA ,FILE_DEVICE_UNKNOWN ,0 ,FALSE ,&pDevice );
  
  RtlInitUnicodeString( &AYAL ,AYA_LINK );
  ns = IoCreateSymbolicLink( &AYAL ,&AYA );
  
  pDriverObj->MajorFunction[IRP_MJ_CREATE]      = 
  pDriverObj->MajorFunction[IRP_MJ_CLOSE]        =
  pDriverObj->MajorFunction[IRP_MJ_DEVICE_CONTROL]  = AYA_Dispatch;
  
  pDriverObj->DriverUnload = AYA_Unload;
  
  ns = AYA_EnumHandle();

  
  return ns;
  
}

喜欢0

znsoft

管理员

注册日期2001-03-23
最后登录2023-10-25
粉丝300
关注6
积分910分
威望14796点
贡献值7点
好评度2410点
原创分5分
专家分100分

加关注写私信

沙发^#

发布于：2008-10-17 17:35

用dependence 工具看看是不是用了运行环境中没有的函数.
如果有这种情况,就会导致加载失败,连DriverEntry都无法进入.

这种情况很常见,有时ddk 的头,库中都有的函数,在运行环境中却没有

http://www.zndev.com 免费源码交换网 ----------------------------- 软件创造价值，驱动提供力量! 淡泊以明志，宁静以致远。 ---------------------------------- 勤用搜索，多查资料，先搜再问。

回复喜欢

nightxie 驱动牛犊注册日期2007-09-10 最后登录2016-01-09 粉丝0 关注0 积分5分威望18点贡献值0点好评度4点原创分0分专家分0分加关注写私信	板凳^# 发布于：2008-10-18 10:52 谢谢znsoft 已经解决了。。。
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册

【求助】奇怪的驱动加载失败

最新喜欢：