WDM1例子:对指定地址写操作.但它是如何把指定的地址值传给驱动程序呢？(附代码)

WDM1TEST例子(exe文件)
-----------------
ULONG Wvalue = 0x12345678;  //:o:o:o:o:o:o指定地址
if( !WriteFile( hWdm1, &Wvalue, 4, &TxdBytes, NULL))
printf(\"XXX  Could not write %X\\n\",Wvalue);
else if( TxdBytes==4)
printf(\"     Write 0x%x succeeded\\n\",Wvalue);
else
printf(\"XXX  Wrong number of bytes written: %d\\n\",TxdBytes);
===================
驱动程序(sys)
--------------------
NTSTATUS Wdm1Write( IN PDEVICE_OBJECT fdo,
IN PIRP Irp)
{
PIO_STACK_LOCATION IrpStack = IoGetCurrentIrpStackLocation(Irp);
NTSTATUS status = STATUS_SUCCESS;
LONG BytesTxd = 0;

// Get call parameters
LONGLONG FilePointer = IrpStack->Parameters.Write.ByteOffset.QuadPart;

          :o:o:o:o:o //EXE程序中传过来的地址0x12345678到底放在IrpStack的哪个属性里？？？

ULONG WriteLen = IrpStack->Parameters.Write.Length;
DebugPrint(\"Write %d bytes from file pointer %d\",(int)WriteLen,(int)FilePointer);

if( FilePointer<0)
status = STATUS_INVALID_PARAMETER;
else
{
// Get access to the shared buffer
KIRQL irql;
KeAcquireSpinLock(&BufferLock,&irql);

BytesTxd = WriteLen;

// (Re)allocate buffer if necessary
if( ((ULONG)FilePointer)+WriteLen>BufferSize)
{
ULONG NewBufferSize = ((ULONG)FilePointer)+WriteLen;
PVOID NewBuffer = ExAllocatePool(NonPagedPool,NewBufferSize);
if( NewBuffer==NULL)
{
BytesTxd = BufferSize - (ULONG)FilePointer;
if( BytesTxd<0) BytesTxd = 0;
}
else
{
RtlZeroMemory(NewBuffer,NewBufferSize);
if( Buffer!=NULL)
{
RtlCopyMemory(NewBuffer,Buffer,BufferSize);
ExFreePool(Buffer);
}
Buffer = (PUCHAR)NewBuffer;
BufferSize = NewBufferSize;
}
}

// Write to shared memory
if( BytesTxd>0 && Buffer!=NULL)
RtlCopyMemory( Buffer+FilePointer, Irp->AssociatedIrp.SystemBuffer, BytesTxd);

// Release shared buffer
KeReleaseSpinLock(&BufferLock,irql);
}

DebugPrint(\"Write: %d bytes written\",(int)BytesTxd);

// Complete IRP
return CompleteIrp(Irp,status,BytesTxd);
}
------------------
 

……汗

0x12345678是ULONG Wvalue的值，不是一个地址。

这个值传送到驱动程序的Write例程时，放在IRP->AssociatedIrp.SystemBuffer里面。