|
阅读:1136回复:3
过滤器的问题,求助!!
建立了一个用于过滤的设备对象,附加在“\\\\DosDevice\\\\D:\\\\”之上,已经为所有的IRP分配了通
过例程,当发现有经过附加的设备对象发来的IRP时,将IO请求下发给下一层设备, 用于过滤设备对象的Characteristics,DeviceType与下层设备相同,Flags为 Attacher->Flags |=(pDevExt->NextLayerDevObj->Flags & (DO_BUFFERED_IO|DO_DIRECT_IO|DO_POWER_INRUSH|DO_POWER_PAGABLE)); 其中Attacher为用于过滤的设备,pDevExt为其设备扩展, 但是安装之后,对D盘作浏览、创建新文件、文件夹、删除、复制、剪切等操作正常,但是不能 执行D盘的程序,执行后,使用任务管理器察看,处于未响应状态,而且无法关闭,但是用户仍 然可以做别的操作。曾试着使用记事本打开ascii的文件,一般的类型没有问题,但是网页不行, 问题和前面说的一样, 把程序附在这里,麻烦那位看看,先谢谢大家了:) ///////////////////////////////////////////////////// NTSTATUS SetupAttachObj(PDRIVER_OBJECT DriverObject) { NTSTATUS ntStatus; IO_STATUS_BLOCK ioStatus; OBJECT_ATTRIBUTES AttributeObj; HANDLE fileobjhandle=NULL; PFILE_OBJECT fileObject; PDEVICE_OBJECT NextLayerDevObj; PDEVICE_OBJECT Attacher; PDEVICE_OBJECT StackRetObj; PDEVICE_EXTENSION pDevExt; UNICODE_STRING fileNameUnicodeString; WCHAR filename[] = L\"\\\\DosDevices\\\\D:\\\\\"; RtlInitUnicodeString(&fileNameUnicodeString,filename); InitializeObjectAttributes(&AttributeObj,&fileNameUnicodeString,OBJ_CASE_INSENSITIVE, NULL,NULL); ntStatus=ZwCreateFile(&fileobjhandle,SYNCHRONIZE|FILE_ANY_ACCESS,&AttributeObj, &ioStatus,NULL,0,FILE_SHARE_READ|FILE_SHARE_WRITE,FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE,NULL, 0); if(!NT_SUCCESS(ntStatus)) return ntStatus; ntStatus=ObReferenceObjectByHandle(fileobjhandle,FILE_ALL_ACCESS,NULL, KernelMode, (void**)&fileObject, NULL); if(!NT_SUCCESS(ntStatus)) { ZwClose(fileobjhandle); return ntStatus; } NextLayerDevObj=IoGetRelatedDeviceObject(fileObject); if(!NextLayerDevObj) { ObDereferenceObject(fileObject); ZwClose(fileobjhandle); return STATUS_UNSUCCESSFUL; } ntStatus = IoCreateDevice( DriverObject, sizeof(DEVICE_EXTENSION), NULL, NextLayerDevObj->DeviceType, 0, FALSE, &Attacher ); if(!NT_SUCCESS(ntStatus)) { ObDereferenceObject(fileObject); ZwClose(fileobjhandle); return ntStatus; } Attacher->Flags &= ~DO_DEVICE_INITIALIZING; pDevExt=(PDEVICE_EXTENSION)Attacher->DeviceExtension; pDevExt->Query_Type=STANDARD; StackRetObj=IoAttachDeviceToDeviceStack(Attacher,NextLayerDevObj); if(!StackRetObj) { ObDereferenceObject(fileObject); ZwClose(fileobjhandle); IoDeleteDevice(Attacher); return STATUS_UNSUCCESSFUL; } pDevExt->NextLayerDevObj=StackRetObj; Attacher->Flags |=(pDevExt->NextLayerDevObj->Flags & (DO_BUFFERED_IO|DO_DIRECT_IO|DO_POWER_INRUSH|DO_POWER_PAGABLE)); Attacher->Characteristics=pDevExt->NextLayerDevObj->Characteristics; Attacher->DeviceType=pDevExt->NextLayerDevObj->DeviceType; ObDereferenceObject(fileObject); ZwClose(fileobjhandle); return STATUS_SUCCESS; } NTSTATUS DispatchPassThrough ( IN PDEVICE_OBJECT pDevObj, IN PIRP pIrp ) { PDEVICE_EXTENSION pDevExt; PIO_STACK_LOCATION pIoCurStack; PIO_STACK_LOCATION pIoNextStack; pDevExt=(PDEVICE_EXTENSION)pDevObj->DeviceExtension; if(pDevExt->Query_Type==MYINVOKE) { pIrp->IoStatus.Status=STATUS_SUCCESS; pIrp->IoStatus.Information=0; IoCompleteRequest(pIrp,IO_NO_INCREMENT); return STATUS_SUCCESS; } else//过滤设备使用的部分 { pIoCurStack=IoGetCurrentIrpStackLocation(pIrp); pIoNextStack=IoGetNextIrpStackLocation(pIrp); *pIoNextStack=*pIoCurStack; IoSetCompletionRoutine(pIrp,GenericCompletion,NULL,TRUE,TRUE,TRUE); return IoCallDriver(pDevExt->NextLayerDevObj,pIrp); } } NTSTATUS GenericCompletion( IN PDEVICE_OBJECT DeviceObject, IN PIRP pIrp, IN PVOID Context ) { if(pIrp->PendingReturned) IoMarkIrpPending(pIrp); return STATUS_SUCCESS; } |
|
|
沙发#
发布于:2002-07-25 12:24
哦!有可能的是因为你没有提供fastio例程的原因,你去看看filemon的例子吧!还有就是在ddk里面声明了fastio和irp_mj_xxx的区别了
|
|
|
板凳#
发布于:2002-07-30 19:42
本来想试一下,不写fastio行么,结果死的很惨,呜呜
现在加上了,没事了 不过想给数据加密,但观察不出数据从哪里下去的:( 呜呜 那位指教一下:( |
|
|
地板#
发布于:2002-07-30 22:36
对数据的加解密主要是从irp_MJ_READ和IRP_MJ_WRITE着手
|
|