|
阅读:1437回复:5
高手帮忙:关于IofCallDriver的问题
找到一段代码实现了HOOK IofCallDriver的功能,我现在想在新函数中把IRP的IO操作码获得应该怎么办呢?
|
|
|
沙发#
发布于:2007-01-09 12:36
我跟踪了一下IO STACK LOCATION,发现MajorFunciton里面是一个数字,是否所有的操作都已经编好号了呢?
|
|
|
板凳#
发布于:2007-01-09 13:07
right
|
|
|
|
地板#
发布于:2007-01-09 13:41
哪里有编号好的操作列表呢?
|
|
|
地下室#
发布于:2007-01-09 14:54
其实也就是需要IRP派遣例程的详细列表吧?
|
|
|
5楼#
发布于:2007-01-09 15:14
在ntddk.h中找到这个,应该就是了吧?
#define IRP_MJ_CREATE 0x00 #define IRP_MJ_CREATE_NAMED_PIPE 0x01 #define IRP_MJ_CLOSE 0x02 #define IRP_MJ_READ 0x03 #define IRP_MJ_WRITE 0x04 #define IRP_MJ_QUERY_INFORMATION 0x05 #define IRP_MJ_SET_INFORMATION 0x06 #define IRP_MJ_QUERY_EA 0x07 #define IRP_MJ_SET_EA 0x08 #define IRP_MJ_FLUSH_BUFFERS 0x09 #define IRP_MJ_QUERY_VOLUME_INFORMATION 0x0a #define IRP_MJ_SET_VOLUME_INFORMATION 0x0b #define IRP_MJ_DIRECTORY_CONTROL 0x0c #define IRP_MJ_FILE_SYSTEM_CONTROL 0x0d #define IRP_MJ_DEVICE_CONTROL 0x0e #define IRP_MJ_INTERNAL_DEVICE_CONTROL 0x0f #define IRP_MJ_SHUTDOWN 0x10 #define IRP_MJ_LOCK_CONTROL 0x11 #define IRP_MJ_CLEANUP 0x12 #define IRP_MJ_CREATE_MAILSLOT 0x13 #define IRP_MJ_QUERY_SECURITY 0x14 #define IRP_MJ_SET_SECURITY 0x15 #define IRP_MJ_POWER 0x16 #define IRP_MJ_SYSTEM_CONTROL 0x17 #define IRP_MJ_DEVICE_CHANGE 0x18 #define IRP_MJ_QUERY_QUOTA 0x19 #define IRP_MJ_SET_QUOTA 0x1a #define IRP_MJ_PNP 0x1b |
|