|
阅读:1369回复:0
【求助】TDI_Filter中遇到的问题。。。
是用的寒江独钓那本书的例子,我设计的框架更简单,只绑定了TCP一个例子
想实现对TCP上进行的连接的监控,打印出IP和进程PID 但是编译好的驱动总是蓝屏,我一行一行的注释掉代码排错 ,最后发现问题出在这里 KEVENT keven; tai = (TDI_ADDRESS_INFO*)ExAllocatePool(NonPagedPool, TDI_ADDRESS_INFO_MAX); mdl= IoAllocateMdl(tai, TDI_ADDRESS_INFO_MAX, FALSE, FALSE, NULL); MmBuildMdlForNonPagedPool(mdl); KeInitializeEvent(&keven, NotificationEvent, TRUE); quirp->UserIosb = &Iostats; quirp->UserEvent = &keven; TdiBuildQueryInformation(quirp, lowde, irps->FileObject, tdi_funip, context, TDI_QUERY_ADDRESS_INFO, mdl);//问题所在 stats = IoCallDriver(lowde, quirp); if (stats == STATUS_PENDING) { KeWaitForSingleObject(&keven, Executive, KernelMode, FALSE, NULL); stats = Iostats.Status; DbgPrint("pengding sucess2..\n"); } DbgPrint("callback success..\n"); return STATUS_SUCCESS; 以上这段代码在IRP_MJ_CREATE的回调函数里 TdiBuildQueryInformation(quirp, lowde, irps->FileObject, tdi_funip, context, TDI_QUERY_ADDRESS_INFO, mdl); 注释掉这句 和stats = IoCallDriver(lowde, quirp); 就不会蓝屏 萌新学驱动,跪求高手指点下原因,百度搜来搜去也找不到相关资料,快哭了 |
|
