|
阅读:1126回复:6
Read.ByteOffset.QuadPart 的值总是为0
Read.ByteOffset.QuadPart 的值总是为0
最近根据咱们论坛的《WindowsNT 文件系统内幕 开发者指南》在学习文件过滤驱动开发,我的系统是:Windows XP SP2,以下是我的问题: 我根据书中第602页的方式取得文件偏移量和长度,发现: Parameters.Read.ByteOffset.QuadPart、Parameters.Read.ByteOffset.LowPart、Parameters.Read.ByteOffset.HighPart 取得的值总是为0 Parameters.Read.Length 取得的长度为整个存放数据的Buffer的长度 我错在哪里,请各位大虾指点。 以下是我的代码,只摘录了读取函数: NTSTATUS MF_Read(__in PDEVICE_OBJECT DeviceObject, __in PIRP Irp) { NTSTATUS status = STATUS_SUCCESS; PIO_STACK_LOCATION pIrp = IoGetCurrentIrpStackLocation(Irp); PUCHAR pchOldBuf = NULL; KEVENT waitEvent; PFILE_OBJECT pFileObj = pIrp->FileObject; PFSRTL_COMMON_FCB_HEADER pFCBHead = pIrp->FileObject->FsContext; ASSERT_IS_MY_DEVICE(DeviceObject, Irp); KeInitializeEvent(&waitEvent, NotificationEvent, FALSE); SF_LOG_PRINT(SFDEBUG_DISPLAY_SfRead,("----> sfilter!MF_Read data buffer Length = %d\n", pIrp->Parameters.Read.Length)); IoCopyCurrentIrpStackLocationToNext(Irp); IoSetCompletionRoutine(Irp, (PIO_COMPLETION_ROUTINE)F_ReadComplete, &waitEvent, TRUE, TRUE, TRUE); status = IoCallDriver(((PSFILTER_DEVICE_EXTENSION)DeviceObject->DeviceExtension)->NLExtHeader.AttachedToDeviceObject, Irp); if(status != STATUS_PENDING) { SF_LOG_PRINT(SFDEBUG_DISPLAY_SfRead,("----> sfilter!MF_Read status != STATUS_PENDING =0x%X\n", status)); IoCompleteRequest(Irp, IO_NO_INCREMENT); return status; } status = KeWaitForSingleObject(&waitEvent, Executive, KernelMode, FALSE, NULL); ASSERT(STATUS_SUCCESS == status); SF_LOG_PRINT(SFDEBUG_DISPLAY_SfRead,("----> -2- sfilter!MF_Read data buffer Length = %d\n", pIrp->Parameters.Read.Length)); // 此处输出结果均为 0,郁闷呀! SF_LOG_PRINT(SFDEBUG_DISPLAY_SfRead,("----> -2- sfilter!MF_Read byteoffset LowPart = %d(0x%X), HighPart = %d(0x%X), QuadPart = %d(0x%X) \n", pIrp->Parameters.Read.ByteOffset.LowPart, pIrp->Parameters.Read.ByteOffset.LowPart, pIrp->Parameters.Read.ByteOffset.HighPart, pIrp->Parameters.Read.ByteOffset.HighPart, pIrp->Parameters.Read.ByteOffset.QuadPart, pIrp->Parameters.Read.ByteOffset.QuadPart)); SF_LOG_PRINT(SFDEBUG_DISPLAY_SfRead,("----> sfilter!MF_Read AllocationSize = %d\n", pFCBHead->AllocationSize)); SF_LOG_PRINT(SFDEBUG_DISPLAY_SfRead,("----> sfilter!MF_Read FileSize = %d\n", pFCBHead->FileSize)); SF_LOG_PRINT(SFDEBUG_DISPLAY_SfRead,("----> sfilter!MF_Read ValidDataLength = %d\n", pFCBHead->ValidDataLength)); if(Irp->MdlAddress != NULL) { pchOldBuf =(PUCHAR)MmGetSystemAddressForMdlSafe(Irp->MdlAddress, HighPagePriority); } else if(Irp->UserBuffer != NULL) { pchOldBuf = Irp->UserBuffer; } else { Irp->IoStatus.Status = STATUS_INVALID_USER_BUFFER; Irp->IoStatus.Information = 0; IoCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_INVALID_USER_BUFFER; } IoCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_SUCCESS; } |
|
|
沙发#
发布于:2008-07-08 11:20
有牛人吗?在线等待!
|
|
|
板凳#
发布于:2008-07-08 13:01
有没有人哪?
|
|
|
地板#
发布于:2008-07-08 14:32
pIrp->Parameters.Read.ByteOffset为文件起始位置开始的偏移
当然可以为0了 难道为哦就不可以吗?非得是非0 ? |
|
|
地下室#
发布于:2008-07-08 18:14
谢 mz_suya 达人赐教,但关键是读取一个文件的每一个IRP包都为 0 。郁闷呀!
|
|
|
5楼#
发布于:2008-07-09 11:00
有时候是会有多个偏移为0的irp的,你用大文件试试,肯定有偏移不是0的
|
|
驱动小牛
|
6楼#
发布于:2008-07-09 19:13
1.你在CALLDRIVER之前,查看一下.
2.QUADPART要要用%I64d或%I64x来打印,否则会影响之后的参数,也就是说,下次打印的可能是上次的值. |
|