硬盘绑定问题

楼主^#

更多发布于：2009-05-31 18:07

NTSTATUS DriverEntry(IN OUT PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING RegistryPath)
{
/*-----------------------------------------------------------------建立一个控制设备 start*/
   NTSTATUS status = STATUS_UNSUCCESSFUL;
   UNICODE_STRING nameString;
   PSFILTER_DEVICE_EXTENSION pDevExt;
   RtlInitUnicodeString( &nameString, L"\\Device\\FileControl" );

   KdPrint(( "shar: 开始进入设备创建\n" ));

   // 生成控制设备
   status = IoCreateDevice( DriverObject,
   sizeof(_SFILTER_DEVICE_EXTENSION), //has no device extension
   &nameString,
   FILE_DEVICE_DISK_FILE_SYSTEM,
   FILE_DEVICE_SECURE_OPEN,
   FALSE,
   &gSFilterControlDeviceObject );
   if( NT_SUCCESS( status ))
   {
   gSFilterControlDeviceObject->Flags|=DO_BUFFERED_IO;
   pDevExt = (PSFILTER_DEVICE_EXTENSION)gSFilterControlDeviceObject->DeviceExtension;
   pDevExt->DiskDeviceObject = gSFilterControlDeviceObject;
   pDevExt->DeviceName = nameString;
   RtlInitUnicodeString (&deviceLinkUnicodeString, L"\\DosDevices\\FileControl" );
   pDevExt->strSymlinkName = deviceLinkUnicodeString;
   status = IoCreateSymbolicLink (&deviceLinkUnicodeString, &nameString );
   if(!NT_SUCCESS(status))
   {
   KdPrint (("shar: IoCreateSymbolicLink failed\n"));
   IoDeleteDevice( gSFilterControlDeviceObject );
   return status;
   }
   KdPrint(( "shar: 主设备创建成功\n" ));
   }
   else
   {
   KdPrint(( "shar: DriverEntry: Error creating control device object \"%wZ\",status=%08x\n", &nameString, status ));
   return status;
   }

   gSFilterDriverObject = DriverObject;
/*-----------------------------------------------------------------建立一个控制设备 end*/

/*-----------------------------------------------------------------学习驱动

/*-----------------------------------------------------------------*/
   ULONG i;
/*-----------------------------------------------------------------将我的驱动设备绑定到目标设备上去*/
   //for(i=0;i<26;i++)
   i = 2;
   {
   if(HookDrive( i,gSFilterControlDeviceObject )==TRUE)
   {
   KdPrint(("shar: 成功绑定驱动器 %c\n", 'A'+i ));
   }
   else
   {
   KdPrint(("shar: 绑定驱动器 %c失败\n", 'A'+i ));
   }
   }
/*-----------------------------------------------------------------*/

/*-----------------------------------------------------------------初始化驱动函数*/
   for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
   {
   KdPrint(( "shar: 第%08x次设置默认DSP函数\n",i ));
   DriverObject->MajorFunction = My_Dsp_Default;
   }

NTSTATUS My_Dsp_Default( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp )
{
   IoSkipCurrentIrpStackLocation(Irp);
   if( DeviceObject==gSFilterControlDeviceObject && DeviceObject->DriverObject==gSFilterDriverObject )
   {
   if((PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension!=NULL && ((PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension)->AttachedToDeviceObject!=NULL)
   {
   KdPrint(( "向下一个挂载设备发送IRP消息成功\n" ));
   return IoCallDriver(((PSFILTER_DEVICE_EXTENSION)DeviceObject->DeviceExtension)->AttachedToDeviceObject, Irp);
   }
   }
   return STATUS_SUCCESS;
}

BOOLEAN HookDrive( IN ULONG Drive,IN PDEVICE_OBJECT pDeviceObject )
{
   IO_STATUS_BLOCK ioStatus;
   HANDLE ntFileHandle;
   OBJECT_ATTRIBUTES objectAttributes;
   PDEVICE_OBJECT fileSysDevice;
   PDEVICE_OBJECT hookDevice;
   UNICODE_STRING fileNameUnicodeString;
   WCHAR filename[] = L"\\DosDevices\\A:\\";
   NTSTATUS ntStatus;
   ULONG i;
   PVOID pFileObject;

   PSFILTER_DEVICE_EXTENSION hookExtension;

   if( Drive >= 26 )
   {
   return FALSE;
   }

   filename[12] = (CHAR) ('A'+Drive);

   RtlInitUnicodeString( &fileNameUnicodeString, filename );
   KdPrint(( "HookDrive: 当前打开的设备是 \"%wZ\"\n", &fileNameUnicodeString ));
   InitializeObjectAttributes( &objectAttributes, &fileNameUnicodeString, OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE , NULL, NULL );

   ntStatus = ZwCreateFile( &ntFileHandle,
   SYNCHRONIZE|FILE_ANY_ACCESS,
   &objectAttributes,
   &ioStatus,
   NULL,
   FILE_ATTRIBUTE_NORMAL,
   FILE_SHARE_READ|FILE_SHARE_WRITE,
   FILE_OPEN,
   FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE,
   NULL,
   0 );
   if( !NT_SUCCESS( ntStatus ) )
   {
   KdPrint(("HookDrive: Could not open drive %c: %08x\n", 'A'+Drive, ntStatus ));
   return FALSE;
   }

   //KdPrint(("HookDrive: opened the root directory!!! handle: %x\n", ntFileHandle));
   ntStatus = ObReferenceObjectByHandle( ntFileHandle, FILE_READ_DATA, NULL, KernelMode,&pFileObject, NULL );
   if( !NT_SUCCESS( ntStatus ))
   {
   KdPrint(("HookDrive: Could not get fileobject from handle: %c\n", 'A'+Drive ));
   ZwClose( ntFileHandle );
   return FALSE;
   }

   fileSysDevice = IoGetRelatedDeviceObject( (FILE_OBJECT*)pFileObject );
   if( !fileSysDevice )
   {
   KdPrint(("HookDrive: Could not get related device object: %c\n", 'A'+Drive ));
   ObDereferenceObject( pFileObject );
   ZwClose( ntFileHandle );
   return FALSE;
   }

   pDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;

   hookExtension = (PSFILTER_DEVICE_EXTENSION)pDeviceObject->DeviceExtension;

   hookDevice = IoAttachDeviceToDeviceStack(pDeviceObject,fileSysDevice);
   if(hookDevice==NULL)
   {
   KdPrint(("HookDrive: Connect with Filesystem failed: %c (%x) =>\n", 'A'+Drive, fileSysDevice ));
   ObDereferenceObject( pFileObject );
   ZwClose( ntFileHandle );
   return FALSE;
   }
   else
   {
   m_TcpgetDevice = hookDevice;;
   hookExtension->AttachedToDeviceObject = hookDevice;
   KdPrint(("HookDrive: Successfully connected to Filesystem device %c\n", 'A'+Drive ));
   ObDereferenceObject( pFileObject );
   ZwClose( ntFileHandle );
   return TRUE;
   }
}
我的目标是绑定C盘驱动器然后保证IRP消息连完整，驱动安装后系统运行稳定
为什么我安装驱动后出错显示NT!NTWRITEFILE出错
shar: 开始进入设备创建
shar: 主设备创建成功
HookDrive: 当前打开的设备是 "\DosDevices\C:\"
HookDrive: Successfully connected to Filesystem device C
shar: 成功绑定驱动器 C
shar: 第00000000次设置默认DSP函数
shar: 第00000001次设置默认DSP函数
shar: 第00000002次设置默认DSP函数
shar: 第00000003次设置默认DSP函数
shar: 第00000004次设置默认DSP函数
shar: 第00000005次设置默认DSP函数
shar: 第00000006次设置默认DSP函数
shar: 第00000007次设置默认DSP函数
shar: 第00000008次设置默认DSP函数
shar: 第00000009次设置默认DSP函数
shar: 第0000000a次设置默认DSP函数
shar: 第0000000b次设置默认DSP函数
shar: 第0000000c次设置默认DSP函数
shar: 第0000000d次设置默认DSP函数
shar: 第0000000e次设置默认DSP函数
shar: 第0000000f次设置默认DSP函数
shar: 第00000010次设置默认DSP函数
shar: 第00000011次设置默认DSP函数
shar: 第00000012次设置默认DSP函数
shar: 第00000013次设置默认DSP函数
shar: 第00000014次设置默认DSP函数
shar: 第00000015次设置默认DSP函数
shar: 第00000016次设置默认DSP函数
shar: 第00000017次设置默认DSP函数
shar: 第00000018次设置默认DSP函数
shar: 第00000019次设置默认DSP函数
shar: 第0000001a次设置默认DSP函数
shar: 第0000001b次设置默认DSP函数
向下一个挂载设备发送IRP消息成功--------出现很多次后
向下一个挂载设备发送IRP消息成功
Access violation - code c0000005 (!!! second chance !!!)
nt!NtWriteFile+0x321:
80573569 ff530c call dword ptr [ebx+0Ch]
使用analyze -v
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

PROCESS_NAME: services.exe

FAULTING_IP:
nt!NtWriteFile+321
80573569 ff530c call dword ptr [ebx+0Ch]

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 80573569 (nt!NtWriteFile+0x00000321)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 0000000c
Attempt to read from address 0000000c

ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

READ_ADDRESS: 0000000c

BUGCHECK_STR: ACCESS_VIOLATION

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER: from 8053e638 to 80573569

STACK_TEXT:
b1db3d38 8053e638 000002d0 00000000 00000000 nt!NtWriteFile+0x321
b1db3d38 7c92e4f4 000002d0 00000000 00000000 nt!KiFastCallEntry+0xf8
00a7fd60 7c92df6c 76ce27c6 000002d0 00000000 ntdll!KiFastSystemCallRet
00a7fd64 76ce27c6 000002d0 00000000 00000000 ntdll!ZwWriteFile+0xc
00a7fdb0 76ce298d 003f3618 003f6968 000000d4 eventlog!WriteToLog+0x48
00a7fec0 76ce26d7 00a7ff00 003f6180 00a7ff6c eventlog!PerformWriteRequest+0x677
00a7fed0 76ce3ee7 00a7ff00 00000001 003f6148 eventlog!ElfPerformRequest+0x81
00a7ff6c 76ce3c38 00000090 003f6168 003f0178 eventlog!ElfProcessIoLPCPacket+0x24a
00a7ffb0 76ce63ba 7c80b713 00000000 003f0178 eventlog!ElfProcessLPCCalls+0xe2
00a7ffb4 7c80b713 00000000 003f0178 003f0178 eventlog!MainLPCThread+0xe
00a7ffec 00000000 76ce63a8 00000000 00000000 kernel32!BaseThreadStart+0x37

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!NtWriteFile+321
80573569 ff530c call dword ptr [ebx+0Ch]

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a

SYMBOL_NAME: nt!NtWriteFile+321

FAILURE_BUCKET_ID: ACCESS_VIOLATION_nt!NtWriteFile+321

BUCKET_ID: ACCESS_VIOLATION_nt!NtWriteFile+321

Followup: MachineOwner
---------

救命啊哪位大侠会劳烦指教一下

喜欢0

uljtg

驱动牛犊

注册日期2006-03-23
最后登录2011-12-03
粉丝0
关注0
积分19分
威望210点
贡献值0点
好评度46点
原创分0分
专家分0分

加关注写私信

沙发^#

发布于：2009-06-05 12:41

NTSTATUS My_Dsp_Default( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp )
{
   IoSkipCurrentIrpStackLocation(Irp);
   if( DeviceObject==gSFilterControlDeviceObject && DeviceObject->DriverObject==gSFilterDriverObject )
   {
   if((PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension!=NULL && ((PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension)->AttachedToDeviceObject!=NULL)
   {
   KdPrint(( "向下一个挂载设备发送IRP消息成功\n" ));
   return IoCallDriver(((PSFILTER_DEVICE_EXTENSION)DeviceObject->DeviceExtension)->AttachedToDeviceObject, Irp);
   }
   }
   return STATUS_SUCCESS;
}

再看看

回复喜欢

shar123 驱动牛犊注册日期2009-05-12 最后登录2009-10-09 粉丝0 关注0 积分59分威望461点贡献值0点好评度0点原创分0分专家分0分加关注写私信	板凳^# 发布于：2009-06-05 17:01 我使用这个方式不进行任何判别只把IRP从当前设备分发到下一个设备 NTSTATUS SfPassThrough(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->AttachedToDevice, Irp); } 还是出现问题
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册

硬盘绑定问题

最新喜欢：