|
阅读:2153回复:2
请帮我看看错误
我创建设备绑定到硬盘的所有分区上,但是却出现这个错误
SXS: BasepSxsCreateFileStream() NtOpenFile(\??\C:\WINDOWS\system32\svchost.exe.Manifest) failed SXS: BasepSxsCreateFileStream() NtOpenFile(\??\C:\WINDOWS\system32\svchost.exe.Manifest) 现象是当打开文件的时候,操作系统最下面(状态栏中)没有所打开对象的标签 请大家帮我分析分析 Unknown bugcheck code (0) Unknown bugcheck description Arguments: Arg1: 00000000 Arg2: 00000000 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ PROCESS_NAME: Idle FAULTING_IP: nt!RtlpBreakWithStatusInstruction+0 80528bdc cc int 3 EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 80528bdc (nt!RtlpBreakWithStatusInstruction) ExceptionCode: 80000003 (Break instruction exception) ExceptionFlags: 00000000 NumberParameters: 3 Parameter[0]: 00000000 Parameter[1]: 8054bd4c Parameter[2]: 000003f8 ERROR_CODE: (NTSTATUS) 0x80000003 - { EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - <Unable to get error code text> EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 8054bd4c EXCEPTION_PARAMETER3: 000003f8 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x0 STACK_TEXT: 8054abac 8054209d 00000001 86df3a02 000000d1 nt!RtlpBreakWithStatusInstruction 8054abac ba9ca162 00000001 86df3a02 000000d1 nt!KeUpdateSystemTime+0x165 8054ac50 80542af0 00000000 0000000e 00000000 intelppm!AcpiC1Idle+0x12 8054ac54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x10 STACK_COMMAND: kb FOLLOWUP_IP: nt!RtlpBreakWithStatusInstruction+0 80528bdc cc int 3 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!RtlpBreakWithStatusInstruction+0 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlpa.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4802516a BUCKET_ID: MANUAL_BREAKIN Followup: MachineOwner 我该从哪里下手啊 |
|
|
沙发#
发布于:2009-06-05 12:35
没有代码谁也帮不了你
|
|
|
板凳#
发布于:2009-06-05 17:00
不好意思 现在补上
NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ){ int i; NTSTATUS status; UNICODE_STRING nameString; UNICODE_STRING DosNameLink; PDEVICE_OBJECT FilterDevice; WCHAR filename[] = L"\\DosDevices\\A:\\"; KdPrint(("DriverEntry: DriverObject->DriverName======== %s\n",&(DriverObject->DriverName))); //首先创建一个CDO RtlInitUnicodeString(&nameString, L"\\Device\\FileEncipter"); status = IoCreateDevice( DriverObject, 0, &nameString, FILE_DEVICE_DISK_FILE_SYSTEM, FILE_DEVICE_SECURE_OPEN, FALSE, &g_CDO ); if (!NT_SUCCESS(status)) { KdPrint(("DriverEntry:Error Create cdo, status = %08x\n", status)); return status; } g_CDO->Flags |= DO_DIRECT_IO; g_CDO->Flags &= ~DO_DEVICE_INITIALIZING; for (i=0; i<=IRP_MJ_MAXIMUM_FUNCTION; i++) { DriverObject->MajorFunction = SfPassThrough; } DriverObject->DriverUnload = DriverUnload; RtlInitUnicodeString(&DosNameLink,L"\\DosDevices\\FileEncipter"); status=IoCreateSymbolicLink(&DosNameLink,&nameString); if (!NT_SUCCESS(status)) { KdPrint(("DriverEntry:Error IoCreateSymbolicLink, status = %08x\n", status)); return status; } //FastIO中的所有函数我让它都只返回FALSE InitFastIo(DriverObject); i = 2; { filename[12] = (CHAR)('A'+i); FilterDevice = NULL; RtlInitUnicodeString(&nameString, filename); if (!AttachToDiskDevice(&nameString, &FilterDevice)) { KdPrint(("Filemon: 绑定驱动器 %c失败\n", 'A'+i )); if(FilterDevice!=NULL) IoDeleteDevice(FilterDevice); } else { KdPrint(("Filemon: 成功绑定驱动器 %c\n", 'A'+i )); } } /*-----------------------------------------------------------------*/ 绑定函数是 BOOLEAN AttachToDiskDevice(IN PUNICODE_STRING pDiskName, OUT PDEVICE_OBJECT *pOurDevice) { int i; NTSTATUS status; PDEVICE_EXTENSION DevEx; PDEVICE_OBJECT DiskDeviceObject,pDevice; PDEVICE_OBJECT NewDeviceObject; IO_STATUS_BLOCK ioStatus; OBJECT_ATTRIBUTES objectAttributes; PFILE_OBJECT fileObject = NULL; HANDLE ntFileHandle; InitializeObjectAttributes(&objectAttributes, pDiskName, OBJ_CASE_INSENSITIVE, NULL, NULL ); status = ZwCreateFile(&ntFileHandle, SYNCHRONIZE|FILE_ANY_ACCESS, &objectAttributes, &ioStatus, NULL, 0, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE, NULL, 0); if (!NT_SUCCESS(status)) { KdPrint(("AttachToDiskDevice: Could not open drive\n")); return FALSE; } KdPrint(("AttachToDiskDevice:Open Device is OK ,status = %08x\n",status)); status = ObReferenceObjectByHandle(ntFileHandle, FILE_READ_DATA, NULL, KernelMode, &fileObject, NULL); if(!NT_SUCCESS(status)) { KdPrint(("AttachToDiskDevice: Could not get fileobject from handle\n")); ZwClose(ntFileHandle); return FALSE; } KdPrint(("AttachToDiskDevice:Get reference object handle OK ,status = %08x\n",status)); DiskDeviceObject = IoGetRelatedDeviceObject(fileObject); if(!DiskDeviceObject) { KdPrint(("AttachToDiskDevice: Could not get related device object\n")); goto ErrHand; } //创建挂载设备 status = IoCreateDevice(g_CDO->DriverObject, sizeof(DEVICE_EXTENSION), NULL, DiskDeviceObject->DeviceType, FILE_DEVICE_SECURE_OPEN, FALSE, &NewDeviceObject ); if (!NT_SUCCESS(status)) { goto ErrHand; } NewDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING; *pOurDevice = NewDeviceObject; DevEx = NewDeviceObject->DeviceExtension; DevEx->PhysicDevice = DiskDeviceObject; DevEx->DeviceName.Length = 0; DevEx->DeviceName.MaximumLength = sizeof(DevEx->DeviceNameBuffer); DevEx->DeviceName.Buffer = DevEx->DeviceNameBuffer; SfGetObjectName(g_CDO, &(DevEx->DeviceName)); //执行挂载 DevEx->AttachedToDevice = IoAttachDeviceToDeviceStack(NewDeviceObject, DiskDeviceObject); if (!DevEx->AttachedToDevice) { goto ErrHand; } KdPrint(("AttachToDiskDevice:Attath Device is OK\n")); ObDereferenceObject(fileObject); ZwClose(ntFileHandle); return TRUE; ErrHand: KdPrint(("AttachToDiskDevice:AttachDevice Failed status %08x\n", status)); ObDereferenceObject(fileObject); ZwClose(ntFileHandle); return FALSE; } return status; } 默认分发函数是 NTSTATUS SfPassThrough(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->AttachedToDevice, Irp); } |
|