|
阅读:1790回复:1
IRP_MJ_CREATE完成后发送IRP_MJ_READ碰到的问题
在收到 IRP_MJ_CREATE 后,让其完成,完成后,使用IoBuildAsynchronousFsdRequest构造IRP_MJ_READ读取文件头,在XP、2K、2003下运行都正常,在Vista、Windows 7下运行一会就会蓝屏(DRIVER_OVERRAN_STACK_BUFFER (f7) ),请教各位大佬,不甚感激!
********** Source ************* NTSTATUS DriverEntry ( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { ... for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++) { DriverObject->MajorFunction = SfPassThrough; } DriverObject->MajorFunction[IRP_MJ_CREATE] = SfCreate; ... } SfCreate( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation( Irp ); ... Status = SfWaitIrpDone( ... ) if ( ( NT_SUCCESS( Status ) ) && ( NULL != IrpSp->FileObject ) && ( NULL != IrpSp->FileObject->FsContext ) ) { PUCHAR strBuf = ExAllocatePool( NonPagedPool, 4096 ); LARGE_INTEGER liFileHead; IO_STATUS_BLOCK IoStatusBlock; if ( NULL != strBuf ) { liFileHead.QuadPart = 0; KfcRead( DeviceObject, IrpSp->FileObject, &liFileHead, 4096, strBuf, &IoStatusBlock); ExFreePool( strBuf ); } ... } ... } NTSTATUS SfWaitIrpDoneCompletion ( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context ) { PKEVENT pEvent = Context; if ( Irp->PendingReturned ) { KeSetEvent( pEvent, IO_NO_INCREMENT, FALSE ); } return STATUS_MORE_PROCESSING_REQUIRED; } NTSTATUS SfWaitIrpDone( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { KEVENT Event; NTSTATUS Status; KeInitializeEvent( &Event, NotificationEvent, FALSE ); IoCopyCurrentIrpStackLocationToNext( Irp ); IoSetCompletionRoutine( Irp, SfWaitIrpDoneCompletion, &Event, TRUE, TRUE, TRUE ); Status = IoCallDriver( DeviceObject, Irp ); if (STATUS_PENDING == Status) { KeWaitForSingleObject( &Event, Executive, KernelMode, FALSE, NULL ); } Status = Irp->IoStatus.Status; return Status; } static VOID KfcRead(PDEVICE_OBJECT v_pDeviceObject, PFILE_OBJECT v_pFileObject, PLARGE_INTEGER v_liOffset, ULONG v_Length, PUCHAR v_strBuf, PIO_STATUS_BLOCK v_IoStatusBlock) { PIRP irp; KEVENT event; PIO_STACK_LOCATION ioStackLocation; NTSTATUS Status; KeInitializeEvent(&event, NotificationEvent, FALSE); irp = IoBuildAsynchronousFsdRequest( IRP_MJ_READ, v_pDeviceObject, v_strBuf, v_Length, v_liOffset, v_IoStatusBlock ); if( NULL==irp ) { v_IoStatusBlock->Status = STATUS_INSUFFICIENT_RESOURCES; v_IoStatusBlock->Information = 0; return; } irp->Flags = 0x43; ioStackLocation = IoGetNextIrpStackLocation(irp); ioStackLocation->MajorFunction = IRP_MJ_READ; ioStackLocation->MinorFunction = 0; ioStackLocation->DeviceObject = v_pDeviceObject; ioStackLocation->FileObject = v_pFileObject; IoSetCompletionRoutine(irp, KfcIoCompletion, &event, TRUE, TRUE, TRUE); Status = IoCallDriver(v_pDeviceObject, irp); if(Status == STATUS_PENDING) { KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, 0); } } static NTSTATUS KfcIoCompletion(PDEVICE_OBJECT DeviceObject, PIRP Irp, PVOID Context) { *Irp->UserIosb = Irp->IoStatus; if ( ( NULL != Irp->AssociatedIrp.SystemBuffer ) && ( Irp->Flags & IRP_DEALLOCATE_BUFFER ) ) { ExFreePool(Irp->AssociatedIrp.SystemBuffer); } else if ( Irp->MdlAddress != NULL ) { PMDL mdl, nextMdl; for (mdl = Irp->MdlAddress; mdl != NULL; mdl = nextMdl) { nextMdl = mdl->Next; MmUnlockPages( mdl ); IoFreeMdl( mdl ); // This function will also unmap pages. } Irp->MdlAddress = NULL; } if ( Irp->PendingReturned ) { KeSetEvent( (PKEVENT)Context, IO_NO_INCREMENT, FALSE); } IoFreeIrp( Irp ); return STATUS_MORE_PROCESSING_REQUIRED; } NTSTATUS SfPassThrough ( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { IoSkipCurrentIrpStackLocation( Irp ); return IoCallDriver( ((PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension)->NLExtHeader.AttachedToDeviceObject, Irp ); } |
|
|
沙发#
发布于:2009-11-16 09:05
自己顶一个。
发到OSROnline上,回复说KfcRead里面用到了局部变量,没有等Irp返回就释放了导致。可是我仔细检查了程序,没有发现有这种可能。而且在XP、2K下运行1、2年了,都运行的好好的。唯独在 Vista 上或者 Win7 上运行大概1分钟,就蓝屏。 透明加解密中:文件打开后,读取文件头,判断是否为加密文件,这个应该很多人都这么做吧?大家都没有碰到过这个问题? |
|