|
阅读:1779回复:6
关与ZwWriteFile()的错误
参考了本论坛上的例子,在sfilter中用系统线程写字符到某个文件中,但出现了ZwWriteFile()的错误,请大家帮看一下,代码如下:
全局变量: typedef struct _GLOBALS_FILELIST_INFO { HANDLE g_FileHandle; PVOID g_ThreadObject; BOOLEAN g_ThreadShouldStop; KEVENT g_FileListEvent; }GLOBALS_FILELIST_INFO,*PGLOBALS_FILELIST_INFO; static GLOBALS_FILELIST_INFO g_FileList_Info; PCHAR logInformation = “xxx”; 打开文件 NTSTATUS SfOpenFile( WCHAR *wFileName ) { NTSTATUS status = STATUS_SUCCESS; IO_STATUS_BLOCK IoStatusBlock; UNICODE_STRING uniFileName; OBJECT_ATTRIBUTES ObjectAttributes; RtlInitUnicodeString(&uniFileName,wFileName); InitializeObjectAttributes( &ObjectAttributes, &uniFileName, OBJ_CASE_INSENSITIVE, NULL, NULL ); status = ZwCreateFile(&g_FileList_Info.g_FileHandle, GENERIC_READ | GENERIC_WRITE, &ObjectAttributes, &IoStatusBlock, 0, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OVERWRITE_IF, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0 ); if(!NT_SUCCESS(status)) DbgPrint("Cannot ZwCreateFile %S",wFileName); return status; } 线程函数中,ZwWriteFile不成功, VOID FileListThread( IN PVOID Context ) { PGLOBALS_FILELIST_INFO pFileListInfo = (PGLOBALS_FILELIST_INFO) Context; IO_STATUS_BLOCK IoStatusBlock; NTSTATUS status; KeSetPriorityThread( KeGetCurrentThread(), LOW_REALTIME_PRIORITY ); while(TRUE) { KeWaitForSingleObject( &pFileListInfo->g_FileListEvent, Executive, KernelMode, FALSE, NULL ); status = ZwWriteFile( pFileListInfo->g_FileHandle, NULL, NULL, NULL, &IoStatusBlock, logInformation, strlen(logInformation), NULL, NULL ); //这里始终出错 if(!NT_SUCCESS(status)) { DbgPrint("SFILTER: Write File Failed"); } if(pFileListInfo->g_ThreadShouldStop) { ZwClose(pFileListInfo->g_FileHandle); PsTerminateSystemThread(STATUS_SUCCESS); } } } DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) { //打开文件成功了 status = SfOpenFile(L"\\??\\D:\\安装软件\\xuxy.txt"); if(!NT_SUCCESS(status)) { DbgPrint("Cannot Open File"); } KeInitializeEvent( &g_FileList_Info.g_FileListEvent, SynchronizationEvent, FALSE ); g_FileList_Info.g_ThreadShouldStop = FALSE; //创建线程也成功 status = PsCreateSystemThread( &hthread, THREAD_ALL_ACCESS, NULL, NULL, NULL, FileListThread, &g_FileList_Info ); if(!NT_SUCCESS(status)) { DbgPrint("Sfilter: Create System Thread Failed"); } //获得线程地址也成功 status = ObReferenceObjectByHandle( hthread, THREAD_ALL_ACCESS, NULL, KernelMode, &g_FileList_Info.g_ThreadObject, NULL ); if(!NT_SUCCESS(status)) { ZwClose(hthread); g_FileList_Info.g_ThreadShouldStop = TRUE; KeSetEvent( &g_FileList_Info.g_FileListEvent, IO_NO_INCREMENT, FALSE ); } ZwClose(hthread); } |
|
|
沙发#
发布于:2005-06-27 12:42
我也是写文件,但是没有你说的这么复杂。
你可以看看返回的status的信息。是什么原因。 另外:看到你以前监视打印内容的问题。你是用genprint吗? |
|
|
板凳#
发布于:2005-06-27 13:59
我发现是线程函数中的
KeWaitForSingleObject( &pFileListInfo->g_FileListEvent, Executive, KernelMode, FALSE, NULL );有错,这里阻塞写文件太久了, |
|
|
地板#
发布于:2005-06-27 14:29
在线程里打开文件,再写数据
|
|
|
地下室#
发布于:2005-06-27 19:11
论坛例子中,在线程函数里有处理队列的代码,你是不是拉了没写呀。
线程中的事件,你是在哪里设置为信号状态的? |
|
|
5楼#
发布于:2005-06-28 11:11
我知道了,KeWaitForSingleObject一直都是非信号态,在程序中我没有将它设为信号态,因此ZwWriteFile一直不成功,
|
|
|
6楼#
发布于:2005-06-29 12:48
回答我那个问题呀:
你用什么方法监视打印内容的? 谢谢 |
|