请问tooflat大侠的这段代码有什么问题?

我把tooflat大侠read例程skip掉就一切正常,如果不skip打开大的word文档就会出现第一页的内容,然后就马上黑屏死机,不知道是哪里出问题了,请指点指点!



NTSTATUS
SfRead(
    IN PDEVICE_OBJECT DeviceObject,
    IN PIRP Irp
    )
{
    PSFILTER_DEVICE_EXTENSION DevExt = (PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension;
    PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
    PFILE_OBJECT FileObject = IrpSp->FileObject;
    PREAD_WRITE_COMPLETION_CONTEXT CompletionCtx = NULL;
    PVOID OldBuffer = NULL;
    PMDL Mdl = NULL;
    PVOID MyBuffer = NULL;
    ULONG Length = 0;
    FILE_CONTEXT_HDR FileCtxHdr;
    PFILE_CONTEXT FileCtxPtr = NULL;
    NTSTATUS Status = STATUS_SUCCESS;
    
    PAGED_CODE();

    //
    // Sfilter doesn't allow handles to its control device object to be created,
    // therefore, no other operation should be able to come through.
    //  
    //ASSERT(!IS_MY_CONTROL_DEVICE_OBJECT(DeviceObject));
    if (IS_MY_CONTROL_DEVICE_OBJECT(DeviceObject))
    {
        //
        //  TFilter doesn't allow for any communication through its control
        //  device object, therefore it fails all requests to open a handle
        //  to its control device object.
        //
        //  See the FileSpy sample for an example of how to allow creates to
        //  the filter's control device object and manage communication via
        //  that handle.
        //
        Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
        Irp->IoStatus.Information = 0;

        IoCompleteRequest( Irp, IO_NO_INCREMENT );

        return STATUS_INVALID_DEVICE_REQUEST;
    }
    ASSERT(IS_MY_DEVICE_OBJECT(DeviceObject));

    //
    // We only care about volume filter device object
    //
    if (!DevExt->StorageStackDeviceObject)
    {
        IoSkipCurrentIrpStackLocation(Irp);
        return IoCallDriver(DevExt->AttachedToDeviceObject, Irp);
    }

#if DBG
    if (DevExt->DriveLetter == DEBUG_VOLUME)
    {
        IoSkipCurrentIrpStackLocation(Irp);
        return IoCallDriver(DevExt->AttachedToDeviceObject, Irp);
    }
#endif
    
    if (!(Irp->Flags & (IRP_NOCACHE | IRP_PAGING_IO | IRP_SYNCHRONOUS_PAGING_IO)))
    {
        IoSkipCurrentIrpStackLocation(Irp);
        return IoCallDriver(DevExt->AttachedToDeviceObject, Irp);
    }
               if (1)    //如果有这个条件就不会死机
    {
        IoSkipCurrentIrpStackLocation(Irp);
        return IoCallDriver(DevExt->AttachedToDeviceObject, Irp);
    }


    ExAcquireFastMutex(&DevExt->FsCtxTableMutex);
    
    FileCtxHdr.FsContext = FileObject->FsContext;
    FileCtxPtr = RtlLookupElementGenericTable(&DevExt->FsCtxTable, &FileCtxHdr);
    
    ExReleaseFastMutex(&DevExt->FsCtxTableMutex);
    
    if (!FileCtxPtr || !FileCtxPtr->DecryptOnRead)
    {
        IoSkipCurrentIrpStackLocation(Irp);
        return IoCallDriver(DevExt->AttachedToDeviceObject, Irp);
    }        

    do
    {
        Length = IrpSp->Parameters.Read.Length;

        if (Irp->MdlAddress)
        {
            OldBuffer = MmGetSystemAddressForMdl(Irp->MdlAddress);
        }
        else
        {
            Mdl = IoAllocateMdl(Irp->UserBuffer, Length, FALSE, FALSE, NULL);
            if (Mdl == NULL)
            {
                KdPrint(("sfilter!SfRead: IoAllocateMdl failed\n"));
                Status = STATUS_INSUFFICIENT_RESOURCES;
                break;
            }

            try
            {
                MmProbeAndLockPages(Mdl, Irp->RequestorMode, IoWriteAccess);
            }
            except (EXCEPTION_EXECUTE_HANDLER)
            {
                KdPrint(("sfilter!SfRead: STATUS_INVALID_USER_BUFFER\n"));
                IoFreeMdl(Mdl);
                Status = STATUS_INVALID_USER_BUFFER;
                break;
            }

            OldBuffer = MmGetSystemAddressForMdl(Mdl);
        }

        if (!OldBuffer)
        {
            KdPrint(("sfilter!SfRead: STATUS_INVALID_PARAMETER\n"));
            if (Mdl)
            {
                MmUnlockPages(Mdl);
                IoFreeMdl(Mdl);
            }
            Status = STATUS_INVALID_PARAMETER;
            break;
        }

        CompletionCtx = ExAllocateFromNPagedLookasideList(&gReadWriteCompletionCtxLookAsideList);
        if (!CompletionCtx)
        {
            KdPrint(("sfilter!SfRead: STATUS_INSUFFICIENT_RESOURCES\n"));
            if (Mdl)
            {
                MmUnlockPages(Mdl);
                IoFreeMdl(Mdl);
            }
            Status = STATUS_INSUFFICIENT_RESOURCES;
            break;
        }

        MyBuffer = ExAllocatePoolWithTag(NonPagedPool, IrpSp->Parameters.Write.Length, SFLT_POOL_TAG);
        RtlZeroMemory(MyBuffer,IrpSp->Parameters.Write.Length);

        if (!MyBuffer)
        {
            KdPrint(("sfilter!SfRead: STATUS_INSUFFICIENT_RESOURCES\n"));
            if (Mdl)
            {
                MmUnlockPages(Mdl);
                IoFreeMdl(Mdl);
            }
            ExFreePool(CompletionCtx);
            Status = STATUS_INSUFFICIENT_RESOURCES;
            break;
        }

        CompletionCtx->OldMdl = Irp->MdlAddress;
        CompletionCtx->OldUserBuffer = Irp->UserBuffer;
        CompletionCtx->OldSystemBuffer = Irp->AssociatedIrp.SystemBuffer;

        CompletionCtx->MdlForUserBuffer = Mdl;

        CompletionCtx->OldBuffer = OldBuffer;
        CompletionCtx->MyBuffer = MyBuffer;
        CompletionCtx->Length = Length;

        Irp->MdlAddress = IoAllocateMdl(MyBuffer, IrpSp->Parameters.Read.Length, FALSE, TRUE, NULL);
        if (!Irp->MdlAddress)
        {
            KdPrint(("sfilter!SfRead: STATUS_INSUFFICIENT_RESOURCES\n"));
            Irp->MdlAddress = CompletionCtx->OldMdl;
            if (Mdl)
            {
                MmUnlockPages(Mdl);
                IoFreeMdl(Mdl);
            }
            ExFreePool(CompletionCtx);
            ExFreePool(MyBuffer);
            Status = STATUS_INSUFFICIENT_RESOURCES;
            break;
        }
        
        //KdPrint(("sfilter!SfRead: Decrypt %ws\n", FileCtxPtr->Name));
        
        MmBuildMdlForNonPagedPool(Irp->MdlAddress);
        Irp->UserBuffer = MmGetMdlVirtualAddress(Irp->MdlAddress);

        IoCopyCurrentIrpStackLocationToNext(Irp);
        IoSetCompletionRoutine(Irp, SfReadCompletion, CompletionCtx, TRUE, TRUE,TRUE);
    
        return IoCallDriver(DevExt->AttachedToDeviceObject, Irp);

    } while (FALSE);

    Irp->IoStatus.Status = Status;
    IoCompleteRequest(Irp, IO_NO_INCREMENT);
    
    return Status;
}

NTSTATUS
SfReadCompletion(
    IN PDEVICE_OBJECT DeviceObject,
    IN PIRP Irp,
    IN PVOID Context
    )
{
    PREAD_WRITE_COMPLETION_CONTEXT CompletionCtx = (PREAD_WRITE_COMPLETION_CONTEXT) Context;
    PSFILTER_DEVICE_EXTENSION DevExt = (PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension;
    PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
    PFILE_OBJECT FileObject = IrpSp->FileObject;
    FILE_CONTEXT_HDR FileCtxHdr;
    PFILE_CONTEXT FileCtxPtr = NULL;
    ULONG Offset = 0;
               NTSTATUS Status = STATUS_SUCCESS;
               ULONG i=0;

 
    UNREFERENCED_PARAMETER(DeviceObject);

    if (Irp->PendingReturned)
        IoMarkIrpPending(Irp);

    IoFreeMdl(Irp->MdlAddress);

    Irp->MdlAddress = CompletionCtx->OldMdl;
    Irp->UserBuffer = CompletionCtx->OldUserBuffer;
    Irp->AssociatedIrp.SystemBuffer = CompletionCtx->OldSystemBuffer;
  

     for (Offset = 0; Offset < CompletionCtx->Length; ++Offset)
     {
         ((PUCHAR) CompletionCtx->OldBuffer)[Offset] = ((PUCHAR) CompletionCtx->MyBuffer)[Offset];
      }

    if (CompletionCtx->MdlForUserBuffer)
    {
        MmUnlockPages(CompletionCtx->MdlForUserBuffer);
        IoFreeMdl(CompletionCtx->MdlForUserBuffer);
    }

    ExFreePoolWithTag(CompletionCtx->MyBuffer, SFLT_POOL_TAG);
    ExFreeToNPagedLookasideList(&gReadWriteCompletionCtxLookAsideList, CompletionCtx);

    return STATUS_SUCCESS;
}

主要还是ms office引起的,不知道有什么好的解决办法?

691.016      Default            sfilter!SfRead: Decrypt D:\kkkd\~WRD0002.tmp  
691.016      Default            sfilter!SfRead: Decrypt ((PFSRTL_COMMON_FCB_HEADER)FileObject->FsContext)->FileSize.QuadPart = 6144
691.016      Default            sfilter!SfRead: Decrypt ((PFSRTL_COMMON_FCB_HEADER)FileObject->FsContext)->ValidDataLength.QuadPart = 0

H in MSGR3SC.DLL

692.719      Default            sfilter!SfWrite:!!! Encrypt D:\kkkd\~WRL0005.tmp  
692.719      Default            sfilter!SfWrite: Encrypt ((PFSRTL_COMMON_FCB_HEADER)FileObject->FsContext)->FileSize.QuadPart = 0
692.719      Default            sfilter!SfWrite: Encrypt ((PFSRTL_COMMON_FCB_HEADER)FileObject->FsContext)->ValidDataLength.QuadPart = 0
692.719      Default            sfilter!SfWrite: Encrypt  FileObject->CurrentByteOffset.LowPart = 23040
692.813      Default            SFilter!SioctlDeviceControl 压缩前长度 CompressDataLen = 509
692.828      Default            SFilter!SioctlDeviceControl 压缩后长度 CompressDataLen = 62
692.828      Default            lsx KeClearEvent gpEventObject sussfully!
692.828      Default            sfilter!SfWrite: 开始添加加密标记 Encrypt D:\kkkd\~WRL0005.tmp need compress!  
692.828      Default            lsx CompressWaitEvent sussfully!

fCreate: FileName = D:\kkkd\lsx.doc
693.719      Default            sfilter!SfWrite:!!! Encrypt D:\DOCUME~1\lsx\LOCALS~1\Temp\~WRS0004.tmp  
693.719      Default            sfilter!SfWrite: Encrypt ((PFSRTL_COMMON_FCB_HEADER)FileObject->FsContext)->FileSize.QuadPart = 0
693.719      Default            sfilter!SfWrite: Encrypt ((PFSRTL_COMMON_FCB_HEADER)FileObject->FsContext)->ValidDataLength.QuadPart = 0
693.719      Default            sfilter!SfWrite: Encrypt  FileObject->CurrentByteOffset.LowPart = 5254
693.797      Default            SFilter!SioctlDeviceControl 压缩前长度 CompressDataLen = 509
693.813      Default            SFilter!SioctlDeviceControl 压缩后长度 CompressDataLen = 29
693.813      Default            lsx KeClearEvent gpEventObject sussfully!
693.813      Default            sfilter!SfWrite: 开始添加加密标记 Encrypt D:\DOCUME~1\lsx\LOCALS~1\Temp\~WRS0004.tmp need compress!  
693.813      Default            lsx CompressWaitEvent sussfully!

当((PFSRTL_COMMON_FCB_HEADER)FileObject->FsContext)->FileSize.QuadPart 为0时,为什么FileObject->CurrentByteOffset.LowPart 不为零?,如果只想对文件头512个字节进行处理,需要根据什么来判断文件指针偏移位置才是正确的?