求助:nt式usb过滤驱动,驱动不能过滤读写,却可以过滤pnp

楼主^#

更多发布于：2009-09-14 00:19

主要代码:
Windows xp
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
   IN PUNICODE_STRING RegistryPath
   )
{
   NTSTATUS status;
   DriverObject->DriverUnload = DriverUnload;

   for(ULONG i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
   {
   DriverObject->MajorFunction = DispatchGeneral;
   }
   DriverObject->MajorFunction[IRP_MJ_WRITE] = DispatchWrite;
   DriverObject->MajorFunction[IRP_MJ_SCSI] = DispatchWrite; // 加了这句后仍然不能过滤掉写入
   DriverObject->MajorFunction[IRP_MJ_POWER] = OnPower;
   DriverObject->MajorFunction[IRP_MJ_PNP] = OnPnp;

   // attach到usb驱动上
   status = AttachUsbDriver(DriverObject);

   return status;
}

// 打算用这个来处理写入请求.结果不工作.
NTSTATUS DispatchWrite(IN PDEVICE_OBJECT DeviceObject,
   IN PIRP Irp)
{
   KdPrint(("Write!\n"));
   return STATUS_ACCESS_DENIED;
}

// 这个是attach到上层驱动,用device tree看了下,能正常工作.
NTSTATUS AttachUsbDriver(IN PDRIVER_OBJECT DriverObject)
{
   NTSTATUS status;
   UNICODE_STRING ustrName;
   PDRIVER_OBJECT usbDriver;
   PDEVICE_OBJECT usbDevice;
   PDEVICE_OBJECT pfltDevice;
   PDEVICE_OBJECT pLowerDevice;
   PDEVICE_EXTENSION pdx;

   RtlInitUnicodeString(&ustrName, L"\\Driver\\USBSTOR");

   status = ObReferenceObjectByName(&ustrName, OBJ_CASE_INSENSITIVE,
   NULL, 0, IoDriverObjectType,
   KernelMode, NULL, (PVOID*)&usbDriver);
   if(!NT_SUCCESS(status))
   {
   KdPrint(("Couldn't get usb driver\n"));
   return status;
   }

   usbDevice = usbDriver->DeviceObject;
   // 遍历usb设备对象.
   while(NULL != usbDevice)
   {
   status = IoCreateDevice(DriverObject, sizeof(DEVICE_EXTENSION), NULL,
   usbDevice->DeviceType, usbDevice->Characteristics,
   FALSE, &pfltDevice);

   if(!NT_SUCCESS(status))
   {
   ObDereferenceObject(usbDriver);
   KdPrint(("Create fltdevice failed!\n"));
   return status;
   }
   // 附加到上层驱动.
   pLowerDevice = IoAttachDeviceToDeviceStack(pfltDevice, usbDevice);
   if(NULL == pLowerDevice)
   {
   ObDereferenceObject(usbDriver);
   KdPrint(("attach usb device error!\n"));
   IoDeleteDevice(pfltDevice);
   pfltDevice = NULL;
   return STATUS_UNSUCCESSFUL;
   }
   pdx = (PDEVICE_EXTENSION)(pfltDevice->DeviceExtension);
   InitDevExt(pdx, pLowerDevice, pfltDevice, usbDevice); // 这个函数将有用的信息放到device_extension结构中了.
   // 设置属性跟标志位
   pfltDevice->DeviceType = pLowerDevice->DeviceType;
   pfltDevice->Characteristics = pLowerDevice->Characteristics;
   pfltDevice->StackSize = pLowerDevice->StackSize + 1;
   pfltDevice->Flags |= pLowerDevice->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO | DO_POWER_PAGABLE);
   pfltDevice->Flags = pfltDevice->Flags & (~DO_DEVICE_INITIALIZING);

   // 移动到下个设备
   usbDevice = usbDevice->NextDevice;
   }

   ObDereferenceObject(usbDriver);
   KdPrint(("Attach OK!\n"));
   return STATUS_SUCCESS;
}

网上也搜了下,结果没什么收获,
看了下ms的例子,是用wdm写的.attach到低层的驱动.
能过滤到pnp例程.却不能过滤读写?
是不是attach到上层驱动就不可以过滤还是???
搞了一整天,快吐血了.......

喜欢0

zjmszjk 驱动牛犊注册日期2009-09-13 最后登录2009-09-18 粉丝0 关注0 积分8分威望61点贡献值0点好评度0点原创分0分专家分0分加关注写私信	沙发^# 发布于：2009-09-14 00:23 搞了两天,被它搞晕了.快吐血....
	回复(0) 喜欢(0)

guessle 驱动牛犊注册日期2010-02-05 最后登录2011-11-15 粉丝0 关注0 积分16分威望141点贡献值0点好评度0点原创分0分专家分0分加关注写私信	板凳^# 发布于：2010-06-15 15:16 請問有任何的更新嗎?
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册

求助:nt式usb过滤驱动,驱动不能过滤读写,却可以过滤pnp

最新喜欢：