阅读:1132回复:0
我在sfcreate中调用的函数(创建并发送read Irp),出问题了???
我写的创建并发送read Irp,为什么出现黑屏,softice设置断点在我的函数上(SpyBuildMyRWIrp),也没捉到。这怎么调试啊??是不是我的softice的设置少了什么??????
下面是我在sfcreate中调用的函数(创建并发送read Irp) NTSTATUS SpyBuildMyRWIrp( IN PDEVICE_OBJECT olddev, IN PIRP oldirp ) { PIRP irp; PIO_STACK_LOCATION irpsp; PVOID Buffer = NULL; ULONG Length = MARKLEN; LARGE_INTEGER offset; CHAR RWFlag = 1; MY_READ_CONTEXT my_context; NTSTATUS Status = STATUS_SUCCESS; PFILE_OBJECT pFileObject; pFileObject = IoGetCurrentIrpStackLocation(oldirp)->FileObject; Buffer = ExAllocatePoolWithTag(NonPagedPool, 4096, FILESPY_POOL_TAG); if(Buffer == NULL) { return STATUS_INSUFFICIENT_RESOURCES; } //RtlCopyMemory( Buffer, MARKSTRING, MARKLEN); offset.QuadPart = 10; if(RWFlag) irp = IoBuildAsynchronousFsdRequest(IRP_MJ_READ,olddev,Buffer,Length,&offset,NULL); else irp = IoBuildAsynchronousFsdRequest(IRP_MJ_WRITE,olddev,Buffer,Length,&offset,NULL); if(irp == NULL) { return STATUS_INSUFFICIENT_RESOURCES; } irp->Flags = IRP_NOCACHE | IRP_READ_OPERATION; irp->Tail.Overlay.Thread = oldirp->Tail.Overlay.Thread; irp->RequestorMode = KernelMode; irp->Flags = 0x43; // KeInitializeEvent(&my_context.event,NotificationEvent,FALSE); IoSetCompletionRoutine(irp,MyIrpComplete,&my_context,TRUE,TRUE,TRUE); //Buffer是缓冲。在Irp中被用做UserBuffer接收数据。offset是 这次读的偏移量。以上代码构造一个读irp.请注意,此时您还没有设置FileObject.实际上我是这样发出请求的: irpsp = IoGetNextIrpStackLocation(irp); // 关键: FileObject是否只需要设置此元素???如果我的加密标识放在文件尾部,我怎么得倒尾部的offset呢??? irpsp->FileObject = pFileObject;// We need a FileObject to identify the file we are reading //irpsp->FileObject->CurrentByteOffset = offset; irpsp->DeviceObject = olddev; Status = IoCallDriver(olddev,irp); //irp = NULL; if(Status == STATUS_PENDING) KeWaitForSingleObject(&my_context.event,Executive,KernelMode,FALSE,NULL); { ANSI_STRING tempstr; RtlInitAnsiString( &tempstr, "waintech20070708" ); KdPrint(("spy! SpyBuildMyRWIrp iiiiiiiiiiiiiiiiiiiiiiiii: %s", Buffer)); if(!RtlCompareMemory(MARKSTRING , &tempstr, MARKLEN)) { KdPrint(("spy! SpyBuildMyRWIrp jjjjjjjjjjjjjjjjjjjjjjjjj: %s", Buffer)); } } //IoCompleteRequest( irp, IO_NO_INCREMENT ); ExFreePool(Buffer); return STATUS_SUCCESS; } // 再看看MyIrpComplete如何收场: // 一个通用的irp完成函数: static NTSTATUS MyIrpComplete ( PDEVICE_OBJECT dev, PIRP irp, PVOID context) { PFILESPY_DEVICE_EXTENSION DevExt = (PFILESPY_DEVICE_EXTENSION) dev->DeviceExtension; PMY_READ_CONTEXT my_context = (PMY_READ_CONTEXT)context; KeSetEvent(&my_context->event,IO_NO_INCREMENT,FALSE); my_context->Information = irp->IoStatus.Information; my_context->Status = irp->IoStatus.Status; // 释放irp,过程非常复杂 if (irp->MdlAddress) { MmUnmapLockedPages( MmGetSystemAddressForMdl(irp->MdlAddress), irp->MdlAddress); MmUnlockPages(irp->MdlAddress); IoFreeMdl(irp->MdlAddress); } IoFreeIrp(irp); // 返回处理未结束.??? return STATUS_MORE_PROCESSING_REQUIRED; } |
|