仿写了一个例子，卸载之后出现问题，请大家指点！

楼主^#

更多发布于：2007-10-15 11:28

我看了，防火墙网络封包接获这本书。看到里面有一个关于过滤TCP的驱动，自己也就仿写了一个过滤磁盘的驱动（不知道这样叫是否合理），发现在操作磁盘的时候的确是截获了，但是在卸载之后，在对磁盘操作的时候，PC就会重新启动。
把代码贴出请大家指点：
DishFilter.h
#define DISK_DEVICE_NAME L"\\Device\\HarddiskVolume1"
#define DISK_FILTER_DEVICE_NAME L"\\Device\\FilterPhysicallDevice"

#define DISK_DEV_EXT_ATTACHED (0x00000001)
#define DISK_NODE_TYPE_DISK_FILTER_DEVICE (0xfdecba12)

#define UTIL_IsLargeIntegerZero(ReturnValue,LargeIntergerOp,pSpinLock)\
{\
   KIRQL OldIrql;\
   KeAcquireSpinLock(pSpinLock,&OldIrql);\
   ASSERT(RtlLargeIntegerGreaterOrEqualToZero((LargeIntergerOp)));\
   ReturnValue=RtlLargeIntegerEqualToZero((LargeIntergerOp));\
   KeReleaseSpinLock(pSpinLock,OldIrql);\
}

typedef struct _DISK_FILTER_DeviceExtension
{
   ULONG NodeType;
   ULONG NodeSize;
   PDEVICE_OBJECT pFilterDeviceObject;
   KSPIN_LOCK IoRequestSpinLock;
   KEVENT IoInProgressEvent;
   ULONG DeviceExtensionFlags;
   PDEVICE_OBJECT TargetDeviceObject;
   PFILE_OBJECT TargetFileObject;
   PDEVICE_OBJECT LowerDeviceObject;
   LARGE_INTEGER OutstandingIoRequests;
}DISK_FILTER_DeviceExtension,*PDISK_FILTER_DeviceExtension;

NTSTATUS PacketCompletion(PDEVICE_OBJECT DeviceObject,PIRP Irp,PVOID Context);
NTSTATUS FilterFunction(PDEVICE_OBJECT DeviceObject,
   PIRP Irp
   );
void DISK_Detach(PDEVICE_OBJECT pDeviceObject);
void DriverUnload(PDRIVER_OBJECT DriverObject);
NTSTATUS Disk_InitDeviceExtension(
   PDISK_FILTER_DeviceExtension pDISK_FilterDeviceExtension,
   PDEVICE_OBJECT pFilterDeviceObject,
   PDEVICE_OBJECT pTargetDeviceObject,
   PFILE_OBJECT pTargetFileObject,
   PDEVICE_OBJECT pLowerDeviceObject
   );
NTSTATUS FilterDiskFunc(PDRIVER_OBJECT DriverObject,
   PUNICODE_STRING RegistryPath
   );
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject,
   PUNICODE_STRING RegistryPath
   );
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/*****************************************************************************************************/
DiskFilter.c
#include "ndis.h"
#include "ntddk.h"
#include "tdikrnl.h"
#include "DiskFilter.h"
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject,
   PUNICODE_STRING RegistryPath
   )
{
   NTSTATUS status=0;
   ULONG i=0;
   DbgPrint("******DriverEntry function....\n");
   DriverObject->DriverUnload=DriverUnload;
   for(i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)
   DriverObject->MajorFunction=FilterFunction;
   status=FilterDiskFunc(DriverObject,RegistryPath);

   return status;
}
NTSTATUS FilterDiskFunc(PDRIVER_OBJECT DriverObject,
   PUNICODE_STRING RegistryPath
   )
{
   NTSTATUS status=0;
   UNICODE_STRING uniNameString;
   PDISK_FILTER_DeviceExtension pDISK_FilterDeviceExtension;
   PDEVICE_OBJECT pFilterDeviceObject=NULL;
   PDEVICE_OBJECT pTargetDeviceObject=NULL;
   PDEVICE_OBJECT pLowerDeviceObject=NULL;
   PFILE_OBJECT pTargetFileObject=NULL;

   DbgPrint("******FilterDiskFunc...\n");
   RtlInitUnicodeString(&uniNameString,DISK_DEVICE_NAME);

   status=IoGetDeviceObjectPointer(
   &uniNameString,
   FILE_READ_ATTRIBUTES,
   &pTargetFileObject,
   &pTargetDeviceObject
   );
   if(!NT_SUCCESS(status))
   {
   DbgPrint("FilterDiskFunc : cannot get the DISK Device Object...\n");
   pTargetFileObject=NULL;
   pTargetDeviceObject=NULL;
   return status;
   }

   RtlInitUnicodeString(&uniNameString,DISK_FILTER_DEVICE_NAME);

   status=IoCreateDevice(
   DriverObject,
   sizeof(DISK_FILTER_DeviceExtension),
   &uniNameString,
   pTargetDeviceObject->DeviceType,
   pTargetDeviceObject->Characteristics,
   0,
   &pFilterDeviceObject
   );
   if(!NT_SUCCESS(status))
   {
   DbgPrint("FilterDiskFunc : cannot create the DISK FILTER Device Object...\n");
   ObDereferenceObject(pTargetFileObject);
   pTargetFileObject=NULL;
   pTargetDeviceObject=NULL;
   return status;
   }

   pLowerDeviceObject=IoAttachDeviceToDeviceStack(pFilterDeviceObject,pTargetDeviceObject);
   if(!pLowerDeviceObject)
   {
   DbgPrint("IoAttachDeviceToDeviceStack : cannot attach to DISK Device Object...\n");
   IoDeleteDevice(pFilterDeviceObject);
   pFilterDeviceObject=NULL;
   ObDereferenceObject(pTargetFileObject);
   pTargetFileObject=NULL;
   pTargetDeviceObject=NULL;
   return status;
   }

   pDISK_FilterDeviceExtension=(PDISK_FILTER_DeviceExtension)(pFilterDeviceObject->DeviceExtension);

   Disk_InitDeviceExtension(
   pDISK_FilterDeviceExtension,
   pFilterDeviceObject,
   pTargetDeviceObject,
   pTargetFileObject,
   pLowerDeviceObject
   );
   pFilterDeviceObject->Flags|=pTargetDeviceObject->Flags&(DO_BUFFERED_IO|DO_DIRECT_IO);
   return status;
}
NTSTATUS Disk_InitDeviceExtension(PDISK_FILTER_DeviceExtension pDISK_FilterDeviceExtension,
   PDEVICE_OBJECT pFilterDeviceObject,
   PDEVICE_OBJECT pTargetDeviceObject,
   PFILE_OBJECT pTargetFileObject,
   PDEVICE_OBJECT pLowerDeviceObject
   )
{
   NdisZeroMemory(pDISK_FilterDeviceExtension,sizeof(DISK_FILTER_DeviceExtension));
   pDISK_FilterDeviceExtension->NodeType=DISK_NODE_TYPE_DISK_FILTER_DEVICE;
   pDISK_FilterDeviceExtension->NodeSize=sizeof(DISK_FILTER_DeviceExtension);
   pDISK_FilterDeviceExtension->pFilterDeviceObject=pFilterDeviceObject;
   KeInitializeSpinLock(&(pDISK_FilterDeviceExtension->IoRequestSpinLock));
   KeInitializeEvent(&(pDISK_FilterDeviceExtension->IoInProgressEvent),NotificationEvent,0);
   pDISK_FilterDeviceExtension->TargetDeviceObject=pTargetDeviceObject;
   pDISK_FilterDeviceExtension->TargetFileObject=pTargetFileObject;
   pDISK_FilterDeviceExtension->LowerDeviceObject=pLowerDeviceObject;
   pDISK_FilterDeviceExtension->DeviceExtensionFlags|=DISK_DEV_EXT_ATTACHED;

   return(STATUS_SUCCESS);
}
void DriverUnload(PDRIVER_OBJECT DriverObject)
{
   PDEVICE_OBJECT DeviceObject;
   PDEVICE_OBJECT OldDeviceObject;
   PDISK_FILTER_DeviceExtension pDISK_Filter_DeviceExtension;

   DbgPrint("*****DriverUnload fun....\n");
   DeviceObject=DriverObject->DeviceObject;
   while(DeviceObject!=NULL)
   {
   OldDeviceObject=DeviceObject;
   pDISK_Filter_DeviceExtension=(PDISK_FILTER_DeviceExtension)DeviceObject->DeviceExtension;
   if(pDISK_Filter_DeviceExtension->NodeType==DISK_NODE_TYPE_DISK_FILTER_DEVICE)
   DISK_Detach(DeviceObject);
   else
   IoDeleteDevice(OldDeviceObject);
   DeviceObject=DeviceObject->NextDevice;
   }
}
void DISK_Detach(PDEVICE_OBJECT pDeviceObject)
{
   PDISK_FILTER_DeviceExtension pDISK_Filter_DeviceExtension;
   BOOLEAN NoRequestOutstanding=0;

   pDISK_Filter_DeviceExtension=(PDISK_FILTER_DeviceExtension)pDeviceObject->DeviceExtension;
   try
   {
   try
   {
   while(1)
   {
   UTIL_IsLargeIntegerZero(NoRequestOutstanding,pDISK_Filter_DeviceExtension->OutstandingIoRequests,\
   &(pDISK_Filter_DeviceExtension->IoRequestSpinLock));
   if(!NoRequestOutstanding)
   KeWaitForSingleObject((void*)(&(pDISK_Filter_DeviceExtension->IoInProgressEvent)),Executive,KernelMode,0,\
   NULL);
   else
   break;
   }
   if(pDISK_Filter_DeviceExtension->DeviceExtensionFlags&DISK_DEV_EXT_ATTACHED)
   {
   IoDeleteDevice(pDISK_Filter_DeviceExtension->TargetDeviceObject);
   pDISK_Filter_DeviceExtension->DeviceExtensionFlags&=~(DISK_DEV_EXT_ATTACHED);

   }
   pDISK_Filter_DeviceExtension->NodeType=0;
   pDISK_Filter_DeviceExtension->NodeSize=0;

   if(pDISK_Filter_DeviceExtension->TargetFileObject)
   ObDereferenceObject(pDISK_Filter_DeviceExtension->TargetFileObject);
   pDISK_Filter_DeviceExtension->TargetFileObject=NULL;
   IoDeleteDevice(pDeviceObject);
   DbgPrint("DISK_Detach is finished...\n");
   }
   except(EXCEPTION_EXECUTE_HANDLER){}
   }
   finally{}
   return;
}
NTSTATUS FilterFunction(PDEVICE_OBJECT DeviceObject,
   PIRP Irp
   )
{
   NTSTATUS status=STATUS_SUCCESS;
   PDISK_FILTER_DeviceExtension pDISK_Filter_DeviceExtension;
   PIO_STACK_LOCATION IrpStack;
   PIO_STACK_LOCATION NextIrpStack;
   pDISK_Filter_DeviceExtension=(PDISK_FILTER_DeviceExtension)(DeviceObject->DeviceExtension);
   IrpStack=IoGetCurrentIrpStackLocation(Irp);
   switch(IrpStack->MajorFunction)
   {
   default:
   DbgPrint("***********FilterFunction......\n");
   break;
   }
   if(Irp->CurrentLocation==1)
   {
   ULONG ReturnedInformation=0;
   DbgPrint("PacketDispatch encounterd bogus current location...\n");
   status=STATUS_INVALID_DEVICE_REQUEST;
   Irp->IoStatus.Status=status;
   Irp->IoStatus.Information=ReturnedInformation;
   IoCompleteRequest(Irp,IO_NO_INCREMENT);
   return status;
   }
   NextIrpStack=IoGetNextIrpStackLocation(Irp);
   *NextIrpStack=*IrpStack;
   IoSetCompletionRoutine(Irp,PacketCompletion,NULL,1,1,1);
   return IoCallDriver(pDISK_Filter_DeviceExtension->LowerDeviceObject,Irp);
}

NTSTATUS PacketCompletion(PDEVICE_OBJECT DeviceObject,PIRP Irp,PVOID Context)
{
   if(Irp->PendingReturned)
   IoMarkIrpPending(Irp);

   return STATUS_SUCCESS;
}

喜欢0

发帖回复

« 返回列表

您需要登录后才可以回帖，登录或者注册

返回顶部

仿写了一个例子 ，卸载之后出现问题 ，请大家指点！

最新喜欢：

仿写了一个例子，卸载之后出现问题，请大家指点！