|
阅读:3286回复:2
IRP_MN_QUERY_DIRECTORY时处理FILE_BOTH_DIR_INFORMATION出错,附代码,WinDBG图片,内存数据...昨天做了一个通宵.在遍历PFILE_BOTH_DIR_INFORMATION时,总是出错, 发现NextEntryOffset 的值总是异常。 WDK说这个值在IrpSp->Parameters.QueryDirectory.FileInformationClass 是单个的时候为0 有多个的时候这个值为下一个结构的偏移,那么多个结构时的最后一个是不是为0呢? 现在的问题是,发现这个值在结束时不是0 ? 是不是我得单独处理 IrpSp->Flags & SL_RETURN_SINGLE_ENTRY的这种情况呢? 谢谢。 buf 这个参数是: if (Irp->MdlAddress) pBuffer = MmGetSystemAddressForMdlSafe(Irp->MdlAddress,NormalPagePriority); else pBuffer = Irp->UserBuffer; 传递的:pBuffer PWSTR SfGetFileNameByDirectoryInformation( IN PDEVICE_OBJECT DeviceObject, IN PUNICODE_STRING DirectoryName, IN ULONG FileInformationClass, IN PVOID buf ) { ULONG NewSize = 0; PVOID pBuf = buf; ULONG Offset = *(PULONG)pBuf; UNICODE_STRING FilePath = {0}; WCHAR temp = L'\\'; PFILE_BOTH_DIR_INFORMATION a; PAGED_CODE(); if(!buf || !DirectoryName || !DeviceObject) { return NULL; } do { switch(FileInformationClass) { case FileBothDirectoryInformation: if(!(FILE_ATTRIBUTE_DIRECTORY & ((PFILE_BOTH_DIR_INFORMATION)pBuf)->FileAttributes)) { FilePath.MaximumLength = sizeof(WCHAR); FilePath.MaximumLength += (USHORT)((PFILE_BOTH_DIR_INFORMATION)pBuf)->FileNameLength + DirectoryName->Length + sizeof(WCHAR); FilePath.Buffer = ExAllocatePoolWithTag(PagedPool, FilePath.MaximumLength, SFLT_POOL_TAG); RtlZeroMemory(FilePath.Buffer ,FilePath.MaximumLength); RtlAppendUnicodeStringToString(&FilePath ,DirectoryName); if(DirectoryName->Buffer[(DirectoryName->Length / sizeof(WCHAR))] == L'\\') { RtlAppendUnicodeToString(&FilePath ,&temp); } RtlAppendUnicodeToString(&FilePath ,((PFILE_BOTH_DIR_INFORMATION)pBuf)->FileName); KdPrint(("iCellEDK!SfGetFileNameByDirectoryInformation: %08X,[%08X]Check %ws\t%ws\n",Offset,FilePath.Length ,FilePath.Buffer,((PFILE_BOTH_DIR_INFORMATION)pBuf)->FileName)); ExFreePoolWithTag(FilePath.Buffer ,SFLT_POOL_TAG); } a = pBuf; __asm int 3; Offset = *(PULONG)pBuf; pBuf = ((PUCHAR)pBuf + Offset); break; case FileFullDirectoryInformation: if(((PFILE_FULL_DIR_INFORMATION)pBuf)->FileName == NULL) { return NULL; } if(!(FILE_ATTRIBUTE_DIRECTORY & ((PFILE_FULL_DIR_INFORMATION)pBuf)->FileAttributes)) { } Offset = *(PULONG)pBuf; pBuf = ((PUCHAR)pBuf + Offset); break; case FileDirectoryInformation: if(((PFILE_DIRECTORY_INFORMATION)pBuf)->FileName == NULL) { return NULL; } if(!(FILE_ATTRIBUTE_DIRECTORY & ((PFILE_DIRECTORY_INFORMATION)pBuf)->FileAttributes)) { } Offset = *(PULONG)pBuf; pBuf = ((PUCHAR)pBuf + Offset); break; default: return NULL; break; } }while(Offset); return NULL; } 图片:test.jpg  kd> db 0x171e70 00171e70 78 01 16 00 78 d9 16 00-73 00 65 00 6d 00 62 00 x...x...s.e.m.b. 00171e80 6c 00 79 00 3e 00 0d 00-0a 00 00 00 00 00 00 00 l.y.>........... 00171e90 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 00171ea0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 00171eb0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 00171ec0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 00171ed0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 00171ee0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ kd> db 0x160178 00160178 78 d9 16 00 70 1e 17 00-80 01 16 00 80 01 16 00 x...p........... 00160188 88 01 16 00 88 01 16 00-90 04 17 00 90 04 17 00 ................ 00160198 98 01 16 00 98 01 16 00-a0 01 16 00 a0 01 16 00 ................ 001601a8 a8 01 16 00 a8 01 16 00-d0 17 17 00 d0 17 17 00 ................ 001601b8 b8 01 16 00 b8 01 16 00-c0 01 16 00 c0 01 16 00 ................ 001601c8 c8 01 16 00 c8 01 16 00-d0 01 16 00 d0 01 16 00 ................ 001601d8 d8 01 16 00 d8 01 16 00-e0 01 16 00 e0 01 16 00 ................ 001601e8 e8 01 16 00 e8 01 16 00-f0 01 16 00 f0 01 16 00 ................ |
|
|
沙发#
发布于:2008-07-15 19:44
自己粗心了...
RtlAppendUnicodeToString非常危险.改为了RtlCopyMemory 主要没有判断Irp->IoStatus.Status; |
|
|
板凳#
发布于:2008-09-10 20:42
 呵呵 |
|
