|
阅读:3231回复:12
调试过sfilter的路过请看
请教大家一个问题,调试sfilter的时候是不是出现的错误一个接着一个?为什么我解决了一个错误,又紧接着会出现另一错误呢?
 不知道是环境没搭对还是sfilter本身的错误?大家调试的时候是什么情况呢? |
|
|
沙发#
发布于:2011-03-09 22:47
把错误贴上来看看,估计是环境配置不对。
|
|
禁止发言
|
板凳#
发布于:2011-03-10 14:39
用户被禁言,该主题自动屏蔽! |
|
地板#
发布于:2011-03-10 16:06
好,把windbg里面错误的截图发上来,如下所示:
 其中SfCreate函数的代码如下: NTSTATUS SfCreate( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { PSFILTER_DEVICE_EXTENSION DevExt = (PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension; PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp); PFILE_OBJECT FileObject = IrpSp->FileObject; PFILE_OBJECT RelatedFileObject = FileObject->RelatedFileObject; PWSTR FileName = NULL; PFILE_CONTEXT FileCtxPtr = NULL; BOOLEAN DeleteOnClose = (BOOLEAN) (IrpSp->Parameters.Create.Options & FILE_DELETE_ON_CLOSE); BOOLEAN IsEncryptFlagExist = FALSE; BOOLEAN IsNeedEncrypt = FALSE; NTSTATUS Status = STATUS_SUCCESS; NTSTATUS LocalStatus = STATUS_SUCCESS; PAGED_CODE(); // // If this is for our control device object, don't allow it to be opened. // if (IS_MY_CONTROL_DEVICE_OBJECT(DeviceObject)) { // // Sfilter doesn't allow for any communication through its control // device object, therefore it fails all requests to open a handle // to its control device object. // // See the FileSpy sample for an example of how to allow creates to // the filter's control device object and manage communication via // that handle. // Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST; Irp->IoStatus.Information = 0; IoCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_INVALID_DEVICE_REQUEST; } ASSERT(IS_MY_DEVICE_OBJECT(DeviceObject)); // // We only care about volume filter device object // if (!DevExt->StorageStackDeviceObject) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } if (DevExt->DriveLetter == L'\0') { UNICODE_STRING DosName; Status = SfVolumeDeviceNameToDosName(&DevExt->DeviceName, &DosName); if (NT_SUCCESS(Status)) { DevExt->DriveLetter = DosName.Buffer[0]; ExFreePool(DosName.Buffer); if ((DevExt->DriveLetter >= L'a') && (DevExt->DriveLetter <= L'z')) DevExt->DriveLetter += L'A' - L'a'; } else KdPrint(("sfilter!SfCreate: SfVolumeDeviceNameToDosName(%x) failed(%x)\n", DevExt->StorageStackDeviceObject, Status)); } // // Open Volume Device directly // if ((FileObject->FileName.Length == 0) && !RelatedFileObject) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } #if DBG if (DevExt->DriveLetter != DEBUG_VOLUME) { IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } #endif do { // // If the file is opened by id, then we can't get file name directly, // But if this case happened, the FsContext must be in GenericTable already. // So we just update the RefCount, that's enough // if (!(IrpSp->Parameters.Create.Options & FILE_OPEN_BY_FILE_ID)) { FileName = ExAllocateFromPagedLookasideList(&gFileNameLookAsideList); if (!FileName) { KdPrint(("sfilter!SfCreate: ExAllocatePoolWithTag failed\n")); Status = STATUS_INSUFFICIENT_RESOURCES; break; } if (!SfDissectFileName(DeviceObject, Irp, FileName)) { KdPrint(("sfilter!SfCreate: SfDissectFileName failed\n")); Status = STATUS_INVALID_PARAMETER; break; } if (wcslen(FileName) >= SF_ENCRYPT_POSTFIX_LENGTH) { if (_wcsnicmp(&FileName[wcslen(FileName) - SF_ENCRYPT_POSTFIX_LENGTH], SF_ENCRYPT_POSTFIX, SF_ENCRYPT_POSTFIX_LENGTH) == 0) { // // We deny all create request to our encrypt falg file except kernel mode // if (KernelMode == Irp->RequestorMode) { ExFreeToPagedLookasideList(&gFileNameLookAsideList, FileName); IoSkipCurrentIrpStackLocation(Irp); return IoCallDriver(DevExt->AttachedToDeviceObject, Irp); } else { Status = STATUS_SUCCESS; break; } } } } FileCtxPtr = ExAllocatePoolWithTag(PagedPool, sizeof(FILE_CONTEXT), SFLT_POOL_TAG); if (FileCtxPtr == NULL) { Status = STATUS_INSUFFICIENT_RESOURCES; break; } Status = SfForwardIrpSyncronously(DevExt->AttachedToDeviceObject, Irp); if (NT_SUCCESS(Status) && (STATUS_REPARSE != Status) && SfIsObjectFile(FileObject)) { PFILE_CONTEXT FileCtxPtr2 = NULL; BOOLEAN NewElement = FALSE; FileCtxPtr->FsContext = FileObject->FsContext; ExAcquireFastMutex(&DevExt->FsCtxTableMutex); FileCtxPtr2 = RtlLookupElementGenericTable(&DevExt->FsCtxTable, FileCtxPtr); if (FileCtxPtr2) ++FileCtxPtr2->RefCount; else { FileCtxPtr2 = RtlInsertElementGenericTable( &DevExt->FsCtxTable, FileCtxPtr, sizeof(FILE_CONTEXT), &NewElement ); FileCtxPtr2->RefCount = 1; ASSERT(FileName); wcscpy(FileCtxPtr2->Name, FileName); KeInitializeEvent(&FileCtxPtr2->Event, SynchronizationEvent, TRUE); } FileCtxPtr2->DeleteOnClose = DeleteOnClose; ExReleaseFastMutex(&DevExt->FsCtxTableMutex); IsEncryptFlagExist = FALSE; IsNeedEncrypt = FALSE; LocalStatus = STATUS_SUCCESS; KdPrint(("sfilter!SfCreate: FileName = %ws\n", FileCtxPtr2->Name)); // // we need handle file synchronously // KeWaitForSingleObject(&FileCtxPtr2->Event, Executive, KernelMode, FALSE, NULL); LocalStatus = SfIsEncryptFlagExist(DeviceObject, FileCtxPtr2->Name, &IsEncryptFlagExist, FileCtxPtr2->EncryptExtData, sizeof(FileCtxPtr2->EncryptExtData)); if (!NT_SUCCESS(LocalStatus)) KdPrint(("sfilter!SfPostCreateWorker: SfIsEncryptFlagExist failed, return %x\n", LocalStatus)); LocalStatus = SfIsFileNeedEncrypt(DeviceObject, FileCtxPtr2->Name, &IsNeedEncrypt); if (!NT_SUCCESS(LocalStatus)) KdPrint(("sfilter!SfPostCreateWorker: SfIsFileNeedEncrypt failed, return %x\n", LocalStatus)); FileCtxPtr2->EncryptFlagExist = IsEncryptFlagExist; FileCtxPtr2->NeedEncrypt = IsNeedEncrypt; KdPrint(("sfilter!SfCreate: IsEncryptFlagExist = %d, IsNeedEncrypt = %d, NewElement = %d\n", IsEncryptFlagExist, IsNeedEncrypt, NewElement)); if (NewElement && ((!IsNeedEncrypt && IsEncryptFlagExist) || (IsNeedEncrypt && !IsEncryptFlagExist))) { if (!IsNeedEncrypt && IsEncryptFlagExist) { if (NewElement) FileCtxPtr2->DecryptOnRead = TRUE; FileCtxPtr2->EncryptOnWrite = FALSE; KdPrint(("sfilter!SfPostCreateWorker: Decrypt %ws\n", FileCtxPtr2->Name)); LocalStatus = SfUpdateFileByFileObject(DeviceObject, FileObject); if (NT_SUCCESS(LocalStatus)) { FileCtxPtr2->DecryptOnRead = FALSE; FileCtxPtr2->EncryptOnWrite = FALSE; LocalStatus = SfSetFileEncrypted(DeviceObject, FileCtxPtr2->Name, FALSE, NULL, 0); if (NT_SUCCESS(LocalStatus)) FileCtxPtr2->EncryptFlagExist = FALSE; else KdPrint(("sfilter!SfPostCreateWorker: SfSetFileEncrypted(%ws, FALSE) failed, return %x\n", FileCtxPtr2->Name, LocalStatus)); } else { KdPrint(("sfilter!SfPostCreateWorker: SfUpdateFileByFileObject failed, return %x\n", LocalStatus)); FileCtxPtr2->DecryptOnRead = TRUE; FileCtxPtr2->EncryptOnWrite = TRUE; } } else { if (NewElement) FileCtxPtr2->DecryptOnRead = FALSE; FileCtxPtr2->EncryptOnWrite = TRUE; KdPrint(("sfilter!SfPostCreateWorker: Encrypt %ws\n", FileCtxPtr2->Name)); LocalStatus = SfUpdateFileByFileObject(DeviceObject, FileObject); if (NT_SUCCESS(LocalStatus)) { FileCtxPtr2->DecryptOnRead = TRUE; FileCtxPtr2->EncryptOnWrite = TRUE; LocalStatus = SfSetFileEncrypted(DeviceObject, FileCtxPtr2->Name, TRUE, FileCtxPtr2->EncryptExtData, sizeof(FileCtxPtr2->EncryptExtData)); if (NT_SUCCESS(LocalStatus)) FileCtxPtr2->EncryptFlagExist = TRUE; else KdPrint(("sfilter!SfPostCreateWorker: SfSetFileEncrypted(%ws, TRUE) failed, return %x\n", FileCtxPtr2->Name, LocalStatus)); } else { KdPrint(("sfilter!SfPostCreateWorker: SfUpdateFileByFileObject failed, return %x\n", LocalStatus)); FileCtxPtr2->DecryptOnRead = FALSE; FileCtxPtr2->EncryptOnWrite = FALSE; } } } else { if (FileCtxPtr2->NeedEncrypt) { FileCtxPtr2->DecryptOnRead = TRUE; FileCtxPtr2->EncryptOnWrite = TRUE; if (!FileCtxPtr2->EncryptFlagExist) { LocalStatus = SfSetFileEncrypted(DeviceObject, FileCtxPtr2->Name, TRUE, FileCtxPtr2->EncryptExtData, sizeof(FileCtxPtr2->EncryptExtData)); if (NT_SUCCESS(LocalStatus)) FileCtxPtr2->EncryptFlagExist = TRUE; else KdPrint(("sfilter!SfPostCreateWorker: SfSetFileEncrypted(%ws, TRUE) failed, return %x\n", FileCtxPtr2->Name, LocalStatus)); } } else { FileCtxPtr2->DecryptOnRead = FALSE; FileCtxPtr2->EncryptOnWrite = FALSE; if (FileCtxPtr2->EncryptFlagExist) { LocalStatus = SfSetFileEncrypted(DeviceObject, FileCtxPtr2->Name, FALSE, NULL, 0); if (NT_SUCCESS(LocalStatus)) FileCtxPtr2->EncryptFlagExist = FALSE; else KdPrint(("sfilter!SfPostCreateWorker: SfSetFileEncrypted(%ws, TRUE) failed, return %x\n", FileCtxPtr2->Name, LocalStatus)); } } } KeSetEvent(&FileCtxPtr2->Event, IO_NO_INCREMENT, FALSE); } } while (FALSE); if (FileName) ExFreeToPagedLookasideList(&gFileNameLookAsideList, FileName); if (FileCtxPtr) ExFreePool(FileCtxPtr); Irp->IoStatus.Status = Status; IoCompleteRequest(Irp, IO_NO_INCREMENT); return Status; } |
|
|
地下室#
发布于:2011-03-10 16:08
SfCreate函数的代码有点长,本人菜鸟一个,看不懂什么意思。。。
|
|
|
5楼#
发布于:2011-03-10 21:58
网络有楚狂人的文件驱动PDF版本 也可以看看寒江独钓 对SFILTER调试原理讲的很清楚了
|
|
|
6楼#
发布于:2011-03-11 10:52
回 5楼(catface) 的帖子
原理是清楚,代码没看懂。。。调试总是有问题 |
|
|
禁止发言
|
7楼#
发布于:2011-03-11 16:57
用户被禁言,该主题自动屏蔽! |
|
8楼#
发布于:2011-03-13 20:57
回 7楼(wanghui219) 的帖子
是的,不知道调试怎么会有这个错误? |
|
|
9楼#
发布于:2011-03-16 14:25
还是从ifs例子调试开始吧,不然寸步难行。我也是刚刚学
|
|
|
10楼#
发布于:2011-03-16 14:55
回 9楼(molige) 的帖子
对,现在就是有种寸步难行的感觉 |
|
|
11楼#
发布于:2011-03-19 11:16
So what is the device name when this error occurred?
Probably you encountered a device without DOS name or more precisely a device without symbolic link. |
|
|
12楼#
发布于:2011-03-20 08:37
回 11楼(michaelgz) 的帖子
嚯!O(∩_∩)O谢谢,句子差点没读懂。。嘿嘿 |
|