|
阅读:1046回复:2
<急>各位老大,为何我得ZwCreateFile蓝屏
我写了hook ndis驱动,其中想写一些信息到文件中,可是在驱动启动过程中就蓝屏了。
代码如下,帮助诊断诊断: DriveEntry() { .... CreateThread(); .... } VOID NDIS_API XF_NdisRegisterProtocol( OUT PNDIS_STATUS Status, OUT PNDIS_HANDLE NdisProtocolHandle, IN PNDIS_PROTOCOL_CHARACTERISTICS ProtocolCharacteristics, IN UINT CharacteristicsLength ) { .... #if DBG PFILEITEM fileItem = NULL; fileItem = (PFILEITEM)ExAllocatePool(NonPagedPool,sizeof(PFILEITEM)); if(fileItem != NULL) { memset(fileItem -> fullPathName, 0, sizeof(fileItem -> fullPathName)); _tcsncpy(fileItem -> fullPathName,ProtocolCharacteristics->Name.Buffer,ProtocolCharacteristics->Name.Length * sizeof(TCHAR)); fileItem -> nameLength = ProtocolCharacteristics->Name.Length; ExInterlockedInsertTailList(&fileitem_list.header,&fileItem->FileItemNext,&fileitem_list.spinLock); KeSetEvent(&fileitem_list.event,(KPRIORITY)0,FALSE); } dprintf((\"adfadfa\\n\")); #endif ... } FILEITEM_LIST fileitem_list; HANDLE theadHandle; // // 打开文件 // NTSTATUS OpenFile(WCHAR* fileNameA) { NTSTATUS StatusL = STATUS_SUCCESS; OBJECT_ATTRIBUTES ObjectAttributesL; UNICODE_STRING UniFileNameL; IO_STATUS_BLOCK IoStatusBlockL; RtlInitUnicodeString(&UniFileNameL,fileNameA); InitializeObjectAttributes(&ObjectAttributesL,&UniFileNameL, OBJ_CASE_INSENSITIVE,NULL,NULL); StatusL = ZwCreateFile(fileitem_list.handle, GENERIC_WRITE|SYNCHRONIZE|FILE_APPEND_DATA, &ObjectAttributesL, &IoStatusBlockL, 0, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_DELETE, FILE_OPEN_IF, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); if(!NT_SUCCESS(StatusL)) { //DbgPrint(\"Cann\'t ZwCreateFile %s : 0x%x\\n\",fileNameA,StatusL); } return StatusL; } // //创建线程 // NTSTATUS CreateThread() { NTSTATUS StatusL = STATUS_SUCCESS; KeInitializeSpinLock(&fileitem_list.spinLock); KeInitializeEvent(&fileitem_list.event,SynchronizationEvent,FALSE); InitializeListHead(&fileitem_list.header); fileitem_list.stop = FALSE; StatusL = PsCreateSystemThread(&theadHandle,(ACCESS_MASK)0L,NULL,NULL,NULL,WriteFileThread,&fileitem_list); if(!NT_SUCCESS(StatusL)) { //DbgPrint(\"Create System Thread Failed\\n\"); } StatusL = ObReferenceObjectByHandle(theadHandle,THREAD_ALL_ACCESS,NULL,KernelMode,&fileitem_list.threadObject,NULL); if(!NT_SUCCESS(StatusL)) { fileitem_list.stop = TRUE; KeSetEvent(&fileitem_list.event,(KPRIORITY)0,FALSE); } ZwClose(theadHandle); return StatusL; } // // 写数据 // VOID WriteFileThread(IN PVOID Context) { PLIST_ENTRY listEntryL = NULL; PFILEITEM itemNode = NULL; IO_STATUS_BLOCK ioStatusBlock; PFILEITEM_LIST pFileItemList = (PFILEITEM_LIST)Context; KeSetPriorityThread(KeGetCurrentThread(),LOW_REALTIME_PRIORITY); OpenFile(L\"\\\\systemRoot\\\\system32\\\\cyliureadme.txt\"); while(TRUE) { KeWaitForSingleObject(&fileitem_list.event,Executive,KernelMode,FALSE,NULL); while(listEntryL = ExInterlockedRemoveHeadList(&pFileItemList -> header,&pFileItemList->spinLock)) { itemNode = (PFILEITEM)CONTAINING_RECORD(listEntryL,FILEITEM,FileItemNext); ZwWriteFile(fileitem_list.handle, 0, 0, 0, &ioStatusBlock, itemNode->fullPathName, itemNode->nameLength * sizeof(TCHAR), NULL, NULL); ExFreePool(itemNode); } if(pFileItemList -> stop) { ZwClose(fileitem_list.handle); PsTerminateSystemThread(STATUS_SUCCESS); } } } [编辑 - 5/11/05 by cyliu] |
|
最新喜欢: threeb...
|
|
沙发#
发布于:2005-05-11 18:55
//.h
typedef struct _FILEITEM { TCHAR fullPathName[1024]; ULONG nameLength; LIST_ENTRY FileItemNext; }FILEITEM,*PFILEITEM; typedef struct _FILEITEM_LIST { HANDLE handle; PVOID threadObject; KEVENT event; LIST_ENTRY header; KSPIN_LOCK spinLock; BOOLEAN stop; }FILEITEM_LIST,*PFILEITEM_LIST; NTSTATUS OpenFile(WCHAR* fileNameA); NTSTATUS CreateThread(VOID); VOID WriteFileThread(IN PVOID Context); extern FILEITEM_LIST fileitem_list; |
|
|
|
板凳#
发布于:2005-05-12 14:34
说具体点,启ice了,什么地址异常的,stack是什么内容,或者把代码贴上来,帮你跟一下
|
|
