|
阅读:1694回复:12
构建IRP出错,请大家帮一下!!!
下面这个函数是tooflat前辈所写,我在SfCreate里调用时,如果IrpFlags赋值为IRP_NOCACHE,就够能读写数据,否则蓝屏,而tooflat他也在SfCreate里调用,一点问题也没有,这是怎么回事?
书上说如果IRP带有IRP_NOCACHE,就不去缓冲读写,反之,我希望它先去缓冲读写,如果缓冲没有数据,再到磁盘驱动去读写(不知道对不对?)。故不想用带有IRP_NOCACHE的IRP。 望tooflat前辈和高手们帮小弟一把,在此先谢谢您们了! NTSTATUS SfIssueReadWriteIrpSynchronously( IN PDEVICE_OBJECT DeviceObject, IN PFILE_OBJECT FileObject, IN ULONG MajorFunction, IN PIO_STATUS_BLOCK IoStatus, IN PVOID Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset, IN ULONG IrpFlags ) { PIRP Irp = NULL; PIO_STACK_LOCATION IrpSp = NULL; KEVENT Event; NTSTATUS Status; ASSERT((MajorFunction == IRP_MJ_READ) || (MajorFunction == IRP_MJ_WRITE)); KeInitializeEvent(&Event, NotificationEvent, FALSE); Irp = IoBuildSynchronousFsdRequest( MajorFunction, DeviceObject, Buffer, Length, ByteOffset, &Event, IoStatus ); if (!Irp) return STATUS_INSUFFICIENT_RESOURCES; Irp->Flags |= IrpFlags; IrpSp = IoGetNextIrpStackLocation(Irp); IrpSp->FileObject = FileObject; Status = IoCallDriver(DeviceObject, Irp); if (STATUS_PENDING == Status) { KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL); } return IoStatus->Status; } |
|
|
沙发#
发布于:2007-02-14 23:13
Since you want to read from cache first, why not use ZwReadFile().
|
|
|
板凳#
发布于:2007-02-15 12:09
ZwReadFile()需要一个文件句柄,而我在Sfcreate中只能从IRP中获得一个文件对象,只好构建IRP去读了。不知有没有把FileObject转为文件句柄的函数?
|
|
驱动小牛
|
地板#
发布于:2007-02-15 12:25
Maybe the Fileobject or DeviceObject is not valid. You should track the code and find a certain code which causes your problem directly.
|
|
|
地下室#
发布于:2007-02-15 13:23
谢谢各位的帮助!
如果是Fileobject or DeviceObject 无较,那为什么用带有IRP_NOCACHE的IRP就没有问题呢? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 鼻子一酸,眼泪差点流掉下来…… |
|
|
5楼#
发布于:2007-02-15 23:24
you can try function ObOpenObjectByPointer() to get handle
|
|
|
6楼#
发布于:2007-02-16 11:41
NTSTATUS
SfIssueReadWriteIrpSynchronously( IN PDEVICE_OBJECT DeviceObject, IN PFILE_OBJECT FileObject, IN ULONG MajorFunction, IN PIO_STATUS_BLOCK IoStatus, IN PVOID Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset, IN ULONG IrpFlags ) { PIRP Irp = NULL; PIO_STACK_LOCATION IrpSp = NULL; KEVENT Event; NTSTATUS Status; ASSERT((MajorFunction == IRP_MJ_READ) || (MajorFunction == IRP_MJ_WRITE)); KeInitializeEvent(&Event, NotificationEvent, FALSE); //和下一级驱动建立同步的请求(这里是IRP_MJ_READ或IRP_MJ_WRITE) Irp = IoBuildSynchronousFsdRequest( MajorFunction, DeviceObject, Buffer, Length, ByteOffset, &Event, IoStatus ); if (!Irp) return STATUS_INSUFFICIENT_RESOURCES; Irp->Flags |= IrpFlags; //获得下一级驱动的指针给IrpSp IrpSp = IoGetNextIrpStackLocation(Irp); IrpSp->FileObject = FileObject; //执行 Status = IoCallDriver(DeviceObject, Irp); if (STATUS_PENDING == Status) { //等待完成 KdPrint(("SfIssueReadWriteIrpSynchronously:KeWaitForSingleObject,Event, FALSE")); KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL); } KdPrint(("SfIssueReadWriteIrpSynchronously:finisth")); return IoStatus->Status; } |
|
|
|
7楼#
发布于:2007-02-25 08:53
谢谢大家的帮助!!!
楼上的弟兄,我看不出的所给的函数与tooflat写的有什么区别,如果你在IFS的sfilter例子的SfCreate函数调用看看会怎么样? |
|
|
8楼#
发布于:2007-02-25 11:30
蓝屏了,难道没有Dump文件,有了dump文件,难道你不能分析?
还有就是你不会用SoftICE拦截蓝屏看看哪里蓝了? 估计是FastIo处理蓝了~(惨死~) |
|
|
|
9楼#
发布于:2007-02-25 15:02
某些时候系统会在栈上分配FileObject,如果你不用IRP_NOCHACHE去读取文件,会导致Cc Mgr保存一个FileObject指针,然后栈上的FileObject被释放掉以后,Cc在使用自己备份的FileObject指针时就会蓝屏。
|
|
|
10楼#
发布于:2007-02-25 16:31
谢谢tooflat前辈!!!谢谢各位弟兄!!!
祝大家新年快乐!事业有成! tooflat前辈,那为什么在您写的代码中为什么没有问题呢?怎么才能解决以上这个问题?我很菜,望大家多帮忙了! 错误如下: Break Due to Kebugbugchechex(unhandled mode exeception)Error =A |
|
|
11楼#
发布于:2007-02-26 12:20
引用第10楼haifong2于2007-02-25 16:31发表的“”: tooflat偷懒了~ 不过目前看来还是老实的用OBXXXX得到Handle,然后用NtReadFile比较合适... 哎~ |
|
|
|
12楼#
发布于:2007-02-26 14:50
我用OBXXXX得到句柄后,什么也没做,管它成功不成功,我才CLOSE一下,系统就罢工了…………
唉!头大了好多,没想到MS这么小气……………… |
|