0
点赞
收藏
分享

微信扫一扫

IRP取消及StartIO操作

朱小落 2022-04-26 阅读 45
windows
#include <ntddk.h>

// 卸载函数
VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject);

// 派遣函数-常规
NTSTATUS DispatchRoutine(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp);

// 派遣函数-读操作
NTSTATUS DispatchRead(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp);

// 取消函数-读操作
VOID OnCancelRead(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp);

// StartIO函数-读操作
VOID StartIORead(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp);

// 入口函数
NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath)
{
	NTSTATUS status = STATUS_SUCCESS;
	UNICODE_STRING DevName = { 0 };
	UNICODE_STRING DevSymbolicLinkName = { 0 };
	PDEVICE_OBJECT pDevObj = NULL;
	SIZE_T sub = 0;

	KdPrint(("驱动加载函数\n"));
	UNREFERENCED_PARAMETER(pRegistryPath);

	RtlInitUnicodeString(&DevName, L"\\Device\\CancelIrp");
	RtlInitUnicodeString(&DevSymbolicLinkName, L"\\??\\CancelIrp");

	pDriverObject->DriverUnload = DriverUnload;

	// 创建设备对象
	status = IoCreateDevice(pDriverObject,
		0,
		&DevName,
		FILE_DEVICE_UNKNOWN,
		FILE_DEVICE_SECURE_OPEN,
		FALSE,
		&pDevObj);
	if (!NT_SUCCESS(status))
	{
		KdPrint(("创建设备失败\n"));
		return status;
	}

	// 创建符号链接
	status = IoCreateSymbolicLink(&DevSymbolicLinkName, &DevName);
	if (!NT_SUCCESS(status))
	{
		KdPrint(("创建符号链接失败\n"));
		IoDeleteDevice(pDevObj);
		return status;
	}

	for (sub = 0; sub <= IRP_MJ_MAXIMUM_FUNCTION; sub++)
	{
		pDriverObject->MajorFunction[sub] = DispatchRoutine;
	}

	pDriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead;
	pDriverObject->DriverStartIo = StartIORead;

	pDevObj->Flags |= DO_BUFFERED_IO;
	pDevObj->Flags &= ~DO_DEVICE_INITIALIZING;

	return status;
}

// 卸载函数
VOID DriverUnload(IN PDRIVER_OBJECT pDriverObject)
{
	UNICODE_STRING DevSymbolicLinkName = { 0 };
	RtlInitUnicodeString(&DevSymbolicLinkName, L"\\??\\CancelIrp");

	KdPrint(("驱动卸载函数\n"));
	IoDeleteSymbolicLink(&DevSymbolicLinkName);

	if (pDriverObject->DeviceObject != NULL)
	{
		IoDeleteDevice(pDriverObject->DeviceObject);
	}
}

// 派遣函数-常规
NTSTATUS DispatchRoutine(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp)
{
	UNREFERENCED_PARAMETER(pDeviceObject);

	pIrp->IoStatus.Status = STATUS_SUCCESS;
	pIrp->IoStatus.Information = 0;

	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
	return STATUS_SUCCESS;
}

// 派遣函数-读操作
NTSTATUS DispatchRead(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp)
{
	KdPrint(("进入读操作\n"));
	UNREFERENCED_PARAMETER(pDeviceObject);
	
	// IoSetCancelRoutine(pIrp, OnCancelRead);
	IoMarkIrpPending(pIrp);

	IoStartPacket(pDeviceObject, pIrp, NULL, OnCancelRead);

	return STATUS_PENDING;
}

// 取消函数-读操作
VOID OnCancelRead(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp)
{
	KdPrint(("进入取消函数\n"));
	UNREFERENCED_PARAMETER(pDeviceObject);

	pIrp->IoStatus.Status = STATUS_CANCELLED;
	pIrp->IoStatus.Information = 0;
	IoCompleteRequest(pIrp, IO_NO_INCREMENT);
}

// StartIO函数-读操作
VOID StartIORead(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp)
{
	KdPrint(("进入StartIORead\n"));

	LARGE_INTEGER timeout = RtlConvertLongToLargeInteger(-10 * 100 * 1000);
	KeDelayExecutionThread(KernelMode, FALSE, &timeout);

	pIrp->IoStatus.Status = STATUS_SUCCESS;
	pIrp->IoStatus.Information = 0;
	IoCompleteRequest(pIrp, IO_NO_INCREMENT);

	IoStartNextPacket(pDeviceObject, TRUE);
}
举报

相关推荐

取消Irp引起蓝屏(BugCheck:0x18)

windows内核句柄蓝屏ios系统/运维

IRP Hook

堆栈初始化文件系统虚拟化云计算

IRP的同步

异步操作iosico系统/运维

pycharm 取消 rebase 操作

git下拉列表本地存储Java编程语言

[helloFirst] IRP_MJ_CREATE

sedHarmonyOS后端开发

vim搜索及高亮取消

Linux系统高亮命令模式搜索编程语言

axios 请求取消及重发

javascript前端vue.js

checkbox多项选中及取消选中

jquerycheckboxCSShtml自定义Linux系统/运维

angular rxjs subject 取消订阅及解决取消订阅报错问题

angular.js前端angular

【idea 取消单行显示tabs的操作】

intellij-idea
0 条评论