IoGetDeviceObjectPointer 获取对象失败,没有权限。

梦是多么的重要 2015-01-17 10:59:07


IRP_MJ_READ的派遣函数中调用该函数总是失败,返回代码是:#define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)

换了个方法:ObreferecnByName 返回的代码呢是: #define STATUS_OBJECT_TYPE_MISMATCH ((NTSTATUS)0xC0000024L)

然而在初始化创建驱动设备的时候是可以的:



以下是所有代码:
...全文
919 7 打赏 收藏 转发到动态 举报
写回复
用AI写文章
7 条回复
切换为时间正序
请发表友善的回复…
发表回复
走在四季 2016-01-12
  • 打赏
  • 举报
 回复
好厉害,表示完全看不懂。。
赵4老师 2015-03-07
  • 打赏
  • 举报
 回复
extern POBJECT_TYPE *IoDeviceObjectType;
赵4老师 2015-03-07
  • 打赏
  • 举报
 回复
传参的时候 &DeviceObject
梦是多么的重要 2015-01-21
  • 打赏
  • 举报
 回复
引用 3 楼 Huntercao 的回复:
在OperatoeDevice中,IoGetDeviceObjectPointer函数的第二个参数设置成FILE_READ_DATA看看。 不要用FILE_ALL_ACCESS。
谢谢,我后来改了声明,在未归档函数 “ObReferenceObjectByName”的第5个参数? 就设备类型那个: PIO_OBJECT_TYPE IoDeviceObjectType修改为 PIO_OBJECT_TYPE *IoDeviceObjectType二级指针 传参的时候 *DeviceObject即可, 一个一级指针,一个二级指针。。。但是二级指针还是解引用成了一级指针,这是因为声明错误导致的调用错误码? 这样传参不一样的吗? 我很纳闷,
曹大夯 2015-01-19
  • 打赏
  • 举报
 回复
在OperatoeDevice中,IoGetDeviceObjectPointer函数的第二个参数设置成FILE_READ_DATA看看。 不要用FILE_ALL_ACCESS。
梦是多么的重要 2015-01-17
  • 打赏
  • 举报
 回复 

/**********************.c*********************/
#include "..\Include\inc.h"

NTSTATUS CreateDevice(PDRIVER_OBJECT pDriverObject);
NTSTATUS OperatoeDevice(PDEVICE_OBJECT pDrviceObject,PIRP pIrp);
NTSTATUS IoCompleteRoutine(PDEVICE_OBJECT pDeviceObject,PIRP pIrp, PVOID Context);
NTSTATUS CreateIrpRoutine(PDEVICE_OBJECT pDeviceObjec,PIRP pIrp);
NTSTATUS CloseDeviceIrpRoutine(PDEVICE_OBJECT pDevcieObject,PIRP pIrp);

#pragma  INITCODE
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,PUNICODE_STRING pRegistryPath)
{
	NTSTATUS status = STATUS_SUCCESS;

	int i =0;
	Print("start DriverEntry Device B\n");
	for (i;i<ArraySize(pDriverObject->MajorFunction);i++)
	{
		pDriverObject->MajorFunction[i] = CloseDeviceIrpRoutine;
	}
	pDriverObject->MajorFunction[IRP_MJ_READ] = OperatoeDevice;
	pDriverObject->MajorFunction[IRP_MJ_CREATE] = CloseDeviceIrpRoutine;
	pDriverObject->MajorFunction[IRP_MJ_CLOSE]= CloseDeviceIrpRoutine;
	pDriverObject->DriverUnload = UnInstallDriver;

	status = CreateDevice(pDriverObject);
	if (!NT_SUCCESS(status))
	{
		Print("Create Device Failed\n");
		return status;
	}
	return STATUS_SUCCESS;
}

#pragma  INITCODE
NTSTATUS CreateDevice(PDRIVER_OBJECT pDriverObject)
{
	NTSTATUS status = STATUS_SUCCESS;
	UNICODE_STRING pDevName;
	PDEVICE_OBJECT pdev;
	PDEVICE_EXTENSION pDevExt;
	PDEVICE_OBJECT DEVICEOBJECT;
	PFILE_OBJECT FileObject;
	PDEVICE_OBJECT pTarget;
    UNICODE_STRING TargetDeviceName;

	Print("Starup Driver B \n");
	RtlInitUnicodeString(&pDevName,L"\\Device\\MyDeviceName");
	RtlInitUnicodeString(&TargetDeviceName,L"\\Device\\MoonDeviceA");
	status = IoCreateDevice(pDriverObject,sizeof(DEVICE_EXTENSION),&pDevName,FILE_DEVICE_UNKNOWN,0,TRUE,&pdev);
	if (!NT_SUCCESS(status))
	{
		Print("Create Device B failed\n");
		return status;
	}
	pDevExt = (PDEVICE_EXTENSION)pdev->DeviceExtension;
	pDevExt->devName = pDevName;
	pdev->Flags |=DO_DIRECT_IO;
	pDevExt->pdv = pdev;
	KdPrint(("Create DeviceB Successful\n"));
	status = IoGetDeviceObjectPointer(&TargetDeviceName,FILE_ALL_ACCESS,&FileObject,&DEVICEOBJECT);
	if (!NT_SUCCESS(status))
	{
		KdPrint(("Get TarDevice Point Failed\n"));
		IoDeleteDevice(pdev);
		return status;
	}
	pTarget = IoAttachDeviceToDeviceStack(pdev,DEVICEOBJECT);
	pDevExt->pTragetDevice = pTarget;
	if (!pTarget)
	{
		KdPrint(("Ioattach failed\n"));
		IoDeleteDevice(pdev);
		ObDereferenceObject(FileObject);
		return STATUS_INSUFFICIENT_RESOURCES;
	}

	pdev->Flags |=(pTarget->Flags &(DO_DIRECT_IO | DO_BUFFERED_IO));
	pdev->Flags &=~DO_DEVICE_INITIALIZING;
	pdev->Characteristics = pTarget->Characteristics;
	pdev->DeviceType = pTarget->DeviceType;
	ObDereferenceObject(FileObject);
	return STATUS_SUCCESS;
}
#pragma  PAGECODE
NTSTATUS CreateIrpRoutine(PDEVICE_OBJECT pDeviceObjec,PIRP pIrp)
{
	NTSTATUS status = STATUS_SUCCESS;
	PDEVICE_EXTENSION pdev = (PDEVICE_EXTENSION)pDeviceObjec->DeviceExtension;
	IoSkipCurrentIrpStackLocation(pIrp);
	IoCallDriver(pdev->pTragetDevice,pIrp);
	KdPrint(("CreateIrpRoutine\n"));
	return status;
}

#pragma  PAGECODE
NTSTATUS CloseDeviceIrpRoutine(PDEVICE_OBJECT pDevcieObject,PIRP pIrp)
{   
	PDEVICE_EXTENSION pdevExt;
	ULONG Type;
	PIO_STACK_LOCATION stack;
	
	static char* irpname[] = 
	{
		"IRP_MJ_CREATE",
		"IRP_MJ_CREATE_NAMED_PIPE",
		"IRP_MJ_CLOSE",
		"IRP_MJ_READ",
		"IRP_MJ_WRITE",
		"IRP_MJ_QUERY_INFORMATION",
		"IRP_MJ_SET_INFORMATION",
		"IRP_MJ_QUERY_EA",
		"IRP_MJ_SET_EA",
		"IRP_MJ_FLUSH_BUFFERS",
		"IRP_MJ_QUERY_VOLUME_INFORMATION",
		"IRP_MJ_SET_VOLUME_INFORMATION",
		"IRP_MJ_DIRECTORY_CONTROL",
		"IRP_MJ_FILE_SYSTEM_CONTROL",
		"IRP_MJ_DEVICE_CONTROL",
		"IRP_MJ_INTERNAL_DEVICE_CONTROL",
		"IRP_MJ_SHUTDOWN",
		"IRP_MJ_LOCK_CONTROL",
		"IRP_MJ_CLEANUP",
		"IRP_MJ_CREATE_MAILSLOT",
		"IRP_MJ_QUERY_SECURITY",
		"IRP_MJ_SET_SECURITY",
		"IRP_MJ_POWER",
		"IRP_MJ_SYSTEM_CONTROL",
		"IRP_MJ_DEVICE_CHANGE",
		"IRP_MJ_QUERY_QUOTA",
		"IRP_MJ_SET_QUOTA",
		"IRP_MJ_PNP",
	};
	stack= IoGetCurrentIrpStackLocation(pIrp);
	Type = stack->MajorFunction;
	if(Type >= ArraySize(irpname))
	{
		KdPrint(("Unknown Irp\n"));

	}
	else
	{
		KdPrint(("Irp Type == %s",irpname[Type]));

	}
	pdevExt = (PDEVICE_EXTENSION)pDevcieObject->DeviceExtension;
	IoSkipCurrentIrpStackLocation(pIrp);
	IoCallDriver(pdevExt->pTragetDevice,pIrp);
	KdPrint(("CloseDeviceIrpRoutine\n"));
	return STATUS_SUCCESS;
}

#pragma  LOCKCODE 
NTSTATUS IoCompleteRoutine(PDEVICE_OBJECT pDeviceObject,PIRP pIrp, PVOID Context)
{
	PRWCONTEXT pContext= (PRWCONTEXT)Context;
	PIO_STACK_LOCATION stack;
	ULONG stareLong;
	KdPrint(("IoCompleteRoutine---\n"));
	if (pContext && NT_SUCCESS(pIrp->IoStatus.Status))
	{
	   pContext->AlreadlyLength += pIrp->IoStatus.Information;
	   pContext->Length -= pIrp->IoStatus.Information;
	   if(pContext->Length)
	   {
		   if (pContext->Length > MAX_PROCESS_SIZE)
		   {
			   stareLong = MAX_PROCESS_SIZE;
		   }
		   else
		   {
			   stareLong = pContext->Length;
		   }
		   MmPrepareMdlForReuse((PMDL)pContext->NewMdl);
		   IoBuildPartialMdl(pContext->UserIrp->MdlAddress,(PMDL)pContext->NewMdl,(PVOID)pContext->VirtualAddress,stareLong);

		   pContext->VirtualAddress += stareLong;
		   pContext->Length -=stareLong;
		   IoCopyCurrentIrpStackLocationToNext(pIrp);
		   stack = IoGetNextIrpStackLocation(pIrp);
		   stack->Parameters.Read.Length = stareLong;
		   stack->Parameters.Write.Length =stareLong;
		   IoSetCompletionRoutine(pIrp,IoCompleteRoutine,pContext,TRUE,TRUE,TRUE);
		   IoCallDriver(pContext->pTarDevice,pIrp);
		   return STATUS_MORE_PROCESSING_REQUIRED;
	   }
	   else
	   {
		   pContext->UserIrp->IoStatus.Information = pContext->AlreadlyLength;
	   }
	}
	

	return   STATUS_MORE_PROCESSING_REQUIRED;
}

#pragma  PAGECODE
NTSTATUS OperatoeDevice(PDEVICE_OBJECT pDeviceObject,PIRP pIrp)
{  
    NTSTATUS status =STATUS_SUCCESS;
	PDEVICE_OBJECT pTarDev;
	UNICODE_STRING TarName;
	PIRP pNewIrp;
	PMDL pNewMdl;
	PFILE_OBJECT pFileObject;
	//HANDLE handle;
	IO_STATUS_BLOCK TarBlock;
	PIO_STACK_LOCATION stack;
	PVOID UserVirtualAddress;
	ULONG UserVirtualSize;
	PRWCONTEXT pConText;
	PUCHAR ReadBuff;
	ULONG max_read_size;
	ULONG LastReadSize;
	KEVENT Revent;
//	PDRIVER_OBJECT pDriverObject;
	stack = IoGetCurrentIrpStackLocation(pIrp);
	
	KeInitializeEvent(&Revent,NotificationEvent,FALSE);

	RtlInitUnicodeString(&TarName,L"\\Device\\MoonDeviceA");
	status = IoGetDeviceObjectPointer(&TarName,FILE_ALL_ACCESS,&pFileObject,&pTarDev);
	if(!NT_SUCCESS(status))
	{   
		KdPrint(("error COde == %08X",status));
		status = STATUS_UNSUCCESSFUL;
		goto IrpState;
	}

	UserVirtualAddress = MmGetMdlVirtualAddress(pIrp->MdlAddress);
	UserVirtualSize = MmGetMdlByteCount(pIrp->MdlAddress);
	KdPrint(("User Mdl == %08X\n",UserVirtualAddress));
	KdPrint(("Use Mdl length == %d\n",UserVirtualSize));

// 	status = ObReferenceObjectByName(&TarName,OBJ_CASE_INSENSITIVE,NULL,FILE_ALL_ACCESS,IoDeviceObjectType,KernelMode,NULL,(PVOID*)&pTarDev);
// 	//status = IoGetDeviceObjectPointer(&TarName,FILE_ALL_ACCESS,&pFileObject,&pTarDev);
// 	if(!NT_SUCCESS(status))
// 	{   
// 		KdPrint(("error COde == %08X",status));
// 	    status = STATUS_UNSUCCESSFUL;
// 		goto IrpState;
// 	}
// 	KdPrint(("ObReferenceObjectByName-----\n"));
// 	status  = ObOpenObjectByPointer(pTarDev,0,0,PROCESS_ALL_ACCESS,NULL,KernelMode,&handle);
// 	if(!NT_SUCCESS(status))
// 	{
// 		status = STATUS_UNSUCCESSFUL;
// 		goto IrpState;
// 	}
// 	status = ObReferenceObjectByHandle(handle,FILE_ALL_ACCESS,*IoFileObjectType,KernelMode,(PVOID*)&pFileObject,NULL);
// 	KdPrint(("ObReferenceObjectByHandle-----\n"));
// 	if(!NT_SUCCESS(status))
// 	{
// 		status = STATUS_UNSUCCESSFUL;
// 	}
	pConText =(PRWCONTEXT) ExAllocatePool(PagedPool,sizeof(RWCONTEST));
	pConText->Length = UserVirtualSize ;
	pConText->OldMdl = pIrp->MdlAddress;
	if(UserVirtualSize > MAX_PROCESS_SIZE)
	{
		max_read_size = MAX_PROCESS_SIZE;
	}
	else
	{
         max_read_size= UserVirtualSize;
	}
	ReadBuff =(PUCHAR) ExAllocatePool(PagedPool,max_read_size);
	pNewIrp = IoBuildSynchronousFsdRequest(IRP_MJ_READ,pTarDev,ReadBuff,max_read_size,0,&Revent,&TarBlock);
	KdPrint(("IoBuildAsynchronousFsdRequest-----\n"));
	if (pNewIrp == NULL)
	{
		status = STATUS_UNSUCCESSFUL;
		goto IrpState;
	}

	pNewMdl = IoAllocateMdl(UserVirtualAddress,UserVirtualSize,FALSE,FALSE,pNewIrp);
	pNewIrp->MdlAddress = pNewMdl;
	pConText->NewMdl = pNewMdl;
	pConText->AlreadlyLength=0;
	pConText->AlreadlyLength = max_read_size;
	pConText->VirtualAddress = (ULONG_PTR)UserVirtualAddress+max_read_size ;
	pConText->UserIrp = pIrp;
	KeInitializeEvent(&(pConText->Uevent),NotificationEvent,FALSE);
	IoCopyCurrentIrpStackLocationToNext(pNewIrp);
	IoSetCompletionRoutine(pNewIrp,IoCompleteRoutine,pConText,TRUE,TRUE,TRUE);
	LastReadSize = pConText->AlreadlyLength;
	status = IoCallDriver(pTarDev,pNewIrp);

IrpState:
	pIrp->IoStatus.Status = status;
	pIrp->IoStatus.Information = LastReadSize;//pConText->AlreadlyLength;
	//if(IoFreeMdl !=NULL)
	//IoFreeMdl(pNewMdl);
	//if(pConText != NULL)
	//ExFreePool(pConText);
	IoCompleteRequest(pIrp,IO_NO_INCREMENT);
	return status;

}
学习代码,莫笑话。。。
梦是多么的重要 2015-01-17
  • 打赏
  • 举报
 回复 

/****************.h*********************//
#pragma once

#include <Ntifs.h>
#define ArraySize(p)   (sizeof(p)/sizeof(p[0]))
#define MAX_PROCESS_SIZE 1024

#define PAGECODE code_seg("PAGE")
#define INITCODE code_seg("INIT")
#define LOCKCODE code_seg()
#define Print(p)    KdPrint((p));
#define PAGEDATA data_seg("PAGE")
#define INITDATA data_seg("INIT")
#define LOCKDATA data_seg()


typedef struct _DEVICE_EXTENSION{
	PDEVICE_OBJECT pdv;
	UNICODE_STRING devName;
	UNICODE_STRING devSymLikn;
	PUCHAR DeviceBuff;
	ULONG  BuffLength;
	PIRP   pIrp;
    PDEVICE_OBJECT pTragetDevice;
	PVOID VirutalArrd;
}DEVICE_EXTENSION,*PDEVICE_EXTENSION;

#pragma  LOCKCODE
VOID UnInstallDriver(PDRIVER_OBJECT pDriverObject)
{
	PDEVICE_OBJECT pdev = pDriverObject->DeviceObject;
	while(pdev != NULL)
	{
		PDEVICE_EXTENSION pdevExt =(PDEVICE_EXTENSION)pdev->DeviceExtension;
		KdPrint(("SumLink----%S",pdevExt->devSymLikn));
		IoDeleteSymbolicLink(&(pdevExt->devSymLikn));
		pdev = pdevExt->pdv->NextDevice;
		IoDeleteDevice(pdevExt->pdv);
	}
	Print("UninStall Complete\n");
}

#pragma  LOCKCODE
NTSTATUS DeviceRoutine(PDEVICE_OBJECT pDeviceObject,PIRP pIrp)
{
	PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp);
	Print("Steup Routine\n");
	pIrp->IoStatus.Information = 0;
	pIrp->IoStatus.Status = STATUS_SUCCESS;

	IoCompleteRequest(pIrp,IO_NO_INCREMENT);
	return STATUS_SUCCESS;
}
typedef struct RW_CONTEXT 
{
    PMDL NewMdl;
	PMDL OldMdl;
	ULONG Length;
	ULONG ReadSize;
	ULONG AlreadlyLength;
	ULONG_PTR VirtualAddress;
	PDEVICE_EXTENSION pDevExt;
	PIRP UserIrp;
	PDEVICE_OBJECT pTarDevice;
    KEVENT Uevent;
}RWCONTEST,*PRWCONTEXT;
#define Ioctl_Read CTL_CODE(FILE_DEVICE_UNKNOWN,0x800,METHOD_OUT_DIRECT,FILE_ANY_ACCESS)

NTKERNELAPI
	NTSTATUS
	ObReferenceObjectByName(
	__in PUNICODE_STRING ObjectName,
	__in ULONG Attributes,
	__in_opt PACCESS_STATE AccessState,
	__in_opt ACCESS_MASK DesiredAccess,
	__in POBJECT_TYPE ObjectType,
	__in KPROCESSOR_MODE AccessMode,
	__inout_opt PVOID ParseContext,
	__out PVOID *Object
	);
extern POBJECT_TYPE IoDeviceObjectType;
Windows 驱动中获取指定的设备对象
转载自:http://tudian2007.blog.163.com/blog/static/3156641320137295338938/Windows 驱动中获取指定的设备对象  众所周知应用层要和驱动层通讯的话需要先打开驱动设备对象,因为驱动设备名只是对内核模式中的驱动所识别的,应用层是无法识别的,所以一般驱动都有对应的symboliclink供应用层用使用的,如”\\.\C:”,”\??\C
《Windows核心编程》之“内核对象
    内核对象(Kernel Object)是Winodws操作系统中最核心的一个概念,本章主要介绍“内核对象”整个抽象概念的共性,而不针对具体的某个内核对象。     这一章介绍了“内核对象”的公共属性:usage count(使用计数) 和 Security Descriptor (SD,安全描述符)、进程的内核对象句柄、内核对象的命名空间和跨进程共享内核对象。        要理解本章...
内核开发知识3之串口过滤.绑定设备.
一丶理论知识,什么是过滤. 过滤就是在不影响上层跟下层的情况下,加入我们的新一层的设备. 当请求数据发送过来的时候.我们可以对这个数据进行操作.这个就是过滤的基本含义. 二丶过滤使用的API.以及简单的功能. APi 功能 NTSTATUSIoAttachDevice(INPDEVICE_OBJECTSo...
驱动开发笔记4—串口的过滤
文章目录串口过滤生成过滤设备对象获得目标设备对象绑定设备串口的过滤 串口 串口是Windows中的一种设备,它比较简单,且有固定名字。第一个串口名为"\Device\Serial0",第二个为"\Device\Serial1",以此类推。 过滤 **过滤:**在不影响上层和下层接口的情况下,在Windows系统内核中加入新的层,从而不需要修改上层的软件或者下层的真实驱动程序,就加入了新的功能。 实现过滤:首先生成一个过滤设备(虚拟的设备对象),将其绑定在一个真实的设备上。一旦绑定,则原本操作系统要发送给真实
寒江独钓第3章——串口过滤
一、过滤的概念:   过滤是在不影响上层和下层接口的情况下,在Windows系统内核中加入新的层,从而不需要修改上层的软件或者下层的真是驱动程序,就加入了新的功能。 1.1 设备绑定的内核API   进行过滤的最主要的方法是对一个设备对象Device Object)进行绑定。通过编程可以生成一个虚拟设备对象,并“绑定”(Attach)在一个真实的设备上。一旦绑定,则本来操作系统发送给真实设备的请求,就会首先发送到这个虚拟设备。   在WDK中,有多个内核API能实现绑定的功能。以下三个绑定API是
驱动开发/核心开发

21,600

社区成员

21,708

社区内容

发帖
与我相关
我的任务
社区描述
硬件/嵌入开发 驱动开发/核心开发
社区管理员
  • 驱动开发/核心开发社区
加入社区
  • 近7日
  • 近30日
  • 至今

加载中

查看更多榜单
社区公告
暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章