[求助]sfilter代码,在SfCleanupClose中加了一句调用SfDisplayCreateName,就蓝屏了

蓉城浮世 2009-12-11 09:15:35
sfilter的其他代码都没用改动过,只在SfCleanupClose中函数中加了一句SfDisplayCreateFileName( Irp ); 就蓝屏了。
下面是我的SfCleanupClose,大家请指教,帮一下新手吧。谢了



NTSTATUS  SfCleanupClose ( IN PDEVICE_OBJECT DeviceObject,   IN PIRP Irp )

{

   NTSTATUS status;

    PAGED_CODE();

    VALIDATE_IRQL(Irp);



    if (IS_MY_CONTROL_DEVICE_OBJECT(DeviceObject)) {



        Irp->IoStatus.Status = STATUS_SUCCESS;

        Irp->IoStatus.Information = 0;



        IoCompleteRequest( Irp, IO_NO_INCREMENT );

        return STATUS_SUCCESS;

    }



    ASSERT(IS_MY_DEVICE_OBJECT( DeviceObject ));



    SfDisplayCreateFileName( Irp ); //**********************这一句是我自己加的

    

    IoSkipCurrentIrpStackLocation( Irp );



    return IoCallDriver( ((PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension)->AttachedToDeviceObject, Irp );

}
...全文
97 4 打赏 收藏 转发到动态 举报
写回复
用AI写文章
4 条回复
切换为时间正序
请发表友善的回复…
发表回复
A33228371 2011-07-20
  • 打赏
  • 举报
 回复
IS_MY_CONTROL_DEVICE_OBJECT的作用是什么,

怎么感觉没什么用呢
蓉城浮世 2009-12-11
  • 打赏
  • 举报
 回复
[Quote=引用 1 楼 tr0j4n 的回复:]
C/C++ codeNTSTATUS SfCleanupClose ( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp )
{
NTSTATUS status;
PAGED_CODE();
VALIDATE_IRQL(Irp);if (IS_MY_CONTROL_DEVICE_OBJECT(DeviceObject)) {

?-
[/Quote]

好的,谢谢这位兄弟,我试一下
蓉城浮世 2009-12-11
  • 打赏
  • 举报
 回复
哪位热心人帮忙一下呀,我是新手呀。

这儿是错误信息




kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************



PAGE_FAULT_IN_NONPAGED_AREA (50)

Invalid system memory was referenced.  This cannot be protected by try-except,

it must be protected by a Probe.  Typically the address is just plain bad or it

is pointing at freed memory.

Arguments:

Arg1: bad0b148, memory referenced.

Arg2: 00000000, value 0 = read operation, 1 = write operation.

Arg3: 8092b6e2, If non-zero, the instruction address which referenced the bad memory

	address.

Arg4: 00000000, (reserved)



Debugging Details:

------------------





READ_ADDRESS:  bad0b148 



FAULTING_IP: 

nt!ObpRemoveObjectRoutine+c4

8092b6e2 3918            cmp     dword ptr [eax],ebx



MM_INTERNAL_CODE:  0



DEFAULT_BUCKET_ID:  DRIVER_FAULT



BUGCHECK_STR:  0x50



PROCESS_NAME:  System



CURRENT_IRQL:  1



TRAP_FRAME:  f78c2ce4 -- (.trap 0xfffffffff78c2ce4)

ErrCode = 00000000

eax=bad0b148 ebx=00000000 ecx=8246e028 edx=00000000 esi=00000000 edi=00000000

eip=8092b6e2 esp=f78c2d58 ebp=f78c2d68 iopl=0         nv up ei ng nz na pe nc

cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286

nt!ObpRemoveObjectRoutine+0xc4:

8092b6e2 3918            cmp     dword ptr [eax],ebx  ds:0023:bad0b148=????????

Resetting default scope



LAST_CONTROL_TRANSFER:  from 80825b3b to 8086cf14



STACK_TEXT:  

f78c2854 80825b3b 00000003 bad0b148 00000000 nt!RtlpBreakWithStatusInstruction

f78c28a0 80826a2f 00000003 c05d6858 82595b40 nt!KiBugCheckDebugBreak+0x19

f78c2c38 80826dc7 00000050 bad0b148 00000000 nt!KeBugCheck2+0x5d1

f78c2c58 8085a507 00000050 bad0b148 00000000 nt!KeBugCheckEx+0x1b

f78c2ccc 808868a0 00000000 bad0b148 00000000 nt!MmAccessFault+0xa91

f78c2ccc 8092b6e2 00000000 bad0b148 00000000 nt!KiTrap0E+0xd8

f78c2d68 8092b744 8246e028 00000001 82595b40 nt!ObpRemoveObjectRoutine+0xc4

f78c2d80 8087adbd 00000000 00000000 82595b40 nt!ObpProcessRemoveObjectQueue+0x36

f78c2dac 809418f4 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb

f78c2ddc 80887f4a 8087acd2 00000000 00000000 nt!PspSystemThreadStartup+0x2e

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16





STACK_COMMAND:  kb



FOLLOWUP_IP: 

nt!ObpRemoveObjectRoutine+c4

8092b6e2 3918            cmp     dword ptr [eax],ebx



SYMBOL_STACK_INDEX:  6



SYMBOL_NAME:  nt!ObpRemoveObjectRoutine+c4



FOLLOWUP_NAME:  MachineOwner



MODULE_NAME: nt



IMAGE_NAME:  ntkrnlpa.exe



DEBUG_FLR_IMAGE_TIMESTAMP:  45ec0a19



FAILURE_BUCKET_ID:  0x50_BADMEMREF_nt!ObpRemoveObjectRoutine+c4



BUCKET_ID:  0x50_BADMEMREF_nt!ObpRemoveObjectRoutine+c4



Followup: MachineOwner

---------
MoXiaoRab 2009-12-11
  • 打赏
  • 举报
 回复 
NTSTATUS  SfCleanupClose ( IN PDEVICE_OBJECT DeviceObject,   IN PIRP Irp )

{

   NTSTATUS status;

    PAGED_CODE();

    VALIDATE_IRQL(Irp);



    if (IS_MY_CONTROL_DEVICE_OBJECT(DeviceObject)) {



        Irp->IoStatus.Status = STATUS_SUCCESS;

        Irp->IoStatus.Information = 0;

        SfDisplayCreateFileName( Irp ); //加这里看看

        IoCompleteRequest( Irp, IO_NO_INCREMENT );

        return STATUS_SUCCESS;

    }



    ASSERT(IS_MY_DEVICE_OBJECT( DeviceObject ));



    IoSkipCurrentIrpStackLocation( Irp );



    return IoCallDriver( ((PSFILTER_DEVICE_EXTENSION) DeviceObject->DeviceExtension)->AttachedToDeviceObject, Irp );

}
WDK驱动自带原汁原味的sfilter代码
看《Windows内核编程》,说是基于sfilter代码修改的,也没说在哪个版本的驱动中,于是试了很多驱动,终于找到了,在WinDDK 6001.18001中,我把它压缩后上传。有需要的尽情下载吧。
win2003 ddk 中sfilter,filespy示例
win2003 ddk 中sfilter,filespy示例
微软sfilter源码
微软文件过滤驱动架构,大家可以在上面略作修改实现自己的需求,值得参考!
Sfilter过滤程序C源文件
Sfilter过滤程序C源文件 Sfilter过滤程序C源文件
透明加密技术源代码encrypt_sfilter
最近3年,国内企业,特别的制造行业,为防止产品研发期间,出现技术资料泄密,而造成的损失状况,而采用的技术保密技术,本文讲详细的论述解决问题的方法...
硬件/系统

2,643

社区成员

17,229

社区内容

发帖
与我相关
我的任务
社区描述
VC/MFC 硬件/系统
社区管理员
  • 硬件/系统社区
加入社区
  • 近7日
  • 近30日
  • 至今

加载中

查看更多榜单
社区公告
暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章