Делаю фильтр-драйвер мыши. Для доступа из UserMode хочу создать вторую символьную ссылку (девайс). Ссылка создается (в devicetree появляется), но при попытке CreateFile из UserMode - синий экран. Как сделать правильно? Вот мой код. Код (Text): NTSTATUS DriverEntry ( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { ULONG i; UNREFERENCED_PARAMETER (RegistryPath); DbgPrint(("MouFilter_DriverEntry() called\n")); for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++) { DriverObject->MajorFunction = MouFilter_DispatchPassThrough; } DriverObject->MajorFunction [IRP_MJ_CREATE] = MouFilter_CreateClose; DriverObject->MajorFunction [IRP_MJ_CLOSE] = MouFilter_CreateClose; DriverObject->MajorFunction [IRP_MJ_PNP] = MouFilter_PnP; DriverObject->MajorFunction [IRP_MJ_POWER] = MouFilter_Power; DriverObject->MajorFunction [IRP_MJ_INTERNAL_DEVICE_CONTROL] = MouFilter_InternIoCtl; DriverObject->DriverUnload = MouFilter_Unload; DriverObject->DriverExtension->AddDevice = MouFilter_AddDevice; return STATUS_SUCCESS; } NTSTATUS MouFilter_AddDevice( IN PDRIVER_OBJECT Driver, IN PDEVICE_OBJECT PDO ) { PCWSTR dDeviceName2 = L"\\Device\\hideproc55"; //имя устройсва PCWSTR dSymbolicLinkName2 = L"\\DosDevices\\hideproc55"; //имя устройсва дос PDEVICE_EXTENSION devExt2; PDEVICE_EXTENSION devExt; IO_ERROR_LOG_PACKET errorLogEntry; PDEVICE_OBJECT device; PDEVICE_OBJECT device2; NTSTATUS status = STATUS_SUCCESS; NTSTATUS status2 = STATUS_SUCCESS; PCWSTR dDeviceName = L"\\Device\\hideproc5"; //имя устройсва PCWSTR dSymbolicLinkName = L"\\DosDevices\\hideproc5"; //имя устройсва дос RtlInitUnicodeString(&DeviceName, dDeviceName); RtlInitUnicodeString(&SymbolicLinkName, dSymbolicLinkName); PAGED_CODE(); DbgPrint(("MouFilter_AddDevice() called\n")); status = IoCreateDevice(Driver, sizeof(DEVICE_EXTENSION), &DeviceName, FILE_DEVICE_MOUSE, 0, FALSE, &device ); if (!NT_SUCCESS(status)) { return (status); } RtlZeroMemory(device->DeviceExtension, sizeof(DEVICE_EXTENSION)); IoCreateSymbolicLink(&SymbolicLinkName, &DeviceName); devExt = (PDEVICE_EXTENSION) device->DeviceExtension; devExt->TopOfStack = IoAttachDeviceToDeviceStack(device, PDO); ASSERT(devExt->TopOfStack); devExt->Self = device; devExt->PDO = PDO; devExt->DeviceState = PowerDeviceD0; devExt->SurpriseRemoved = FALSE; devExt->Removed = FALSE; devExt->Started = FALSE; //DO_BUFFERED_IO device->Flags |= (DO_BUFFERED_IO | DO_POWER_PAGABLE); device->Flags &= ~DO_DEVICE_INITIALIZING; /////////////////////////////////////////////////////////////// RtlInitUnicodeString(&DeviceName2, dDeviceName2); RtlInitUnicodeString(&SymbolicLinkName2, dSymbolicLinkName2); status2 = IoCreateDevice( device->DriverObject, sizeof(DEVICE_EXTENSION2), &DeviceName2, FILE_DEVICE_MOUSE, 0, FALSE, &device2 ); if (!NT_SUCCESS(status2)) { DbgPrint(("Device2 init failure!\n")); return (status2); } else { DbgPrint(("Device2 init Ok!\n")); }; RtlZeroMemory(device2->DeviceExtension, sizeof(DEVICE_EXTENSION2)); devExt2 = (PDEVICE_EXTENSION) device2->DeviceExtension; devExt2->Self = device2; devExt2->PDO = PDO; devExt2->DeviceState = PowerDeviceD0; devExt2->SurpriseRemoved = FALSE; devExt2->Removed = FALSE; devExt2->Started = FALSE; device2->Flags |= (DO_BUFFERED_IO | DO_POWER_PAGABLE); device2->Flags &= ~DO_DEVICE_INITIALIZING; IoCreateSymbolicLink(&SymbolicLinkName2, &DeviceName2); /////////////////////////////////////////////////////////////// return status; }
Сори. Вот. Код (Text): !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_PORTION_MUST_BE_NONPAGED (d3) When possible, the guilty driver's name (Unicode string) is printed on the bugcheck screen and saved in KiBugCheckDriver. An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers marking code or data as pageable when it should be marked nonpaged. If kernel debugger is available get stack backtrace. Arguments: Arg1: bf849b03, memory referenced Arg2: 000000ff, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: 805062a9, address which referenced memory Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. FAULTING_MODULE: 804d7000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 478479cf READ_ADDRESS: bf849b03 CURRENT_IRQL: ff FAULTING_IP: nt+2f2a9 805062a9 8a11 mov dl,byte ptr [ecx] CUSTOMER_CRASH_COUNT: 2 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xD3 LAST_CONTROL_TRANSFER: from b217323d to 805062a9 STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. b275aac8 b217323d 81d97290 00000000 00000000 nt+0x2f2a9 b275aaf0 b2189071 bf849b03 b2178760 b2178140 dump_wmimmc+0x323d b275ab28 b219aa2d 81d9e720 81f42f38 820013a8 dump_wmimmc+0x19071 b275abec b2176711 81dfdf90 00000001 821018e8 dump_wmimmc+0x2aa2d b275ac34 804eddf9 81c2dad0 820013a8 806d02d0 dump_wmimmc+0x6711 b275ac58 805749d1 81c2dad0 820013a8 81dfdf90 nt+0x16df9 b275ad00 8056d33c 000001fc 00000000 00000000 nt+0x9d9d1 b275ad34 8053c808 000001fc 00000000 00000000 nt+0x9633c b275ad64 00413893 badb0d00 0012f1c0 b250ed98 nt+0x65808 b275ad68 badb0d00 0012f1c0 b250ed98 b250edcc 0x413893 b275ad6c 0012f1c0 b250ed98 b250edcc 00000000 0xbadb0d00 b275ad70 b250ed98 b250edcc 00000000 00000000 0x12f1c0 b275ad74 b250edcc 00000000 00000000 00000000 0xb250ed98 b275ad78 00000000 00000000 00000000 00000000 0xb250edcc STACK_COMMAND: kb FOLLOWUP_IP: dump_wmimmc+323d b217323d ?? ??? SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: dump_wmimmc+323d FOLLOWUP_NAME: MachineOwner MODULE_NAME: dump_wmimmc IMAGE_NAME: dump_wmimmc.sys BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner ---------
Vetroboy Почитайте про драйверы фильтры, когда он создается для существующего устройства. Вам надо после того как вы создали в стеке PnP объект FiDO, дополнить его объктом EDO. И обращаться из приложения к EDO. Другие пути недопустимы. Либо не являются корректными. Вы судя по всему неправильно создаете Extension. Я не вижу у вас установку флага FIDO_EXTENSION. Ну и у Walter Oney почитайте главу 16. Там все подробно расписано с примером кода. Хотя конечно, символы в крешдампе не помешали бы.
