www.pudn.com > usbfilter.rar > USBFilter.c
#include "USBFilter.h"
#define CURINFO1 " >> 进入: "
#define CURINFO2 __FILE__
#define CURINFO3 " USBFilter.sys "
#define CURINFO4 __DATE__
#define CURINFO CURINFO4 CURINFO3 CURINFO2 CURINFO1
/*************************************************************************************/
HANDLE pWriteFile;
HANDLE pReadFile;
PSTR WriteFilePath = "\\??\\C:\\WriteLog.txt";
PSTR ReadFilePath = "\\??\\C:\\ReadLog.txt";
UCHAR IoInfo[512*0x80];
typedef struct _FILE_WORK_ITEM
{
PVOID FileContext;
WORK_QUEUE_ITEM WorkItem;
HANDLE FileHandle;
PUNICODE_STRING pUFileName;
ULONG Length;
char OutFromFile[20];
ULONG OutFromFileLen;
} FILE_WORK_ITEM,*PFILE_WORK_ITEM;
#define InitializeObjectAttributes( p, n, a, r, s ) { \
(p)->Length = sizeof( OBJECT_ATTRIBUTES ); \
(p)->RootDirectory = r; \
(p)->Attributes = a; \
(p)->ObjectName = n; \
(p)->SecurityDescriptor = s; \
(p)->SecurityQualityOfService = NULL; \
}
NTSTATUS
CreateLogFile(
IN PVOID Context,
IN OUT HANDLE *FileHandle,
IN PSTR FileName
);
VOID MyDriverCreateFileWorkItem(
PVOID Context);
VOID MyDriverWriteFile(
IN PVOID Buffer,
IN ULONG Length,
IN OUT HANDLE FileHandle
);
VOID MyDriverWriteFileWorkItem(
PVOID Context);
VOID MyDriverCloseFile(
IN OUT HANDLE FileHandle);
VOID MyDriverCloseFileWorkItem(
PVOID Context);
/******************************************************************************************/
NTSTATUS
DriverEntry(PDRIVER_OBJECT DriverObject,
PUNICODE_STRING RegistryPath)
{
NTSTATUS ntStatus=STATUS_SUCCESS;
PDRIVER_DISPATCH *DriverDispatch;
ULONG i=0;
DbgPrint(CURINFO "DriverEntry...\n");
//+++++++++++++++++++++++++++++++++++++++++++
UNREFERENCED_PARAMETER(RegistryPath);
for (i=0,DriverDispatch=DriverObject->MajorFunction;
i<=IRP_MJ_MAXIMUM_FUNCTION;
i++,DriverDispatch++)
{
*DriverDispatch = USBFilter;
}
DriverObject->MajorFunction[IRP_MJ_SCSI]=USBFilterSCSI;
DriverObject->MajorFunction[IRP_MJ_PNP] =USBFilterPnp;
DriverObject->DriverExtension->AddDevice=USBFilterAddDevice;
DriverObject->DriverUnload=USBFilterUnload;
/*******************************************
创建读写文件
********************************************/
RtlZeroMemory(IoInfo,512*0x80);
ntStatus=CreateLogFile(NULL,&pWriteFile,WriteFilePath);
if(!NT_SUCCESS(ntStatus))
{
DbgPrint("Create WriteFile is falied with error code 0x%08x\n",ntStatus);
return ntStatus;
}
ntStatus=CreateLogFile(NULL,&pReadFile,ReadFilePath);
if(!NT_SUCCESS(ntStatus))
{
DbgPrint("Create ReadFile is falied with error code 0x%08x\n",ntStatus);
return ntStatus;
}
return ntStatus;
}
VOID
USBFilterUnload(PDRIVER_OBJECT DriverObject)
{
PAGED_CODE();
ASSERT(DriverObject->DeviceObject==NULL);
DbgPrint(CURINFO "USBFilterUnload...\n");
return;
}
NTSTATUS
USBFilterAddDevice(PDRIVER_OBJECT DriverObject, PDEVICE_OBJECT PhysicalDevice)
{
NTSTATUS ntStatus=STATUS_SUCCESS;
PDEVICE_OBJECT object=NULL;
PUSB_DEVICE_EXTENSION usbDeviceExe;
ULONG deviceType=FILE_DEVICE_DISK;
UNICODE_STRING ntName;
UNICODE_STRING win32Name;
DbgPrint(CURINFO "USBFilterAddDevice...\n");
RtlInitUnicodeString(&ntName,L"\\Device\\USBFilter");
RtlInitUnicodeString(&win32Name,L"\\DosDevices\\USBFilter");
PAGED_CODE();
if(!IoIsWdmVersionAvailable(1,0x20))
{
object=IoGetAttachedDeviceReference(PhysicalDevice);
deviceType=object->DeviceType;
ObDereferenceObject(object);
}
ntStatus=IoCreateDevice(DriverObject,\
sizeof(USB_DEVICE_EXTENSION),\
&ntName,\
FILE_DEVICE_DISK,\
FILE_DEVICE_SECURE_OPEN,\
FALSE,\
&object);
if(!NT_SUCCESS(ntStatus))
{
DbgPrint(CURINFO "USBFilterAddDevice is falied...\n");
return ntStatus;
}
usbDeviceExe=(PUSB_DEVICE_EXTENSION)object->DeviceExtension;
usbDeviceExe->NextLowerDriver=IoAttachDeviceToDeviceStack(object,PhysicalDevice);
if(!usbDeviceExe->NextLowerDriver)
{
DbgPrint(CURINFO "IoAttachDeviceToDeviceStack IS FALIED!...\n");
IoDeleteDevice(object);
return STATUS_UNSUCCESSFUL;
}
ntStatus=IoCreateSymbolicLink(&win32Name,&ntName);
if(!NT_SUCCESS(ntStatus))
{
DbgPrint(CURINFO "IoCreateSymbolicLink is falied with error code 0x%x\n",ntStatus);
return ntStatus;
}
object->Flags |= usbDeviceExe->NextLowerDriver->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO | DO_POWER_PAGABLE);
object->DeviceType=FILE_DEVICE_DISK;//deviceType;
object->Characteristics=usbDeviceExe->NextLowerDriver->Characteristics;;
usbDeviceExe->CurrentDeviceObject=object;
IoInitializeRemoveLock(&usbDeviceExe->RemoveLock,POOL_TAG,1,100);
INITIALIZE_PNP_STATE(usbDeviceExe);
object->Flags&=~DO_DEVICE_INITIALIZING;
return STATUS_SUCCESS;
}
NTSTATUS
USBFilter(PDEVICE_OBJECT DeviceObject, PIRP Irp)
{
NTSTATUS ntStatus=STATUS_SUCCESS;
PUSB_DEVICE_EXTENSION USBDeviceExe;
PIO_STACK_LOCATION IrpStack;
PVOID InputBuffer;
CHAR* OutputBuffer=" USBFilter ";
DbgPrint(CURINFO " USBFilter...\n");
IrpStack=IoGetCurrentIrpStackLocation(Irp);
/****这里暂时用不上就现屏蔽了,如果需要这部分功能可以在从新打开
if(IrpStack->MajorFunction==IRP_MJ_DEVICE_CONTROL)
{
if(IrpStack->Parameters.DeviceIoControl.IoControlCode==IOCTL_800_WRITE)
{
// InputBuffer=Irp->AssociatedIrp.SystemBuffer;
// DbgPrint(CURINFO "USBFilter GetInformation IOCTL_800_WRITE: %s...\n",InputBuffer);
}else if(IrpStack->Parameters.DeviceIoControl.IoControlCode==IOCTL_800_READ)
{
// Irp->AssociatedIrp.SystemBuffer=(VOID*)OutputBuffer;
// DbgPrint(CURINFO "USBFilter GetInformation IOCTL_800_READ: %s...\n",OutputBuffer);
}
}*/
USBDeviceExe=(PUSB_DEVICE_EXTENSION) DeviceObject->DeviceExtension;
ntStatus=IoAcquireRemoveLock(&USBDeviceExe->RemoveLock,Irp);
if (!NT_SUCCESS(ntStatus))
{
Irp->IoStatus.Status=ntStatus;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
return ntStatus;
}
IoSkipCurrentIrpStackLocation(Irp);
ntStatus=IoCallDriver(USBDeviceExe->NextLowerDriver,Irp);
IoReleaseRemoveLock(&USBDeviceExe->RemoveLock,Irp);
return ntStatus;
}
NTSTATUS
USBFilterPnp(PDEVICE_OBJECT DeviceObject, PIRP Irp)
{
NTSTATUS ntStatus=STATUS_SUCCESS;
PUSB_DEVICE_EXTENSION USBDeviceExe;
PIO_STACK_LOCATION IrpStack;
KEVENT event;
DbgPrint(CURINFO "USBFilterPnp...\n");
PAGED_CODE();
USBDeviceExe=(PUSB_DEVICE_EXTENSION)DeviceObject->DeviceExtension;
IrpStack=IoGetCurrentIrpStackLocation(Irp);
ntStatus=IoAcquireRemoveLock(&USBDeviceExe->RemoveLock,Irp);
if(!NT_SUCCESS(ntStatus))
{
DbgPrint(CURINFO " USBFilterPnp IoAcquireRemoveLock is falied with error code 0x%x\n",ntStatus);
Irp->IoStatus.Status=ntStatus;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
return ntStatus;
}
switch(IrpStack->MinorFunction)
{
case IRP_MN_START_DEVICE:
DbgPrint(CURINFO " USBFilterPnp IRP_MN_START_DEVICE ...\n");
KeInitializeEvent(&event,NotificationEvent,FALSE);
IoCopyCurrentIrpStackLocationToNext(Irp);
IoSetCompletionRoutine(Irp,\
(PIO_COMPLETION_ROUTINE)USBFilterStartCompletionRoutine,\
&event,\
TRUE,\
TRUE,\
TRUE);
ntStatus=IoCallDriver(USBDeviceExe->NextLowerDriver,Irp);
if(ntStatus==STATUS_PENDING)
{
KeWaitForSingleObject(&event,Executive,KernelMode,FALSE,NULL);
ntStatus=Irp->IoStatus.Status;
}
if (NT_SUCCESS(ntStatus))
{
SET_NEW_PNP_STATE(USBDeviceExe,Started);
if (USBDeviceExe->NextLowerDriver->Characteristics & FILE_REMOVABLE_MEDIA)
{
DeviceObject->Characteristics|=FILE_REMOVABLE_MEDIA;
}
}
Irp->IoStatus.Status = ntStatus;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
IoReleaseRemoveLock(&USBDeviceExe->RemoveLock,Irp);
return ntStatus;
case IRP_MN_REMOVE_DEVICE:
DbgPrint(CURINFO " USBFilterPnp IRP_MN_REMOVE_DEVICE ...\n");
IoReleaseRemoveLockAndWait(&USBDeviceExe->RemoveLock,Irp);
IoSkipCurrentIrpStackLocation(Irp);
ntStatus = IoCallDriver(USBDeviceExe->NextLowerDriver,Irp);
SET_NEW_PNP_STATE(USBDeviceExe,Deleted);
IoDetachDevice(USBDeviceExe->NextLowerDriver);
IoDeleteDevice(DeviceObject);
return ntStatus;
case IRP_MN_QUERY_STOP_DEVICE:
DbgPrint(CURINFO " USBFilterPnp IRP_MN_QUERY_STOP_DEVICE ...\n");
SET_NEW_PNP_STATE(USBDeviceExe,StopPending);
ntStatus = STATUS_SUCCESS;
break;
case IRP_MN_CANCEL_STOP_DEVICE:
DbgPrint(CURINFO " USBFilterPnp IRP_MN_CANCEL_STOP_DEVICE ...\n");
if (StopPending == USBDeviceExe->DevicePnPState)
{
RESTORE_PREVIOUS_PNP_STATE(USBDeviceExe);
}
ntStatus = STATUS_SUCCESS;
break;
case IRP_MN_STOP_DEVICE:
DbgPrint(CURINFO " USBFilterPnp IRP_MN_STOP_DEVICE ...\n");
SET_NEW_PNP_STATE(USBDeviceExe, Stopped);
ntStatus = STATUS_SUCCESS;
break;
case IRP_MN_QUERY_REMOVE_DEVICE:
DbgPrint(CURINFO " USBFilterPnp IRP_MN_QUERY_REMOVE_DEVICE ...\n");
SET_NEW_PNP_STATE(USBDeviceExe, RemovePending);
ntStatus = STATUS_SUCCESS;
break;
case IRP_MN_SURPRISE_REMOVAL:
DbgPrint(CURINFO " USBFilterPnp IRP_MN_SURPRISE_REMOVAL ...\n");
SET_NEW_PNP_STATE(USBDeviceExe, SurpriseRemovePending);
ntStatus = STATUS_SUCCESS;
break;
case IRP_MN_CANCEL_REMOVE_DEVICE:
DbgPrint(CURINFO " USBFilterPnp IRP_MN_CANCEL_REMOVE_DEVICE ...\n");
if(RemovePending == USBDeviceExe->DevicePnPState)
{
RESTORE_PREVIOUS_PNP_STATE(USBDeviceExe);
}
ntStatus = STATUS_SUCCESS; // We must not fail this IRP.
break;
case IRP_MN_DEVICE_USAGE_NOTIFICATION:
DbgPrint(CURINFO " USBFilterPnp IRP_MN_DEVICE_USAGE_NOTIFICATION ...\n");
if ((DeviceObject->AttachedDevice == NULL) ||
(DeviceObject->AttachedDevice->Flags & DO_POWER_PAGABLE)) {
DeviceObject->Flags |= DO_POWER_PAGABLE;
}
IoCopyCurrentIrpStackLocationToNext(Irp);
IoSetCompletionRoutine(
Irp,
FilterDeviceUsageNotificationCompletionRoutine,
NULL,
TRUE,
TRUE,
TRUE
);
return IoCallDriver(USBDeviceExe->NextLowerDriver, Irp);
default:
DbgPrint(CURINFO " USBFilterPnp Default ...\n");
ntStatus = Irp->IoStatus.Status;
break;
}
Irp->IoStatus.Status = ntStatus;
IoSkipCurrentIrpStackLocation(Irp);
ntStatus = IoCallDriver(USBDeviceExe->NextLowerDriver,Irp);
IoReleaseRemoveLock(&USBDeviceExe->RemoveLock,Irp);
return ntStatus;
}
NTSTATUS
USBFilterStartCompletionRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp, IN PVOID Context
)
{
PKEVENT event = (PKEVENT)Context;
DbgPrint(CURINFO " FilterStartCompletionRoutine!...\n");
UNREFERENCED_PARAMETER(DeviceObject);
if (Irp->PendingReturned == TRUE)
{
KeSetEvent(event,IO_NO_INCREMENT,FALSE);
}
return STATUS_MORE_PROCESSING_REQUIRED;
}
NTSTATUS
FilterDeviceUsageNotificationCompletionRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PUSB_DEVICE_EXTENSION USBDeviceExe;
DbgPrint(CURINFO "FilterDeviceUsageNotificationCompletionRoutine!...\n");
UNREFERENCED_PARAMETER(Context);
USBDeviceExe = (PUSB_DEVICE_EXTENSION) DeviceObject->DeviceExtension;
if (Irp->PendingReturned)
{
IoMarkIrpPending(Irp);
}
if (!(USBDeviceExe->NextLowerDriver->Flags & DO_POWER_PAGABLE))
{
DeviceObject->Flags &= ~DO_POWER_PAGABLE;
}
IoReleaseRemoveLock(&USBDeviceExe->RemoveLock, Irp);
return STATUS_CONTINUE_COMPLETION;
}
NTSTATUS
USBFilterSCSI( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp )
{
NTSTATUS ntStatus;
KIRQL IrqLevel;
// PDEVICE_OBJECT pDeviceObject;
PUSB_DEVICE_EXTENSION USBDeviceExe = ( PUSB_DEVICE_EXTENSION )
DeviceObject->DeviceExtension;
DbgPrint(CURINFO "USBFilterSCSI!...\n");
IoCopyCurrentIrpStackLocationToNext( Irp );
IoSetCompletionRoutine( Irp,
USBSCSICompletion,
DeviceObject,
TRUE,
TRUE,
TRUE );
IoAcquireRemoveLock(&USBDeviceExe->RemoveLock,Irp);
IoReleaseRemoveLock(&USBDeviceExe->RemoveLock,Irp);
return IoCallDriver( USBDeviceExe->NextLowerDriver, Irp );
}
NTSTATUS
USBSCSICompletion( IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context )
{
NTSTATUS ntStatus;
PIO_STACK_LOCATION IrpStack;
PSCSI_REQUEST_BLOCK CurSrb;
PMODE_PARAMETER_HEADER modeData;
PDEVICE_OBJECT pDeviceObject;
PCDB cdb ;
UCHAR opCode;
KIRQL IrqLevel;
ULONG Len1,Len2,Len3;
PUSB_DEVICE_EXTENSION USBDeviceExe = ( PUSB_DEVICE_EXTENSION )DeviceObject->DeviceExtension;
Len1=Len2=Len3=0;
IoAcquireRemoveLock(&USBDeviceExe->RemoveLock,Irp);
DbgPrint(CURINFO "USBSCSICompletion!...\n");
IrpStack = IoGetCurrentIrpStackLocation( Irp );
CurSrb = ExAllocatePoolWithTag(NonPagedPool,
sizeof(SCSI_REQUEST_BLOCK),
DISK_TAG_SRB);
if (CurSrb == NULL)
{
DbgPrint(CURINFO "Allocate is falied !...\n");
}
else
{
DbgPrint(CURINFO "Allocate is success!...\n");
}
RtlZeroMemory(CurSrb, SCSI_REQUEST_BLOCK_SIZE);
if (IrpStack->MajorFunction==IRP_MJ_INTERNAL_DEVICE_CONTROL)
{
DbgPrint(CURINFO "IRP_MJ_INTERNAL_DEVICE_CONTROL\n");
CurSrb=IrpStack->Parameters.Scsi.Srb;
//cdb = (PCDB)CurSrb->Cdb;
opCode=CurSrb->Cdb[0];
if (opCode==SCSIOP_WRITE || opCode==SCSIOP_WRITE6 )
{
DbgPrint(CURINFO "opCode==SCSIOP_WRITE\n");
Len1=(0x00FF0000 & CurSrb->Cdb[2])>>16;
Len2=(0x0000FF00 & CurSrb->Cdb[3])>>8;
Len3=(0x000000FF & CurSrb->Cdb[4]);
DbgPrint(CURINFO "Write Len 0x%x 0x%x 0x%x\n",Len1,Len2,Len3);
/****打开此段代码容易引起系统的重启。问题没有解决
RtlCopyMemory(IoInfo,(UCHAR*)CurSrb->DataBuffer,Len3);
MyDriverWriteFile(IoInfo,\
Len3,\
pReadFile);*/
}
if(opCode==SCSIOP_READ6 || opCode==SCSIOP_READ )
{
DbgPrint(CURINFO "opCode==SCSIOP_READ\n");
Len1=(0x00FF0000 & CurSrb->Cdb[2])>>16;
Len2=(0x0000FF00 & CurSrb->Cdb[3])>>8;
Len3=(0x000000FF & CurSrb->Cdb[4]);
DbgPrint(CURINFO "Read Len 0x%x 0x%x 0x%x\n",Len1,Len2,Len3);
/****打开此段代码容易引起系统的重启。问题没有解决
RtlCopyMemory(IoInfo,(UCHAR*)CurSrb->DataBuffer,Len3);
MyDriverWriteFile(IoInfo,\
Len3,\
pWriteFile);
*/
}
if (opCode==SCSIOP_MODE_SENSE)
{
DbgPrint(CURINFO "SCSIOP_MODE_SENSE\n");
modeData = (PMODE_PARAMETER_HEADER)CurSrb->DataBuffer;
modeData->DeviceSpecificParameter |= MODE_DSP_WRITE_PROTECT;
}
}
if ( Irp->PendingReturned )
{
IoMarkIrpPending( Irp );
}
IoReleaseRemoveLock(&USBDeviceExe->RemoveLock,Irp);
return Irp->IoStatus.Status ;
}
/******************************************
文件操作
*/
NTSTATUS
CreateLogFile(IN PVOID Context,
IN OUT HANDLE *FileHandle,
IN PSTR FileName)
{
NTSTATUS ntStatus;
OBJECT_ATTRIBUTES ObjectAttributes;
POBJECT_ATTRIBUTES pObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
UNICODE_STRING UniFileName;
ANSI_STRING m_AnsiFileName;
PFILE_WORK_ITEM workitem;
ULONG level;
DbgPrint("Create Log File...\n");
pObjectAttributes =&ObjectAttributes;
RtlInitAnsiString(&m_AnsiFileName,FileName);
level = KeGetCurrentIrql();
if(level < DISPATCH_LEVEL)
{
ntStatus = RtlAnsiStringToUnicodeString(&UniFileName , &m_AnsiFileName ,TRUE);
if(!NT_SUCCESS(ntStatus))
return ntStatus;
InitializeObjectAttributes(pObjectAttributes,&UniFileName,OBJ_CASE_INSENSITIVE,NULL,NULL);
ntStatus=ZwCreateFile(FileHandle,
GENERIC_WRITE | SYNCHRONIZE | FILE_APPEND_DATA|GENERIC_READ,
&ObjectAttributes,
&IoStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN|FILE_CREATE,/*FILE_OVERWRITE_IF,*/
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if(NT_SUCCESS(ntStatus) && FileHandle != NULL)
{
return ntStatus;
}
}
else
{
ntStatus = STATUS_PENDING;
workitem = (PFILE_WORK_ITEM)ExAllocatePool(NonPagedPool,\
sizeof(FILE_WORK_ITEM));
if (workitem)
{
ExInitializeWorkItem(&workitem->WorkItem,MyDriverCreateFileWorkItem,workitem);
workitem->FileContext = Context;
workitem->FileHandle = *FileHandle;
workitem->pUFileName = &UniFileName;
ExQueueWorkItem(&workitem->WorkItem,
DelayedWorkQueue);
}
else
{
ntStatus = STATUS_INSUFFICIENT_RESOURCES;
}
}
return ntStatus;
}
VOID MyDriverCreateFileWorkItem(
PVOID Context)
{
HANDLE FileHandle;
NTSTATUS ntStatus;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
PCWSTR FileName;
PUNICODE_STRING pUniFileName;
LARGE_INTEGER ByteOffset;
PFILE_WORK_ITEM workitem = (PFILE_WORK_ITEM) Context;
// DbgPrint("MyDriverCreateFileWorkItem function...\n");
FileHandle = workitem->FileHandle;
pUniFileName = workitem->pUFileName;
InitializeObjectAttributes(&ObjectAttributes,pUniFileName,
OBJ_CASE_INSENSITIVE,NULL,NULL);
ntStatus=ZwCreateFile( &FileHandle,
GENERIC_WRITE | SYNCHRONIZE | FILE_APPEND_DATA|GENERIC_READ,
&ObjectAttributes,
&IoStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN|FILE_CREATE,/*FILE_OVERWRITE_IF,*/
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
if(NT_SUCCESS(ntStatus) && FileHandle != NULL)
{
}
ExFreePool(workitem);
return;
}
VOID MyDriverWriteFile(
IN PVOID Buffer,
IN ULONG Length,
IN OUT HANDLE FileHandle)
{
NTSTATUS ntStatus;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
UNICODE_STRING UniFileName;
PFILE_WORK_ITEM workitem;
LARGE_INTEGER ByteOffset;
DbgPrint(".....MyDriverWriteFile1 function...\n");
if(KeGetCurrentIrql() < DISPATCH_LEVEL)
{
if(Buffer==NULL)
{
DbgPrint("The Buffer is NULL...\n");
return;
}
// DbgPrint("@@@@@@@@@@@@WriteFile %s..%d....\n",Buffer,Length);
ntStatus=ZwWriteFile(FileHandle,
0,
0,
0,
&IoStatusBlock,
Buffer,
Length,
NULL,
NULL);
if(NT_SUCCESS(ntStatus) && FileHandle != NULL)
{
DbgPrint("@@@@@@@@@@@@ ############## WriteFile is ok!......\n");
}
}
else
{
// DbgPrint("KeSetEvent ...........\n");
// KeSetEvent(&devExt->BeginEvent,0,0);
ntStatus = STATUS_PENDING;
workitem = (PFILE_WORK_ITEM)ExAllocatePool(NonPagedPool,
sizeof(FILE_WORK_ITEM));
if (workitem) {
ExInitializeWorkItem(&workitem->WorkItem,
MyDriverWriteFileWorkItem,
workitem);
workitem->FileContext =Buffer ;//KeyBuffer;
workitem->FileHandle = FileHandle;
workitem->Length = Length;
ExQueueWorkItem(&workitem->WorkItem,\
DelayedWorkQueue);
}
else
{
ntStatus = STATUS_INSUFFICIENT_RESOURCES;
}
}
return;
}
VOID MyDriverWriteFileWorkItem(
PVOID Context)
{
HANDLE FileHandle;
NTSTATUS ntStatus;
IO_STATUS_BLOCK IoStatusBlock;
LARGE_INTEGER ByteOffset;
PVOID Buffer;
ULONG Length;
PFILE_WORK_ITEM workitem = (PFILE_WORK_ITEM) Context;
FileHandle = workitem->FileHandle;
Buffer = workitem->FileContext;
Length = workitem->Length;
if(Buffer==NULL)
{
DbgPrint("The Buffer is NULL...\n");
return;
}
// DbgPrint("@@@@@@@@@@@@@@@################# 2 ZwWriteFile function....\n");
// DbgPrint("@@@@@@@@@@@@WriteFile2 %s....%d....\n",Buffer,Length);
ntStatus=ZwWriteFile(FileHandle,
0,
0,
0,
&IoStatusBlock,
Buffer,
Length,
NULL,
NULL);
if(NT_SUCCESS(ntStatus) && FileHandle != NULL)
{
DbgPrint("@@@@@@@@@@@@@@@#################ZwWriteFile is ok!\n");
}
ExFreePool(workitem);
return;
}
VOID MyDriverCloseFile(
IN OUT HANDLE FileHandle)
{
NTSTATUS ntStatus;
PFILE_WORK_ITEM workitem;
ULONG level = KeGetCurrentIrql();
DbgPrint("MyDriverCloseFile function...\n");
if(level < DISPATCH_LEVEL)
{
ntStatus = ZwClose(FileHandle);
if(NT_SUCCESS(ntStatus))
{
return;
}
}
else
{
ntStatus = STATUS_PENDING;
workitem = (PFILE_WORK_ITEM)ExAllocatePool(NonPagedPool,
sizeof(FILE_WORK_ITEM));
if (workitem)
{
ExInitializeWorkItem(&workitem->WorkItem,MyDriverCloseFileWorkItem,workitem);
workitem->FileHandle = FileHandle;
ExQueueWorkItem(&workitem->WorkItem,
DelayedWorkQueue);
}
else
{
ntStatus = STATUS_INSUFFICIENT_RESOURCES;
}
}
return ;
}
VOID MyDriverCloseFileWorkItem(
PVOID Context)
{
HANDLE FileHandle;
NTSTATUS ntStatus;
IO_STATUS_BLOCK IoStatusBlock;
LARGE_INTEGER ByteOffset;
PVOID Buffer;
ULONG Length;
PFILE_WORK_ITEM workitem = (PFILE_WORK_ITEM) Context;
DbgPrint("MyDriverCloseFileWorkItem function...\n");
FileHandle = workitem->FileHandle;
ntStatus=ZwClose(FileHandle);
if(NT_SUCCESS(ntStatus))
{
}
ExFreePool(workitem);
return;
}