|
|
nt式usb过滤驱动,无法拦截到write操作.Windows xp
[复制链接]
主要代码:
Windows xp
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NTSTATUS status;
DriverObject->DriverUnload = DriverUnload;
for(ULONG i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
{
DriverObject->MajorFunction = DispatchGeneral;
}
DriverObject->MajorFunction[IRP_MJ_WRITE] = DispatchWrite;
DriverObject->MajorFunction[IRP_MJ_SCSI] = DispatchWrite; // 加了这句后仍然不能过滤掉写入
DriverObject->MajorFunction[IRP_MJ_POWER] = OnPower;
DriverObject->MajorFunction[IRP_MJ_PNP] = OnPnp;
// attach到usb驱动上
status = AttachUsbDriver(DriverObject);
return status;
}
// 打算用这个来处理写入请求.结果不工作.
NTSTATUS DispatchWrite(IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp)
{
KdPrint(("Write!\n"));
return STATUS_ACCESS_DENIED;
}
// 这个是attach到上层驱动,用device tree看了下,能正常工作.
NTSTATUS AttachUsbDriver(IN PDRIVER_OBJECT DriverObject)
{
NTSTATUS status;
UNICODE_STRING ustrName;
PDRIVER_OBJECT usbDriver;
PDEVICE_OBJECT usbDevice;
PDEVICE_OBJECT pfltDevice;
PDEVICE_OBJECT pLowerDevice;
PDEVICE_EXTENSION pdx;
RtlInitUnicodeString(&ustrName, L"\\Driver\\USBSTOR");
status = ObReferenceObjectByName(&ustrName, OBJ_CASE_INSENSITIVE,
NULL, 0, IoDriverObjectType,
KernelMode, NULL, (PVOID*)&usbDriver);
if(!NT_SUCCESS(status))
{
KdPrint(("Couldn't get usb driver\n"));
return status;
}
usbDevice = usbDriver->DeviceObject;
// 遍历usb设备对象.
while(NULL != usbDevice)
{
status = IoCreateDevice(DriverObject, sizeof(DEVICE_EXTENSION), NULL,
usbDevice->DeviceType, usbDevice->Characteristics,
FALSE, &pfltDevice);
if(!NT_SUCCESS(status))
{
ObDereferenceObject(usbDriver);
KdPrint(("Create fltdevice failed!\n"));
return status;
}
// 附加到上层驱动.
pLowerDevice = IoAttachDeviceToDeviceStack(pfltDevice, usbDevice);
if(NULL == pLowerDevice)
{
ObDereferenceObject(usbDriver);
KdPrint(("attach usb device error!\n"));
IoDeleteDevice(pfltDevice);
pfltDevice = NULL;
return STATUS_UNSUCCESSFUL;
}
pdx = (PDEVICE_EXTENSION)(pfltDevice->DeviceExtension);
InitDevExt(pdx, pLowerDevice, pfltDevice, usbDevice); // 这个函数将有用的信息放到device_extension结构中了.
// 设置属性跟标志位
pfltDevice->DeviceType = pLowerDevice->DeviceType;
pfltDevice->Characteristics = pLowerDevice->Characteristics;
pfltDevice->StackSize = pLowerDevice->StackSize + 1;
pfltDevice->Flags |= pLowerDevice->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO | DO_POWER_PAGABLE);
pfltDevice->Flags = pfltDevice->Flags & (~DO_DEVICE_INITIALIZING);
// 移动到下个设备
usbDevice = usbDevice->NextDevice;
}
ObDereferenceObject(usbDriver);
KdPrint(("Attach OK!\n"));
return STATUS_SUCCESS;
}
网上也搜了下,结果没什么收获,
看了下ms的例子,是用wdm写的.attach到低层的驱动.
能过滤到pnp例程.却不能过滤读写?
是不是attach到上层驱动就不可以过滤还是???
搞了一整天,快吐血了.......
|
|
提升卡
变色卡
千斤顶
1/8 
京公网安备 11010802033920号
Copyright © 2005-2025 EEWORLD.com.cn, Inc. All rights reserved
