再次深入理解IRP
过滤驱动与IRP处理方式我们关系这个IRP的处理结果 就用这个
a.Pending完成例程
IoCopyCurrentIrpStackLocationToNext +完成例程
Pending完成例程
KEVENT event;
KeInitializeEvent(&event, NotificationEvent, FALSE);
IoCopyCurrentIrpStackLocationToNext(Irp);
IoSetCompletionRoutine(Irp,
CompRoutine,
&event,
TRUE,
TRUE,
TRUE
);
status = IoCallDriver(DeviceObject, Irp);
if (status == STATUS_PENDING)
{
status = KeWaitForSingleObject(&event,
Executive,
KernelMode,
FALSE,
NULL
);
ASSERT(NT_SUCCESS(status));
status = Irp->IoStatus.Status;
}
回调例程
NTSTATUS
CompRoutine(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
PKEVENT event = Context;
Irp->UserIosb->Status = Irp->IoStatus.Status;
Irp->UserIosb->Information = Irp->IoStatus.Information;
KeSetEvent(event ,
IO_NO_INCREMENT, FALSE);
//IoFreeIrp(Irp);
return STATUS_MORE_PROCESSING_REQUIRED;
}
b.忽略直接下发
IoSkipCurrentIrpStackLocation,下层设备拿到的IO_STACKLOCATION 和当前的一样
对IRP没有任何改动的时候,比如放行:
PDEVICE_EXTENSION deviceExtension;
IoSkipCurrentIrpStackLocation(Irp);
//拿到保存在设备扩展里的下层设备
deviceExtension =
(PDEVICE_EXTENSION) DeviceObject->DeviceExtension;
//下发
return IoCallDriver(
deviceExtension->TargetDeviceObject,
Irp);
c.结束IRP不下发
PIO_STACK_LOCATION irpStack = IoGetCurrentIrpStackLocation (Irp);
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IoCompleteRequest( Irp, IO_NO_INCREMENT );
d.手动构建IRP
IoAllocateIrp
IoGetNextIrpStackLocation
IoAllocateIrp /IoBuildDeviceIoControlRequest
IoGetNextIrpStackLocation
//例子:
//强制删除文件
//Sfilter里查询文件名字
错误的下发:
下发后就没有访问这个IRP的权限了 必须等待 和设置完成例程 例程中必须返回STATUS_MORE_PROCESSING_REQUIRED
// Forward request to next driver
IoCopyCurrentIrpStackLocationToNext( Irp );
// Send the IRP down
status = IoCallDriver( nextDevice, Irp );
// The following is an error because this driver
// no longer owns the IRP.
If (status == STATUS_PENDING)
{
IoMarkIrpPending( Irp );//错误,无权操作Irp了
}
// Return the lower driver’s status
return status;
页:
[1]