📄 comspy.c
字号:
break;
case IOCTL_SERIAL_SET_LINE_CONTROL:
req = ExAllocatePool(NonPagedPool,sizeof(IO_REQ));
req->type=REQ_SETLINECONTROL;
// req->SizeRequested=sizeof(SERIAL_LINE_CONTROL);
req->SizeCopied=sizeof(SERIAL_LINE_CONTROL);
if(req->SizeCopied)
{
req->pData=ExAllocatePool(NonPagedPool,req->SizeCopied);
RtlCopyMemory(req->pData,Irp->AssociatedIrp.SystemBuffer,req->SizeCopied);
}
req->SizeTotal= sizeof(IO_REQ)+req->SizeCopied;
g_szCount=g_szCount+req->SizeTotal;
ExInterlockedInsertTailList(&g_data_lst, &(req->entry),&g_req_splock);
/////////////////////////////////////////////////////
memcpy(SystemVirtualAddress, &g_szCount, 4);
DbgPrint("ComSpy IoCtlCompletion OK Add Bytes %x \n",req->SizeTotal);
KeSetEvent(gpEventObject,0,FALSE);
break;
}
}
return STATUS_SUCCESS;
}
NTSTATUS IOCtrl_Write(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = STATUS_ACCESS_VIOLATION;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
DbgPrint((" Exit IOCtrl_Write routine\n"));
return STATUS_SUCCESS;
}
NTSTATUS IOCtrl_PnP(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = STATUS_ACCESS_VIOLATION;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
DbgPrint((" Exit IOCtrl_PnP routine\n"));
return STATUS_SUCCESS;
}
NTSTATUS IOCtrl_Power(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = STATUS_ACCESS_VIOLATION;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
DbgPrint((" Exit IOCtrl_Power routine\n"));
return STATUS_SUCCESS;
}
NTSTATUS IOCtrl_Read(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
NTSTATUS status;
KIRQL OldIrql;
BOOLEAN bIsEmpty;
BOOLEAN bEnd;
PIO_STACK_LOCATION IrpStack;
ULONG ControlCode;
ULONG InputLength,OutputLength;
PUCHAR pOutBuf;
ULONG nToReadBytes;
PLIST_ENTRY link;
PIO_REQ pReq;
// ULONG i;
DbgPrint("IOCtrl_Read Called \r\n");
KeAcquireSpinLock( &g_req_splock, &OldIrql );
bIsEmpty = IsListEmpty( &g_data_lst );
KeReleaseSpinLock( &g_req_splock, OldIrql );
if( bIsEmpty ) //读数据队列空
{
DbgPrint(("------ 数据队列为空 --------\n"));
status = STATUS_UNSUCCESSFUL;
return CompleteRequest( Irp, status, 0 );
}
else
{
IrpStack = IoGetCurrentIrpStackLocation(Irp);
ControlCode = IrpStack->Parameters.DeviceIoControl.IoControlCode;
InputLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
OutputLength= IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
DbgPrint("InputBufferLength: %d OutputBufferLength: %d\n", InputLength, OutputLength );
pOutBuf = (PUCHAR)Irp->AssociatedIrp.SystemBuffer;
link = ExInterlockedRemoveHeadList( &g_data_lst, &g_req_splock); //取 读数据
ASSERT( link );
pReq= CONTAINING_RECORD( link, IO_REQ, entry );
if(pReq->SizeTotal>OutputLength)
{
DbgPrint(("------ 所请求数据小于一包长度 --------\n"));
ExInterlockedInsertHeadList( &g_data_lst, link, &g_req_splock ); //数据未读完 回送至表头
status = STATUS_UNSUCCESSFUL;
return CompleteRequest( Irp, status, 0 );
}
nToReadBytes=0;
bEnd=FALSE;
while(nToReadBytes + pReq->SizeTotal <= OutputLength)
{
RtlCopyMemory(pOutBuf,pReq,sizeof(IO_REQ));
pOutBuf+=sizeof(IO_REQ);
ASSERT( pReq->pData );
RtlCopyMemory(pOutBuf,pReq->pData,pReq->SizeCopied);
pOutBuf+=pReq->SizeCopied;
nToReadBytes+=pReq->SizeTotal;
g_szCount-=pReq->SizeTotal;
ExFreePool(pReq->pData);
ExFreePool(pReq);
link = ExInterlockedRemoveHeadList( &g_data_lst, &g_req_splock); //取 读数据
if(link==NULL)
{
bEnd=TRUE;
break;
}
ASSERT( link );
pReq= CONTAINING_RECORD( link, IO_REQ, entry );
}
if(bEnd==FALSE)
{
//多取的一包回送表头
ExInterlockedInsertHeadList( &g_data_lst, link, &g_req_splock );
}
DbgPrint("------ 实际请求数据长度 %x-------\n",nToReadBytes );
status = STATUS_SUCCESS;
DbgPrint(("-------- Exit ReadIrp routine -----------\n"));
return CompleteRequest( Irp, status, nToReadBytes );
}
}
NTSTATUS CompleteRequest(IN PIRP Irp, IN NTSTATUS status, IN ULONG info)
{
// CompleteRequest
Irp->IoStatus.Status = status;
Irp->IoStatus.Information = info;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
NTSTATUS IOCtrl_IoCtl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
NTSTATUS status;
NTSTATUS ret;
ULONG info;
PIO_STACK_LOCATION IrpStack;
ULONG ControlCode;
ULONG InputLength,OutputLength;
HANDLE hEvent;
PVOID inputBuffer;
OBJECT_HANDLE_INFORMATION objHandleInfo;
LONG* outBuf;
PZT_DEVICE_EXTENSION pExt;
long dwRet;
IrpStack=IoGetCurrentIrpStackLocation(Irp);
pExt = (PZT_DEVICE_EXTENSION)DeviceObject->DeviceExtension;
ControlCode = IrpStack->Parameters.DeviceIoControl.IoControlCode;
InputLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
OutputLength= IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
DbgPrint("InputBufferLength: %d OutputBufferLength: %d\n", InputLength, OutputLength );
DbgPrint("ControlCode: %x, Irp: %x\n", ControlCode, (unsigned long)IrpStack);
status = STATUS_SUCCESS;
info = 0;
switch(ControlCode)
{
case IO_REFERENCE_EVENT:
inputBuffer = Irp->AssociatedIrp.SystemBuffer;
hEvent = (HANDLE) IrpStack->Parameters.DeviceIoControl.Type3InputBuffer;
DbgPrint("Event Handle: %x \n", hEvent);
status = ObReferenceObjectByHandle(
hEvent,
GENERIC_ALL,
NULL,
KernelMode,
&gpEventObject,
&objHandleInfo);
if(status != STATUS_SUCCESS)
{
DbgPrint("ObReferenceObjectByHandle failed! status = %x\n", status);
break;
}
DbgPrint("Referenct object sussfully!\n");
break;
case IO_DEREFERENCE_EVENT:
if(gpEventObject)
ObDereferenceObject(gpEventObject);
DbgPrint("Dereferenct object sussfully!\n");
break;
case IO_SET_EVENT:
dwRet=KeSetEvent(gpEventObject,0,FALSE);
DbgPrint("KeSetEvent sussfully! %x \n",dwRet);
break;
case IO_CLEAR_EVENT:
KeClearEvent(gpEventObject);
DbgPrint("KeClearEvent sussfully!\n");
break;
case IO_QUERY_EVENT_STATE:
DbgPrint("in KeReadStateEvent !\n");
outBuf = (LONG*) Irp->UserBuffer;
*outBuf = KeReadStateEvent(gpEventObject);
DbgPrint("KeReadStateEvent sussfully! Return %x \n",*outBuf);
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = sizeof(LONG);
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
case IO_GET_SHAREMEMORY_ADDR:
__try
{
pExt->UserVirtualAddress = MmMapLockedPages (pExt->MyMdl, UserMode );
*((PVOID *)(Irp->AssociatedIrp.SystemBuffer)) = pExt->UserVirtualAddress;
SystemVirtualAddress=pExt->SystemVirtualAddress; //保存用户地址
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = sizeof(PVOID);
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
DbgPrint("GET_SHAREMEMORY_ADDR Failed!\n");
return CompleteRequest(Irp, GetExceptionCode(), 0);
}
case IO_CLEAN_SHAREMEMORY_ADDR:
/////////////////////////////////////////
if(pExt->UserVirtualAddress)
{
MmUnmapLockedPages(pExt->UserVirtualAddress, pExt->MyMdl);
pExt->UserVirtualAddress = NULL;
}
break;
default:
break;
}
ret = CompleteRequest(Irp, status, info);
DbgPrint(("Leaving IoControl routine\n"));
return ret;
}
//----------------------------------------------------------------------
// ComSpy_Power
//----------------------------------------------------------------------
NTSTATUS ComSpy_Power(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
PDEVICE_EXTENSION devExt;
NTSTATUS status = STATUS_SUCCESS;
DbgPrint(("+ Enter ComSpy Power routine\n"));
if(DeviceObject->DeviceType==FILE_DEVICE_COMPORT)
{
return IOCtrl_Power(DeviceObject,Irp);
}
devExt = (PDEVICE_EXTENSION) DeviceObject->DeviceExtension;
// Let the next power IRP out of the gate
PoStartNextPowerIrp(Irp);
// Pass this power IRP to the class driver
IoSkipCurrentIrpStackLocation(Irp);
status = PoCallDriver(devExt->TargetDeviceObject, Irp);
DbgPrint("- ComSpy_Power Exit 0x%0x \r\n", status);
return status;
}
//----------------------------------------------------------------------
// ComSpy_PnP
//----------------------------------------------------------------------
NTSTATUS ComSpy_PnP(IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp)
{
PDEVICE_EXTENSION devExt;
PIO_STACK_LOCATION irpStack;
NTSTATUS status = STATUS_SUCCESS;
// KIRQL oldIrql;
// KEVENT event;
DbgPrint(("+ Enter ComSpy Pnp routine\n"));
if(DeviceObject->DeviceType==FILE_DEVICE_COMPORT)
{
return IOCtrl_PnP(DeviceObject,Irp);
}
devExt = (PDEVICE_EXTENSION) DeviceObject->DeviceExtension;
irpStack = IoGetCurrentIrpStackLocation(Irp);
switch (irpStack->MinorFunction)
{
case IRP_MN_REMOVE_DEVICE:
// Detach from the target device after passing the IRP down
// the devnode stack.
DbgPrint("IRP_MN_REMOVE_DEVICE Called \r\n");
IoSkipCurrentIrpStackLocation(Irp);
IoCallDriver(devExt->TargetDeviceObject,Irp);
IoDetachDevice(devExt->TargetDeviceObject);
IoDeleteDevice(DeviceObject);
status = STATUS_SUCCESS;
break;
case IRP_MN_SURPRISE_REMOVAL:
// Same as a remove device, but don't call IoDetach or IoDeleteDevice.
IoSkipCurrentIrpStackLocation(Irp);
status = IoCallDriver(devExt->TargetDeviceObject, Irp);
break;
case IRP_MN_START_DEVICE:
DbgPrint("IRP_MN_START_DEVICE Called \r\n");
IoSkipCurrentIrpStackLocation(Irp);
status = IoCallDriver(devExt->TargetDeviceObject, Irp);
break;
case IRP_MN_QUERY_REMOVE_DEVICE:
case IRP_MN_QUERY_STOP_DEVICE:
case IRP_MN_CANCEL_REMOVE_DEVICE:
case IRP_MN_CANCEL_STOP_DEVICE:
case IRP_MN_FILTER_RESOURCE_REQUIREMENTS:
case IRP_MN_STOP_DEVICE:
case IRP_MN_QUERY_DEVICE_RELATIONS:
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -