📄 minifiler开发心得 - laoka - 51cto技术博客-领先的it技术博客.htm
字号:
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><FONT
face=宋体><SPAN
style="FONT-SIZE: 10pt; COLOR: red">提高写代码的速度并不意味着设计简单<SPAN
lang=EN-US>!</SPAN></SPAN><SPAN lang=EN-US
style="COLOR: red"><o:p></o:p></SPAN></FONT></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
style="FONT-SIZE: 10pt"><FONT face=宋体>清楚的认识到利用<SPAN
lang=EN-US>Minifilter</SPAN>写文件系统<SPAN
lang=EN-US> </SPAN>可以提高开发速度,但并不降低设计难度<SPAN
lang=EN-US>.<o:p></o:p></SPAN></FONT></SPAN></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><FONT
face=宋体><SPAN style="FONT-SIZE: 10pt">它一系统列的</SPAN><SPAN
style="FONT-SIZE: 9.5pt">样板文件这样可以使写过滤驱动的速度大大提高<SPAN
lang=EN-US>.<o:p></o:p></SPAN></SPAN></FONT></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><FONT
face=宋体>但不要以为开发难度就降低了<SPAN lang=EN-US>,</SPAN>例如<SPAN
lang=EN-US>,</SPAN>你还是得理解过滤驱动是如何嵌入到<SPAN
lang=EN-US>Windows</SPAN>内核之中,如何与别的驱动进行协调的<SPAN
lang=EN-US>.</SPAN></FONT></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><FONT
face=宋体>在熟练的人手里<SPAN lang=EN-US>,Filter Manager</SPAN>可以发挥极大的作用<SPAN
lang=EN-US>,</SPAN>但<SPAN lang=EN-US>CAI BIRD</SPAN>手上将会使它变得危险<SPAN
lang=EN-US>!</SPAN></FONT></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
lang=EN-US><o:p><FONT face=宋体> </FONT></o:p></SPAN></DIV>
<H3 style="MARGIN: 12pt 0cm 0pt"><SPAN lang=EN-US
style="FONT-SIZE: 10pt; LINE-HEIGHT: 173%"><FONT face=Calibri>If
You're Writing a Lot of Code ‑ Check the
Documentation<o:p></o:p></FONT></SPAN></H3>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN
lang=EN-US><FONT face=Calibri>Filter Mangaer</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">急过滤驱动开发人员之后急,提供了大量过滤驱动开所要的库。比如说,若你要取得重命名之后文件的文件名</SPAN><SPAN
lang=EN-US><FONT face=Calibri>,</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">可以调用</SPAN><STRONG><SPAN
lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: "
Calibri?,?sans-serif??>FltGetDestinationFile
NameInformation().<o:p></o:p></SPAN></STRONG></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><STRONG><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">若你要取得共享文件名,可调用</SPAN></STRONG><STRONG><SPAN
lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: "
Calibri?,?sans-serif??>FltParseFileNameInformation()</SPAN></STRONG><SPAN
lang=EN-US style="FONT-SIZE: 10pt"><FONT
face=Calibri>.</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">你可以在写代码之前,查找</SPAN><SPAN
lang=EN-US><FONT face=Calibri>Flt</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">前缀的函数</SPAN><SPAN
lang=EN-US><FONT face=Calibri>,</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">说不定可以直接在</SPAN><SPAN
lang=EN-US><FONT face=Calibri>API</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">中找到你要的功能</SPAN><SPAN
lang=EN-US><FONT face=Calibri>,</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">哈</SPAN><SPAN
lang=EN-US><FONT face=Calibri>,</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">好爽的</SPAN><SPAN
lang=EN-US><FONT face=Calibri>!<SPAN
style="mso-spacerun: yes"> </SPAN></FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">尽量少用</SPAN><SPAN
lang=EN-US><FONT face=Calibri>Zw</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">系统函数</SPAN><SPAN
lang=EN-US><FONT face=Calibri>,Zw</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">系统在</SPAN><SPAN
lang=EN-US><FONT face=Calibri>Flt</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">中都有对应的函数</SPAN><SPAN
lang=EN-US><FONT face=Calibri>!</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">用</SPAN><SPAN
lang=EN-US><FONT face=Calibri>Flt</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">系统函数可以防止重入</SPAN><SPAN
lang=EN-US><FONT face=Calibri>!</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">长远来看</SPAN><SPAN
lang=EN-US><FONT face=Calibri>,</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">在</SPAN><SPAN
lang=EN-US><FONT face=Calibri>Vista</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">中</SPAN><SPAN
lang=EN-US><FONT face=Calibri>,Minifilter</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">轻松支持</SPAN><SPAN
lang=EN-US style="FONT-SIZE: 10pt"><FONT face=Calibri>Transactional
NTFS,</FONT></SPAN><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">传统驱动只好边上站着看看风景了?!</SPAN><SPAN
lang=EN-US style="FONT-SIZE: 10pt"><FONT face=Calibri>
Hahah...<o:p></o:p></FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN
lang=EN-US><o:p><FONT face=Calibri> </FONT></o:p></SPAN></DIV>
<H3 style="MARGIN: 12pt 0cm 0pt"><SPAN lang=EN-US
style="FONT-SIZE: 10pt; LINE-HEIGHT: 173%"><FONT face=Calibri>Unload
Frequently During Development<o:p></o:p></FONT></SPAN></H3>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">在</SPAN><SPAN
lang=EN-US><FONT face=Calibri>OSRONLINE</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">中</SPAN><SPAN
lang=EN-US><FONT face=Calibri>,</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">常有人问题到</SPAN><SPAN
lang=EN-US><FONT face=Calibri>”</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">当我们</SPAN><SPAN
lang=EN-US><FONT face=Calibri>Unload Minifilter</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">时</SPAN><SPAN
lang=EN-US><FONT face=Calibri>,</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">驱动挂起,</SPAN><SPAN
lang=EN-US><FONT face=Calibri>Unload</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">不下来</SPAN><SPAN
lang=EN-US><FONT face=Calibri>.”</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN
lang=EN-US><FONT face=Calibri>99%</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">的原因是驱动中还有资源没有释放,比如说</SPAN><SPAN
lang=EN-US><FONT
face=Calibri>LookAsideList,Context,Resource</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">等</SPAN><SPAN
lang=EN-US><FONT face=Calibri>.</FONT></SPAN></DIV>
<DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">利用</SPAN><SPAN
lang=EN-US><FONT face=Calibri>Driver Verifier</FONT></SPAN><SPAN
style="FONT-FAMILY: 宋体; mso-ascii-font-family: calibri; mso-hansi-font-family: calibri">可以检测到这类问题。</SPAN></DIV>
<H3 style="MARGIN: 12pt 0cm 0pt"><SPAN lang=EN-US
style="FONT-SIZE: 10pt; LINE-HEIGHT: 173%"><FONT face=Calibri>Use
Checked Kernel and Checked Filter Manager</FONT></SPAN></H3>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
lang=EN-US style="FONT-SIZE: 10pt"><o:p><FONT
face=宋体> </FONT></o:p></SPAN></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
lang=EN-US style="FONT-SIZE: 10pt"><o:p><FONT
face=宋体> </FONT></o:p></SPAN></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
lang=EN-US style="FONT-SIZE: 10pt"><o:p><FONT
face=宋体> </FONT></o:p></SPAN></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
style="FONT-SIZE: 10pt"><FONT face=宋体>若不检查参数<SPAN
lang=EN-US>,MiniFilter</SPAN>常会在文件打开时返回一个无效参数块<SPAN
lang=EN-US><o:p></o:p></SPAN></FONT></SPAN></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
style="FONT-SIZE: 10pt"><FONT face=宋体>在调试状态时<SPAN
lang=EN-US>,</SPAN>若出现无效参数块<SPAN lang=EN-US>,</SPAN>如下<SPAN
lang=EN-US>ASSERT</SPAN>会失败的<SPAN
lang=EN-US>.<o:p></o:p></SPAN></FONT></SPAN></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><FONT
face=宋体><SPAN lang=EN-US
style="FONT-SIZE: 10pt">FsRtlIsPagingFile((fileObject)) ||
((fileObject)->FsContext == NULL &&
FlagOn((fileObject)->Flags, FO_STREAM_FILE |
FO_DIRECT_DEVICE_OPEN)) ||
FltpIsWellKnownPagingFileName(fileObject)</SPAN><SPAN lang=EN-US
style="FONT-SIZE: 9pt"><o:p></o:p></SPAN></FONT></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
lang=EN-US style="FONT-SIZE: 10pt"><o:p><FONT
face=宋体> </FONT></o:p></SPAN></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
style="FONT-SIZE: 10pt"><FONT face=宋体>若<SPAN
lang=EN-US><o:p></o:p></SPAN></FONT></SPAN></DIV>
<DIV style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US
style="FONT-SIZE: 10pt"><FONT face=宋体>status =
FltQueryInformationFile(FltObjects->Instance,</FONT></SPAN></DIV>
<DIV style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US
style="FONT-SIZE: 10pt"><FONT
face=宋体>
FltObjects->FileObject,</FONT></SPAN></DIV>
<DIV style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US
style="FONT-SIZE: 10pt"><FONT
face=宋体>
&fileInfo,</FONT></SPAN></DIV>
<DIV style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US
style="FONT-SIZE: 10pt"><FONT
face=宋体>
sizeof(FILE_ALL_INFORMATION),</FONT></SPAN></DIV>
<DIV style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US
style="FONT-SIZE: 10pt"><FONT
face=宋体>
FileAllInformation,</FONT></SPAN></DIV>
<DIV style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US
style="FONT-SIZE: 10pt"><FONT
face=宋体>
&length);</FONT></SPAN></DIV>
<DIV
style="TEXT-JUSTIFY: inter-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN
style="FONT-SIZE: 10pt"><FONT face=宋体>在<SPAN
lang=EN-US>PreWrite</SPAN>中工作得好好的<SPAN lang=EN-US>,</SPAN>但在<SPAN
lang=EN-US>PreCreate</SPAN>中因为<SPAN
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -